Posted by: jinoe | February 5, 2008

Victim

I should have known better but I am a victim of a phishing email. 

I opened a Paypal account last year when I started purchasing some items on the web.  Before,  Philippine accounts can only send money using Paypal.  We cannot receive money yet.

Last October 5, 2007, I received an email from Paypal announcing that Philippines accounts can now receiving funds.  This was much to the delight of Filipinos who have a business online.  I then started getting foreign clients for my ambigrams designs.

A few days later, October 10, 2007, I received an email from Paypal with the subject “Verify your identity”.

Dear PayPal,
We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address.

If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you did not initiate the log ins, please visit PayPal as soon as possible to verify your identity:

https://www.paypal.com/us/cgi-bin/webscr? cmd=_login-run

Verify your identity is a security measure that will ensure that you are the only person with access to the account.

Thanks for your patience as we work together to protect your account.

Sincerely,
PayPal
———————————————–
                    PROTECT YOUR PASSWORD
   NEVER give your password to anyone and ONLY log in at https://www.paypal.com/. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.
———————————————–    

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the “Help” link in the header of any page.

PayPal Email ID PP321

At that time, I really thought this was an authentic email from Paypal.  I wasn’t treavelling at that time.  But our IP address in the office is not reflecting a Philippine IP but that of a different country.  And since I had logged in to Paypal at the office and at home, I thought that this was a valid inquiry by Paypal.  So I followed the website and placed my email address and my password.  Damn!

But right now, I can instantly smell that something really fishy happened here.  The email was only in text format.  Paypal sends me emails in html format.  The email address was different from the ones Paypal used to send me.  The salutation reads Dear Paypal, but Paypal addresses me with my full name in my emails.  And the website link was not directed to Paypal, but through another website (try clicking to it).  I can’t remember how the website looked like.  Today, it doesnt exist anymore.

Fortunately, I don’t have any funds in my Paypal account at that time.  But I am worried about my credit card which I used to verify my account.  And I am also worried that they might login to my account again and find that I have some funds already.

I only realized my mistake when I received an email today from Amazon with a similar message.  Since I dont have an account with Amazon, I know it was a phishing email.  Then I remembered this email.  I hurriedly looked into my inbox for the email.  When I found it and when I clicked on the broken link, I know I am in trouble. 

I immediately changed my password and reported the email to Paypal.  I am not sure if I am still secured but that is the least that I can do for now.  I am planning to open another Paypal account also just to be sure.

Here is the anatomy of a phishing email that I recieve.  These are very basic but very often overlooked.  Just like what happened to me.  It may not be true today since those guys knows how to update their tactics also.  But I hope it helps. 

  1. They used a different email address.  They used a similar one which was PayPal@service.com.  Paypal used paypal@email.paypal.com or service@intl.paypal.  But dont be too sure about this also.
  2. The email was in txt format.
  3. It only says Dear Paypal and was not using my Full Name.
  4. The link to the website address was not Paypal.  It has a paypal on it but it was not Paypal.
  5. They asked for my password.  Paypal says that they wouldn’t do that.

Here’s a additional site from Paypal https://www.paypal.com/fightphishing.

I thought I am smart enough not to fall into this scam.  But here’s is a proof that I am not.  So you should also be careful.  You should ALWAYS be careful.

Advertisements

Responses

  1. arg! muntikan na!

  2. This same modus also came to my knowledge when our UP Webmail tech support sent us a warning about a scam email spread throughout our webmail asking all of us to confirm our passwords. It doesn’t involve money as yours with PayPal but it is still scary.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: