Sunday, March 12, 2006

Wrong on both counts!

I'm fairly sure that I gave you all a warning about "phishing". Phishing is a form of spam that is sent out in hopes of fooling someone into thinking the email is from someone legitimate, in the hopes of luring them to their website to collect information. The one I've seen most often claims to be from PayPal. And that's the one I fell for yesterday.

In my defense, I had just woken up, and was still a bit fuzzy. As per my usual routine, I headed downstairs towards the bathroom, and detoured to check my email (also, fairly usual). One of the messages was:

From: Pay Pal Inc. (
Date: Mar 11, 2006 4:50 AM
Subject: Check the status of your account

As part of our security measures, we regularly screen activity in the Pay Pal system. We recently noticed that your account was accessed by unauthorized third party. Because protecting the security of your account is our primary concern, we are forced to limit the access to sensitive Pay Pal account features. We realise that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Case ID Number: PP-042-818-072

Your Personal Data includes information that can identify you as a specific individual, such as your name, address, phone number, credit card number or e-mail address are stored in your account. Is strongly recommend that you log into your account and verify your Personal Data. We apologize for any inconvenience this may cause.

To review your account and some or all of the information that Pay Pal used to make its decision to limit your account access, please visit the Resolution Center . If, after reviewing your account information, you seekfurther clarification regarding your account access, please contact Pay Pal by visiting the Help Center and clicking "Contact Us". We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help and protect you and your account. We apologize for any inconvenience.

Pay Pal Account Review Department

Pay Pal Email ID PP520952

There are several things in this email that should have set off my alarms (both in my email system, and my own head); PayPal should be one word, the address from "", and there are a couple of minor grammatical errors. But, as I said, I was fuzzy and these things didn't register.

The BIGGEST thing that should have stopped me from doing the stupid thing I did next, was that the link it told me to click on was NOT the same as it was showing. I changed it here so that I don't bring these low-lifes any more potential victims, but I DID link it to an address that doesn't currently exist, and should adequately illustrate my point. If you hover your mouse over that link, and look at the status bar at the bottom of your browser, you'll see that the address is not the same as is shown. This doesn't always mean it's bogus, but it's usually a really good indicator.

So I click on the link, without checking where it takes me, and I'm given the "Pay Pal" login screen. So I fuzzily type in my email address (which PayPal uses), and the password that I THINK it is for that account. It lets me in, and immediately prompts me for a credit card. Now I have our checking account, and several credit cards linked to my PayPal account, as well as a PayPal debit card. I'm becoming less fuzzy, and noticing that this page is not formatted correctly (margins are not lining up). Also, PayPal is very good about explaining exactly what they're asking for, and this was a fairly vague request. My PayPal debit card was nearby, so I started to enter the numbers. I then notice that this card is expired. As I get up to get my wallet, the warning bells in my head finally start going off. I notice the address is NOT for PayPal, and the bogus email address in the original message.

Realizing that I had just given someone my username and password to access my PayPal account, I immediately closed all my browser windows, cleared my cookies and cache (in case something was still lurking in memory), and went to the real website. I logged in and changed my password, and removed all but one of the credit cards.

So that's one of the ways I was wrong this weekend. Here's the other:

If you'll remember my comment from the other day, when I saw they were predicting snow for three days in a row here, I'm happy to say I was wrong. It's been pretty much snowing off an on for the past 3 days, with a little accumulation. It tends to melt off fairly fast, but it's been snowing now since early this morning, and still coming down pretty good right now. I think I can safely say that we've had more snow on the ground in the past few days then we had all winter. So much for Spring Break!

Love to all!

No comments: