The whole article can be read here. http://www.us-cert.gov/current/index.html#...phishing_attack. Not sure if this is a repost but I know alot of people on here use Paypal so its a must read. Its a pretty "primitive" attack for "those in the know" but I just wanted to make sure the word was spread....Cheers! :-)



Original release date: April 1, 2008 at 10:22 am
Last revised: April 1, 2008 at 10:22 am


US-CERT has seen reports of a phishing attack that targets PayPal
users. The attack arrives via an unsolicited email message containing
an HTML attachment. The message indicates that the attachment is a
verification form intended to offer the user protection from
fraudulent activity. Users who open the attachment are instructed to
enter their email address and PayPal password. This information is
then sent to an attacker.

US-CERT encourages users to do the following to help mitigate the
risks:
* Install anti-virus software and keep virus signatures up to date.
* Do not open unsolicited email messages.
* Refer to the Recognizing and Avoiding Email Scams document for
more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

====
This entry is available at
http://www.us-cert.gov/current/index.html#...phishing_attack

 

Man, I cant believe people still look at e-mails like that. Open your eyes and think before doing.

 

True... but you wouldnt believe some of the traffic I used to catch at work on the IDS sensors (Dragon,Snort and ISS).

 

The email makes it looks like someone purchased an iPod using your PayPal account. All you have to do is look at the site the links take you to... it's a numerical IP address followed by www.paypal.com/yadda yadda yadda. The IP at the front is a dead giveaway it's fake.

 

I have gotten a few of those over the past. They usually get filtered into the spam box.

 

I never use PayPal, they are a rip-off! Can't sell something more than $500 without upgrading to a "premier" account, which allows PayPal to tack on a fee equal to 4% of whatever you're paid!

 

They only charge 2.9% plus 30 cents on each payment you receive...that's not that bad. Paypal is much safer than using a credit card for online purchases.

 

Using your credit though paypal is safe, but using paypal with a linked bank account is not so much. If paypal can't retract the money they just say too bad. Your credit card co will fight for you and almost always get you your money back.

 

I just did that with BB&T, and they even credited me the disputed amount while they did their investigation.

2.9% is still unacceptable. I can do online check and money order deposits right from my home on my computer scanner (USAA Federal Savings Bank), so bye-bye PayPal!

 

I get e-mails like this and ones from eBya that are pretty much the same thing. I just make sure the are marked spam and go on with my business