Have you had this e-mail?
“Important: We noticed unusual activity in your PayPal account (Ref #PP-823-636-935-323)”
eBay as many know was recently hacked. This resulted in passwords and personal data being accessed. This means scammers now have access to your name and email address that relate to your Paypal account.
If you use the same password on Paypal as eBay, they have access to your Paypal account as well.
If you haven’t done so already, change your eBay password. If your Paypal one is the same, change that too!
On this e-mail, careful examination reveals it actually claims to come from this address: firstname.lastname@example.org
A curiosity of this email above the usual scam/spam/phishing emails is the links in the email appear to link to Paypal. There will be some clever obfuscation going on there somewhere.
Searching the headers shows us this:
Header Analysis Quick Report
Originating IP: 22.214.171.124
Originating ISP: Peer 1 Dedicated Hosting
Originating Hostname: californiacrimetimes.com
Country of Origin: United States
So, not from Paypal then.
The email itself goes on to say this:
Account Status Update Response required Provide additional information regarding your account Upon receipt
Log in to your PayPal account as soon as possible
Dear Your Name,
Recently, there’s been activity in your PayPal account that seems unusual compared to your normal account activities. Please log in to PayPal to confirm your identity. To help protect your account, no one can send money or withdraw money. In addition, no one can close your account, send refunds, remove any bank accounts, or remove credit cards.
Click here to confirm your identity
What’s going on?
We’re concerned that someone is using your PayPal account without your knowledge. Recent activity from your account seems to have occurred from a suspicious location or under circumstances that may be different than usual.
What to do
Log in to your PayPal account as soon as possible. We may ask you to confirm information you provided when you created your account to make sure you’re the account holder. You should also do the following for your own protection:
- Log in to your PayPal account as soon as possible. Click here to log in.
- Confirm your account details (address, email, phone, etc.) to make sure they’re accurate.
- Provide additional information regarding your account.
Let’s work together to restore your account. After you complete all of the tasks, we should respond within 72 hours.
Thanks for choosing PayPal. If you need help or have any questions, call us at 1-888-221-1161, 4:00 AM to 10:00 PM Pacific Time Monday through Friday, 6:00 AM to 8:00 PM Pacific Time Saturday and Sunday, Please note that hours of operation may vary on holidays.
This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page.
Copyright © 2014 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.
So what we are seeing here is a pretty sophisticated phishing attempt by the hackers that hacked eBay, trying to get your Paypal data.
NEVER click on a link in an email that may or may not be from Paypal.
ALWAYS go directly to Paypal’s site – by typing it in your browser – and having logged in, any messages will display there.
If you click links in spoof emails like this, you will be taken to copycat sites that look like Paypal and be duped into giving out your password and other data. With that, they have the possibility to spend your money.
If you think you may have clicked and “logged in” via a fake site, go to the real Paypal at once and immediately change your passwords and then call Paypal on the phone for advice.