E-mail Scammers Go Phishing, Again

The spammers are at it again.

In what appears to be almost an exact reprise of a spam scam that occurred in February of this year, two e-mails are making their way around the Internet asking for personal information from eBay and PayPal users, including credit card numbers.

The first note, an e-mail purporting to be from PayPal, cites “rising security concerns” and instructs the recipient to click on a URL that begins with “www.paypal.com” and re-enter his or her account information immediately. The second note, an e-mail designed to look like it’s from eBay, informs the recipient that his or her account has been “suspended due to credit card verification problems.”

The recent spam notes are the latest in a variety of scams involving e-mail messages designed to look like official correspondences from large corporations. Last month, e-mails that purported to be from Citibank attempted to dupe recipients into handing over sensitive credit information. In the last 12 months, Mountain View, Calif.-based eBay and subsidiary PayPal have been the targets of other such scams at least twice.

This time around, in the spam that appears to be from PayPal, the link provided actually directs users to a site at the URL “www.paypalwarning.org,” a crooked site in no way affiliated with the company. Analysts and security experts regard this practice of redirecting spam recipients to a false site with the intention of obtaining their personal credit information as “phishing.”

Noted by the FBI as a growing trend, the technique of phishing — also known as spoofing — is an attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case. Phishing is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft. Phishing also often involves trademark and other intellectual property violations.

In “E-mail spoofing” the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to get recipients to open and possibly even respond to their solicitations.

Spokespeople from PayPal declined to comment on the latest spam, but the illegitimate e-mail is remarkably similar to a note that circulated around the Internet in December. At that time, PayPal spokesperson Julie Anderson was quoted in an IDG report as saying that these types of scams are common, and that, “we know from experience that PayPal users are for the most part savvy enough not to fall for them.”

With the recent eBay spam, though the note doesn’t proffer a link to dupe recipients into revealing personal information, it is worded strangely, and closes with “Trully [sic] yours.” According to eBay spokesperson Kevin Pursglove, the note could be evidence of a phishing scam that already has run its course.

“The criminals who post dummy sites are quick opportunists,” Pursglove said. “Usually the sites are up and gone within hours.”

Pursglove added that eBay officials post announcements about spam scams on site message boards every three to four weeks. As of yesterday afternoon, however, neither eBay nor PayPal had informed its user base of the most recent scams.

Among the various fraud protection measures you can take, PayPal suggests you first use common sense. If it sounds fishy, it probably is. The company also suggests you never send your password or account information in an e-mail; check for your full name in the e-mail as the company says it will always reference both your first name and last name; and only type your username and password into its legitimate homepage located at www.paypal.com.

Adapted from Internetnews.com.

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.