Paypal Users Beware!

Be on the lookout in your inboxes for this scam which is making its rounds. It will appear to be an email from Paypal notifying you that your account has been ‘limited’. It will further request that you download the attached file and launch it in your browser to start the recovery process. But all this should be raising red flags.

1) Paypal doesn’t ‘limit’ your account. If there’s was a true problem, they would simply suspend the account.

2) Never do things from your email. Always go to the website on your own, by typing the address yourself, to solve any account problems. This is especially true for Paypal, bank websites, or any other account which has your credit card information stored in it.

3) Never download or run attachments in an email you didn’t specifically ask for. This includes emails from friends, paypal, IRS, CIA, or the Pope himself. The only exception might be image files like .jpg .gif .png .bmp (but only if you recognize the file types as images).

4) When something sounds strange, look into it further. You can usually click near the sender’s name to get more information about the originating email account.

Now that our scam detector has been tripped, let’s look at this a little more:

1) The additional email account details reveal that although they email sender’s name is ‘service@paypal.com’ (trying to trick you into thinking that it’s the email), the sender’s email is actually windwos@live.com The sender’s email should be from a @paypal.com address, so this is obviously not from Paypal.

2) Using windwos@live.com, they are hoping you’ll confuse that misspelling with being windows@live.com, which sounds safe, even though it still has nothing to do with Paypal.

3) They asked us to download and launch the attachment, so let’s look at what it is they want us to launch. It’s a webpage file (.htm), which is even worse than a link since it runs on your computer where it can do more damage snooping around with access normal things on the web can’t get to. Never never never open a webpage attached to an email!

So what’s the purpose of this email scam? It’s to get you to launch the attached webpage, which will look like a paypal login screen, so that you’ll login. By doing so, you will be sending your login information directly to the scammer’s where they will hijack you account and spend all your money. The tragic part is that they can use redirects after the login page to land you into your paypal account screen, and you may never know that something happened until your money starts disappearing!

Luckily, since the first email I received (there have been a couple at this point), services like Gmail are already sending them to the spam folder and marking them as malicious. If the worst has happened, and you followed the email’s instructions, you need to IMMEDIATELY go to your paypal account and CHANGE YOUR PASSWORD! This will lock out the scammers from getting in. However, it may still be a good idea to submit a support ticket to paypal to let them know that the account might have been temporarily compromised. The overly cautious may want to also change other sites where you normally use the same password (scammers often assume correctly that the same email/password combination that works for paypal will work on other sites too).

Here’s a copy of the email itself: