Another scam that targets online shoppers who use the eBay Inc. PayPal Internet payment service is circulating on the Internet, according to reports from those who have received the suspicious e-mail and to messages posted to online discussion groups.
|<?php virtual(“/includes/boxad.inc”); ?>
PayPal did not respond to requests for comment.
The e-mail appears to come from “firstname.lastname@example.org” and has a subject line that reads “Your PayPal account is Limited.” The body of the message reads, in part: “PayPal is currently performing regular maintenance of our security measures. Your account has been randomly selected for this maintenance, and placed on Limited Access status.”
Recipients are asked to provide their PayPal account information, credit card number and bank account number using a form in the body of the e-mail message. A button is provided to “log in” to PayPal’s site and update the information.
The message is designed to look like it was generated by PayPal, using graphics from the PayPal Web site and similar fonts and colors as legitimate PayPal correspondence. A boilerplate statement about receiving notifications is even supplied at the end of the message, with links to PayPal that allow the recipient to modify their notification preferences.
“It was formatted really nicely. It had the right colors for the PayPal site and there weren’t any obvious grammar mistakes,” said Karawynn Long, a writer and Web designer in Seattle, who received one of the apparent scam e-mail messages. Long was almost fooled by the message into entering her account information.
“The subject of the e-mail was odd. But it was early in the morning. Pre-coffee,” Long said.
Suspicious of being asked for her confidential account information, however, Long used her e-mail program to view the message’s HTML (Hypertext Markup Language) source code. That search revealed that information submitted using the form would go to a host server with a domain name ending in .ru, the domain suffix for Russia, according to Long.
“When I viewed the source I could see (the scam), but how many people view the source on their e-mail?” Long said.
Scams targeting PayPal are common, according to Matt Sergeant, senior antispam technologist at MessageLabs Ltd. in Gloucester, England.
“They were one of the first Internet banks and they have an awful lot of customers,” Sergeant said.
That means that spammers who blanket the Internet with millions of scam e-mail messages are likely to catch quite a few PayPal customers in their net, according to Sergeant. Still, this most recent message’s professional appearance and careful attention to detail are not the norm, Sergeant said.
“What you have there really is the top tier of intelligence as far as spammers go. Most spammers are pretty stupid and easy to spot,” Sergeant said.
Users who receive such an e-mail should contact PayPal to report the scam at
PayPal customers who have been defrauded should report the theft to the U.S. Federal Bureau of Investigation, Sergeant said.