This image below shows the actual body of the email from my gmail business account. There is always an option to "show images" when there are embedded items. Either that, it will come up with blank boxes with the small "X" icon showing the image is "broken" or unable to be opened. As you can see, there is nothing. The biggest thing is, the sender email. I visited the site for form-ppl-cmd.com and its nothing but an index with a .php file you can't access remotely. Also, they know your first and last name and they use it... if not that, they use your account name instead of "Dear PayPal member." Come one now... Continuing through the email, it states that you have to download a file and open in your web browser. Then you have to provide some information to restore your account.
Here is the part where some people get screwed... Once you download this file, it brings you to this next image where you have to fill in the *required spaces:
This was the document straight from the email. I used fake information and entered it in. Only thing real is the zip code... frankly there isn't much you can use that isn't real. 12345 is in New York. And the expiration is just a joke... 12/2012... expected end of the world? Yeah, a bit much, but I went there. Anyway, when you have to enter in security details as such, normally they make you CALL a number or LOG IN to your account before proceeding, but this just asks for your details immediately after you open the doc. And not all PayPal accounts are opened with credit cards. It can be opened with any bank account as well. And not all cards have 16 digits. American Express would be one. And I am sure there are some people that fall for this all the time too! After you submit, it bring you to a paypal page, which still isn't a good idea to use after the redirect from the other form. Its just out of context to get the option to log in to your account AFTER submitting that information... Very very fishy, don't you think? Unfortunately, some people didn't think it was odd at all until it was too late.If you get any emails that ask for your information, whether it be PayPal, credit card companies, banks, or anything for that matter, make sure the sender's email matches. Even this can be a problem, so visit the website and get a telephone number to just call it in. Sure the service sucks and you end up having to wait nearly an hour before helped, but this is definitely better than talking with someone you think is real and your life is ruined the next day. Always ask questions to why they are contacting you and what the problem is exactly. Don't give vital information out such as credit cards, full social security numbers, or anything like that. All they will need is your email verification, full name, and sometimes an address depending on the concern. They should already have the rest of the information on hand.
If you ever get one of these emails from PayPal, you can forward the email to spoof@paypal.com and they will take care of the rest. You can also fill in their form to report an actual website for fraud. Check out a website where you have an account and see what they are doing to keep you safe from fraud and identity theft.
Stay safe!
No comments:
Post a Comment