Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Warning - PayPal spoof/phishing emails!

  • Please log in to reply
1 reply to this topic

#1 RevGAM


  • Members
  • 723 posts
  • Gender:Male
  • Location:Milwaukee, Wisconsin, USA
  • Local time:05:16 AM

Posted 09 September 2016 - 10:55 PM

Everyone knows that looking at emails carries with it risks.  Embedded photos that link to hostile websites, worms that are activated by the preview pane of your email program, scams that offer you tons of money, phishing/con emails that attempt to somehow get your confidential data, and more are all reasons why it pays to use the spam filter and have sufficient computer protection.

But we are the weak link.  We are the thing that usually makes our computers infected.  Criminals know that.  They use spoofing, imitating legitimate materials and psychological tricks to make us think their emails are legitimate.  Some are easy to spot, but others are pretty tricky.  When you get an email, it's best NOT to click on any links - even if it's from someone you know because they may have been hacked.  If you want to, go directly to the website in question if it is a well-known website by typing in the address to the main page.  Don't be tempted to click!

Below is an example of a confidence scam, spoof, phishing and psychological BILINGUAL(Indonesian first, then English) email I just got that purports to be from PayPal.  I've already reported it to spoof@paypal.com.  Be wary!


Some telltale signs of trickery:
1) If this is from PayPal, why don't they use the usual email address @paypal.com instead of @mail.paypal.com?
2) Since when does PayPal use epl.paypal-communication.com instead of www.paypal.com?  Even the logo doesn't link to www.paypal.com like in every email from PayPal.  The email I got from PayPal the other day didn't have that.
3) Why would they mis-type my family name suffix "II"?  It's not wrong on official emails from PayPal.
4) Why do they include a note about phishing/spoofing?  Normal emails from PayPal don't have that.  It's a red flag.
5) Why is it bilingual? PayPal never sends me bilingual messages.  Someone has created a database that shows I speak both languages.
6) I find the phishing explanation phishy, too.  PayPal didn't include that in other emails to me.
There are other possible indicators in the Indonesian version, such as "Seperti biasa".  Here's the phishing email I received.  Note that not even the PayPal logo links to www.paypal.com.

I hope it helps.

Be aware that there are lots of scams on social media, too!
Kami memiliki pembaruan di halaman Pembaruan Kebijakan.
Yth. Glenn Allan Mc Grew Ii,
Baru-baru ini kami memperbarui halaman Pembaruan Kebijakan. Untuk melihat rincian perubahan tersebut, kunjungi halaman Pembaruan Kebijakan, atau klik tautan footer 'Hukum' di setiap halaman PayPal dan pilih 'Pembaruan Kebijakan'.
Seperti biasa, Anda dapat menghubungi kami jika memerlukan bantuan atau memiliki pertanyaan. Kami selalu siap membantu.
Terima kasih telah menjadi pelanggan Paypal.
Hormat kami,
Demi memastikan bahwa Anda dapat menerima email kami, tambahkan @mail.paypal.com & @paypal-exchanges.com ke dalam daftar pengirim yang aman. Untuk informasi lebih lanjut, klik di sini.
Bagaimana cara mengetahui email penipuan (spoof)?
Email penipuan (spoof) atau "phishing" biasanya menggunakan sapaan umum, seperti "Ang-gota PayPal yang terhormat". Email dari PayPal akan selalu mencantumkan nama depan dan nama belakang Anda. 
Selengkapnya tentang phishing
Jangan balas email ini. Kami tidak dapat memberikan tanggapan atas pertanyaan yang di kirimkan ke alamat ini. Untuk jawaban langsung atas pertanyaan Anda, kunjungi Pusat Bantuan kami dengan mengklik "Bantuan" pada bagian atas halaman PayPal manapun.
Saran untuk konsumen: PayPal Pte Ltd, Pemilik fasilitas nilai tersimpan layanan pembayaran PayPal, tidak memerlukan persetujuan Monetary Authority of Singapore. Konsumen (pengguna) disarankan untuk membaca syarat dan ketentuan dengan cermat.
Hak cipta © 2016 PayPal. Semua hak dilindungi undang- undang.
Glenn Allan Mc Grew Ii – We have updates on our Policy Update page.
We have updates on our Policy Update page.
Dear Glenn Allan Mc Grew Ii, 
We've recently updated our policy page. To view the details of what's been changed, visit our Policy Update page, or click on the 'Legal' footer link on any PayPal page and select 'Policy Update'.
As always, if you need help or have any questions, feel free to contact us. We're always here to help.
Thank you for being a PayPal customer.
Yours sincerely,
To ensure that you are able to receive our emails, please add @mail.paypal.com & @paypal-exchanges.com to your safe senders list. For more information, please click here.
How do I know this is not a fake email?
Emails from PayPal will always address you by your surname and given name. Fake or "phishing" emails tend to have generic greetings such as "Dear PayPal member". If unsure, forward the suspicious email to spoof@paypal.com and we will let you know if it's really coming from us or not. 
Read more about Phishing 
Please do not reply to this email. Unfortunately, we are unable to respond to inquiries sent to this address. For immediate answers to your questions, simply visit our Help Center by clicking "Help" at the bottom of any PayPal page.
Consumer advisory - PayPal Pte. Ltd. the holder of PayPal's stored value facility does not require the approval of the Monetary Authority of Singapore. Users are advised to read the terms and conditions carefully.
Copyright © 2016 PayPal. All rights reserved.

Namaste, Peace & Love,

If I have frustrated you, then I must be a student. If I've imparted information or a skill to you, then I must be a teacher. If I've helped you, then I must be a volunteer. If I've touched your life, then I must be happy!
If you had to choose between saving just your family, or saving 10,000 GOOD people (but not your family), what would you choose?

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,070 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:16 AM

Posted 10 September 2016 - 03:32 PM

PayPal Email Scam Resources:
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users