Don't be phished - Check your email headers when it's important

A

Asgorath

[H]ard|Gawd
Joined
Jul 12, 2004
Messages
1,253
I just want to remind everybody that when you are dealing with important things meaning financials, medical, or anything of the sort, please please please check your email headers.

Here's my story of the day that proves this...

I was selling an expensive Cell Phone the other day on ebay. Within a day someone bought it for my relatively high 'buy it now' price. Cool...good stuff. A day goes by and I get an official email from 'paypal' saying he has made payment. But the text looked a little funny to me, so I look in the header of the email. The header says it came from <not gonna tell you>@accountant.com . Which to make a long story short, tells me nothing except that this guy is trying to scam me. I check my paypal account and no funds have been added by him.

He then proceeds to email me and asks for my address so he can send his own parcel service to come pick up the goods. Remember now that I don't yet have his address. This confirms yet again that he is trying to scam me.

To recap so far....He sends me an authentic looking (but fake) paypal confirmation email, then doesn't give me his address, then asks if he can do pickup on the goods (so it 'doesn't inconvience me').

I'm pretty tech savvy, so I caught onto this act, but many people out there aren't. I'm going to try and bait him around and give him a chance to make good on his purchase. If he doesn't make good I'm going to report thisas fraud, pass on all my evidence, and hope to god he gets in trouble for this.

Trying to cheat me out of a few hundred dollars isn't cool in my book.
 
Well, I just realized that paypal payment confirmations never have a paypal address in the 'from' header. That was my mistake. But it still doesn't make sense how the email would say 'payment confirmed', but yet my paypal account doesn't show the money showing up.

Still seems phishy to me.
 
With anything important (any kind of paperwork with my name, phone number and other kind of info) I basically tell people to fax/mail it to me or go STFU and deal with someone else. Ebay? I use money order occasionaly, palpal for small purchases.

Ive also asked people to leave a phone number (if someone is going to be sending me anything slightly important). Then I can pull out my phone card, call them for 2 or 3 cents a minute (or whatever the going rate is) "yeah I got this email from you... Ok... uh huh..".

Good example awhile back, with enterasys. They send me an email saying they needed access to my terminal, to try different things with my switch so they could figue out whats going on with my network. They sent me some program, .EXE, and wanted me to install that and email them back. Called them up, gave them my case number, and verified with the tech guy that emailed me, that yes this was from them and they walked me through what I needed to do.

I could go on and on, ive got many emails from ebay "You've won item ___, payment has been sent". One was some $480.00 camera, and all the links to "verify your account here" lead to some weird site, of course with 404 errors.

People are always out there trying to bone your bank account, Just keep your eyes open and pay attention to what your doing.
 
as an update, this guy is still trying to pay me but ebay randomly cancelled his account....very interesting
 
email him a stealthed keylogger if he doesnt give you his address and non-cell phone number by tomorrow


:)


[F]old|[H]ard
 
I almost fell for one of these.. authentic (looking) email from paypal saying it's time to change my password.. just click here to do it. Well.. you clicked there and it looked excatly like a paypal site, but then I saw the address bar and it had nothing to do with paypal.. If I didn't see that I would have fallen for it.. now Im *alot* more careful. I also sent a email to paypal letting them know someone is phising.

When I get home tonight, I'll see if I still ahve that message in the sent box and post the email so you can all see how it looked like :)
 
Here is the information paypal sent me on how to handle this in the future:

************************************************************************
Please do not reply to this e-mail. Mail sent to this address will not
be answered.


************************************************************************

PayPal appreciates you bringing any suspicious activity to our
attention.

Unfortunately, we are unable to properly respond to any emails that are
sent to this address. Please follow the instructions below in order to
report any suspicious activity involving PayPal or its customers.

1. Go to https://www.paypal.com

2. Click the 'Security Center' link at the bottom of the page

3. Click 'Report a Problem'

4. Select the proper Topic and Subtopic related to your issue

5. Complete appropriate webform and click 'Submit'

If you have received a suspicious email, we are requesting that you
forward a copy of the email to us at [email protected].

Rest assured, PayPal will promptly investigate the activity you have
reported. We thank you for your concern and assistance in making PayPal
the most trusted online Payment service on the internet.

* * * * * * * * * * * * * *

PayPal and its representatives will NEVER ask you to reveal your
password. There are NO EXCEPTIONS to this policy. If anyone claiming to
work for PayPal asks for your password under any circumstances, by email
or by phone, please refuse and immediately contact us via webform at
https://www.paypal.com/wf/f=sa_pass.

Sincerely,

PayPal, Inc.


This email is sent to you by the contracting entity to your User
Agreement, either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe)
Limited is authorised and regulated by the Financial Services Authority
in the UK as an electronic money institution.
Click to expand...
 
yup, i am rather "tech savy" and almost fell for 1 of those ebay confirming your account because of suspicious activity. well, when they asked for the my credit card info on the site, i said, nope and contacted ebay immediately. unfortuneately for me, that account was closed. no big deal since i dont ebay all that much and its "so hard" to open a new account.
 
You must log in or register to reply here.
Back
Top