[JazzCatDRP]

This is pretty unnerving, or an incredible coincidence.

A couple days ago, I was having a hard time remembering the password to an old PayPal account, so I entered a few wrong passwords before I got the right one. Well today I get an email from PayPal informing me that someone had tried multiple password attempts, blah blah blah, so for security, I had to verify my account. I started thinking it was a phishing attempt, but the link went to a secure server, with PayPal as the domain. I logged in and all was well.

There was a second email in my inbox that had been sent one hour after the PayPal one. This was from a bank. It said that a third-party had notified them that there was a potential security compromise with my card, and that'd I'd need to verify my information. Thinking that PayPal had notified my credit card company that I had on file, I didn't have any worries that this wasn't legit. I click on the link, and notice it doesn't go to where the link said it was. The page never loaded, and I shot an email back to the sender, and I get an auto-response saying I'm part of a phising attack.

Is this a big coincidence, or can phishers and other scam artists easily get this information from PayPal somehow?

[budster101]

My paypal is screwed up... something is going on with it. Thought I had $50 in it and suddenly I have $4.00 and no transactions to see about what happened...

[iMOTOR]

I can't wait till Google hands Paypal their ass on a platter.

[TETENAL]

Originally Posted by JazzCatDRP

Is this a big coincidence, or can phishers and other scam artists easily get this information from PayPal somehow?

That both sounds like phishing mails to me. Never click on a link in an e-mail and enter your account information in the site that opens. Always type paypal or your bank's URL into the browser yourself. You can then verify from there whether they wanted something from you or not (but must likely not and it was a phishing mail).

[Big Mac]

Originally Posted by JazzCatDRP

This is pretty unnerving, or an incredible coincidence.

A couple days ago, I was having a hard time remembering the password to an old PayPal account, so I entered a few wrong passwords before I got the right one. Well today I get an email from PayPal informing me that someone had tried multiple password attempts, blah blah blah, so for security, I had to verify my account. I started thinking it was a phishing attempt, but the link went to a secure server, with PayPal as the domain. I logged in and all was well.

There was a second email in my inbox that had been sent one hour after the PayPal one. This was from a bank. It said that a third-party had notified them that there was a potential security compromise with my card, and that'd I'd need to verify my information. Thinking that PayPal had notified my credit card company that I had on file, I didn't have any worries that this wasn't legit. I click on the link, and notice it doesn't go to where the link said it was. The page never loaded, and I shot an email back to the sender, and I get an auto-response saying I'm part of a phising attack.

Is this a big coincidence, or can phishers and other scam artists easily get this information from PayPal somehow?

Did the original message you assumed came from PayPal contain your account holder's name? And did you verify the headers? Remember, even complete URLs in address bars can be deceptive.

[RAILhead]

PayPal will ONLY address you by your account name, meaning, when PayPal emails me, they always start their messages with "Dear Maury McCown".

If yours wasn't started like that, you got teh phished.

Maury

[dreilly1]

I got a PayPal e-mail the other day that looked nice and official ... Paypal graphics, copyright notices, the whole nine yards. I looked at the raw source to find out where the link was actually going and sure enough, it was fake. The fakes are looking better and better.

I didn't think to look at how the E-mail was addressed at the time. Now that I'm looking at it, my PayPal account name is nowhere in the E-mail....

[Buckaroo]

As others have said, NEVER EVER EVER click on ANY link in an email to any site that you enter a password.

NEVER EVER EVER click on ANY link in an email to any site that you enter a password.
NEVER EVER EVER click on ANY link in an email to any site that you enter a password.
NEVER EVER EVER click on ANY link in an email to any site that you enter a password.

Type in the url using your keypad.

[Millennium]

Buckaroo has it right. Manually type in any URL you're given in an e-mail, if you know you'll be entering account information.

Most likely, JazzCat, this was just an unfortunate coincidence. It would be suicidal of PayPal to actually cause others to phish your password. I get warnings like the ones you received half the time, but never from the bank that actually issues my credit card. That's a major warning sign there; if you don't believe you have an account with a company that sends you an e-mail, you probably don't. Google that company's site (don't trust anything in the e-mail) and contact it using information you've found yourself to get things straightened out.

[budster101]

I just got screwed by Office Depot. Bought some cables and then returned them... the Cashier charged me again to the card (Paypal) So instead of $25 to my credit, I had now -$50 which screwed my balance.... I just got off the phone... Hopefully they'll get it right this time...

[JazzCatDRP]

The first one was indeed legit. I even emailed PayPal to ask.

[yukon]

I bought something with Paypal, they were useless. After all the horror stories, I made it so they couldn't access my credit anymore but kept the account. I got a really official looking email, very well done, a few months ago that said they needed me to login. Suspicious but it looked official. So what did I do? I manually went to paypal.com, deleted my disabled account, and sent them a copy of the email, complaining that either they should stop sending me stuff after years of inactivity or do something about the scams (email confirmation service, account notes that an email was sent, something)

In any case, I needed to order something using Paypal (nothing else was accepted). So I had a friend do it with his paypal account that was limited to a single little-used bank account. Apparently it takes two weeks to transfer the money, absolutly horrible service, turned 4-6 weeks shipping to 8-10 weeks shipping. It's not a bank, and it's not a good company to trust with money.

[ghporter]

Yep, coincidence. It happens. In one day I got five (yes, 5!) phishing emails claiming to be from different banks, plus one from someone claiming to be PayPal. I read them...but that's all, particularly since I don't have accounts with any of those banks (I hadn't ever heard of four of them). This stuff comes in bunches as the bad guys come up with new and better ways to con us out of our passwords and such.

[RAILhead]

I've been using PayPal since they started in 1998, and I've never had any problems at all. I can't even begin to calculate how much money has passed through my account, all with no hang-ups or hiccups. I've never waited more than 7 days for a money transfer, either, and it's usually only a couple of days.

Everyone's mileage varies.

Maury

[Buckaroo]

These scammers are trying something new. I received an email today that they asked for personal information to be faxed to them. To one of those free efax fax numbers. I wonder how many stupid idiots fall for this one.