July 08, 2003


An hour or so ago I sent PayPal a note questioning the legitimacy of an e-mail they’d apparently sent me. Something about it -- a couple of misspelled words, the details it requested about my bank account, the faint sound of malevolent giggling -- wasn’t quite right.

Jeff Soyer now has confirmation from PayPal that a scam is afoot. Beware.

Posted by Tim Blair at July 8, 2003 01:14 AM

Yeah. We got those too. The link looks amazingly like PayPal and the hacking of the header information was done really well, too.

Had the first one not come to an e-mail address that only gets crap mail, I might not have had my suspicious shields up.

Posted by: Mrs. du Toit at July 8, 2003 at 01:20 AM

curses! foiled again!

Posted by: Mr. Bingley at July 8, 2003 at 01:25 AM

This scam relies on using urls like:


Which looks like it goes to foo.com even to the trained eye, but actually goes to hacker.site/otherstuff and logs in as a user "foo.com" with password "".

Posted by: Anthony Towns at July 8, 2003 at 01:28 AM

I got 2 of these in succession well over a month ago - reported both to PayPal (never got a response, other than their automatic one). Last month Steven Den Beste got one and reported to not only to PayPal but to the Feds. I believe he said the real sending address was in Canada (I'm not smart enough to know how to find that out, but he is).

You'd think PayPal would have sent out a blanket e-mail warning people that they NEVER ask for passwords, etc.

Posted by: Barbara Skolaut at July 8, 2003 at 04:57 AM

I got the same thing too. I posted the original letter and both responses from PayPal on my site to warn others.

Course, you have more readers so you'll reach more people but we should all spread the word so NO ONE gets scammed.

Posted by: serenity at July 8, 2003 at 05:40 AM

Hah, I saw this quite a while back. When I noticed that the mailing specifically asked for a credit card number AND my ATM PIN number, I laughed and zapped the message. No self-respecting outfit would do something as stupid as engage in a routine that can easily be faked by a malevolent third party. And if Paypal was really behind that mailing, they can send me a notice via the post office, as they have my home address, whereupon a return letter would have been sent blasting them for their stupidity.

Posted by: Bashir Gemayel at July 8, 2003 at 08:41 AM

Just had it twice, but to different adresses. I ran a scan over them, and both return URLs are dodgy.
Beware- they are well written.

Posted by: paul bickford at July 8, 2003 at 10:12 AM

i got one today that purported to be from ebay asking me to sign in and update my information. it was pretty well done until i looked closely at the email headers.

Posted by: donald at July 10, 2003 at 01:09 PM