Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#326527 - 05/10/2009 14:21 Am I being Phished at PayPal?
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5546
Loc: Ajijic, Mexico
I went to log into PayPal this morning, and am pretty sure I was at the official PayPal website: (https://www.paypal.com/) and after entering my password, I was redirected to a "Security Check" website. See the attached screenshot.

It seemed very strange to me that PayPal would be asking me to enter credit card number and bank information that they already have on file for me, so I refrained from doing so, copied the screen, and logged back out.

I can't forward the screen shot to PayPal because I can't log into PayPal without divulging the information they (or someone) wants me to send.

Is this legitimate? How can I find out?

tanstaafl.


Attachments
PayPal-W960.jpg




Edited by tanstaafl. (05/10/2009 14:25)
Edit Reason: Re-size attachment
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#326531 - 05/10/2009 14:37 Re: Am I being Phished at PayPal? [Re: tanstaafl.]
JBjorgen
carpal tunnel

Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
In a perfect world, you just look at the certificate and make sure it's valid.

Try giving them a call:
1-888-221-1161
_________________________
~ John

Top
#326533 - 05/10/2009 14:53 Re: Am I being Phished at PayPal? [Re: tanstaafl.]
peter
carpal tunnel

Registered: 13/07/2000
Posts: 4180
Loc: Cambridge, England
Originally Posted By: tanstaafl.
I can't forward the screen shot to PayPal because I can't log into PayPal without divulging the information they (or someone) wants me to send.

According to their website, you should email it to spoof@paypal.com.

I agree this looks very strange, but if it is a phish I'd also love to know how they've done it given the precautions you've taken.

Peter

Top
#326534 - 05/10/2009 14:56 Related question [Re: JBjorgen]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
I have a related PayPal question from my Dad:

"Help!

I am trying to change my credit card number on PayPal. When I log on to my account I get this message:

We are currently performing regular maintenance of our security measures. Your account has been randomly selected for this maintenance, and you will now be taken through a series of identity verification pages.

It then asks me for my current credit card number ending in 061. This account has been closed due to fraudulent withdrawals and I don’t know the number.

I have tried contacting them by their email link, but it only allows one sentence.

I have tried to phone but this requires a Pin number. Following their link to get a Pin I get the above message.

I have tried to create a new account but it says that an account for ken@blahblahblah.cx already exists."

Any clues ?
_________________________
Remind me to change my signature to something more interesting someday

Top
#326536 - 05/10/2009 15:16 Re: Am I being Phished at PayPal? [Re: JBjorgen]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5546
Loc: Ajijic, Mexico
Originally Posted By: JBjorgen
In a perfect world, you just look at the certificate and make sure it's valid.

Try giving them a call:
1-888-221-1161


Certificate? Valid? You are talking about things I don't understand here.

I called the number, and a person representing himself as PayPal answered and assured me that it is legitimate. The reasoning is they want to make sure that the person making the payment really is the account holder, otherwise if I had your PayPal user ID and password I could make a fraudulent payment to myself and then skip the country. Hmmm... Mexico sounds nice. smile

I am still suspicious. The PayPal home page has a nice little donation window near the bottom to send relief money to the Phillipines. I don't recall that sort of humanitarian concern on PayPal's website in the past.

And now, as part of their Security Check, they want me to enter and confirm a new password and enter new authentication answers to some pretty non-useful questions.

I'm not happy about this.

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#326537 - 05/10/2009 15:20 Re: Related question [Re: andy]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5546
Loc: Ajijic, Mexico
Originally Posted By: andy

I have tried to phone but this requires a Pin number. Following their link to get a Pin I get the above message.


The phone number that JBjorgen gave (1-888-221-1161) worked without a PIN number.

There isn't any way that phishers could spoof a secure website AND a phone number is there?

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#326538 - 05/10/2009 15:30 Re: Related question [Re: tanstaafl.]
JBjorgen
carpal tunnel

Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
That's the number I got from the "contact us" page when I logged in to my account.

I have to assume this is legit, although I agree...it seems as if they should be able to find another way to verify your identity (ie...secret question).

BTW. The other reason that I'd be fairly sure this is coming from paypal is that they present the bank name and the last few numbers, indicating that they already know the account number. If a phisher has that info, there's not much else you could provide them that would help.
_________________________
~ John

Top
#326539 - 05/10/2009 15:59 Re: Related question [Re: JBjorgen]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5546
Loc: Ajijic, Mexico
Originally Posted By: JBjorgen
That's the number I got from the "contact us" page when I logged in to my account.

I have to assume this is legit, although I agree...it seems as if they should be able to find another way to verify your identity (ie...secret question).

BTW. The other reason that I'd be fairly sure this is coming from paypal is that they present the bank name and the last few numbers, indicating that they already know the account number. If a phisher has that info, there's not much else you could provide them that would help.


Yes, but all they present is the last four digits of the number... anybody who had somehow hacked into my PayPal account would have access to that information.

If this really is a genuine phishing expedition (unlikely) the perpetrator now has my full bank account number, my new password, and authentication questions and answers.

What is unsettling is that Snopes lists this as a PayPal scam dating back to 2003. The wording in the scam is practically identical to the wording on the web page I was redirected to.

What makes me pretty sure it was NOT phishing is that I can now log into PayPal with my NEW password. And I am pretty sure it IS the PayPal site I logged into because I can list my transactions.

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#326542 - 05/10/2009 16:37 Re: Related question [Re: tanstaafl.]
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
Originally Posted By: tanstaafl.
What makes me pretty sure it was NOT phishing is that I can now log into PayPal with my NEW password. And I am pretty sure it IS the PayPal site I logged into because I can list my transactions.


If you want to be extra sure, change your password again once you have verified you're actually on the real PayPal site.

A really good phishing attack will relay the input credentials in the background to the real site and be able to present you the various account bits you'd expect to find there. smile

IMO, PayPal should not ask for the full credit card number for verification. It should ask only for specific digits from the card or your bank account. It doesn't need the whole thing for verification purposes. Besides, if someone had access to your PayPal account because they had gained access to your computer or your home, they'd also likely have the full account number, wouldn't they? Say from bank statements for example.
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top
#326551 - 05/10/2009 19:41 Re: Related question [Re: hybrid8]
andym
carpal tunnel

Registered: 17/01/2002
Posts: 3996
Loc: Manchester UK
Most times when I log in to Paypal it asks me to verify/update certain aspects of my account. Pretty much every time this happens nothing needs updating so I usually just hit okay. If they were phishing then already had enough info to do me over. But it hasn't happened.... yet.
_________________________
Cheers,

Andy M

Top
#326552 - 05/10/2009 20:05 Re: Related question [Re: andym]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14491
Loc: Canada
Mmm.. this funny stuff hasn't hit me yet, but thanks for the warning: I've just now gone and withdrawn my entire paypal balance.

If they want to lock me out.. no problem

Cheers

Top