I got an email from PayPal saying that they needed the users to make updates on their accounts within the next two days. It sounded like a big deal, so I clicked the link to update whatever they needed.
PayPal came up like normal, and asked me for my user name and password to log in, which I provided to get in to the site. I didn't notice anything was wrong until Firefox asked me if I wanted it to remember the password. I said yes, but I wondered why it didn't already know that password. I use PayPal all the time. Then I saw in the address bar what I wished I'd seen from the start: This wasn't PayPal at all. This was some other site with another address that was posing as PayPal.
This is where I went into panic mode. I'd already hit submit on the login. I didn't fill out any of the resulting page asking for my personal information, but I had already submitted my password. Now what could I do? I hurriedly went to the real PayPal site and changed my password before the con-persons could do anything with the information I'd just given them.
And now I've spent the last few hours changing all of my other important passwords, just in case the spoofers are smart enough to use that little bit of information they got.
I reported the site to PayPal, but I don't know what else I can do. Does anyone know how to report this kind of thing to any kind of law enforcement, or is that even possible?
I was going to include the fraudulent email itself, as well as a quote from the actual PayPal site about how to tell a spoofed email from a legit one, but since I'm feeling very paranoid right now I decided that I didn't actually want to quote the con-artists or link to them. Instead, here's the problems with the email that I should have noticed (but didn't, at least not right away):
- The email didn't know my name. It referred to me generically as a PayPal member. PayPal (and hopefully other sites with privileged information) know your name and will address you by it.
- The link didn't go to PayPal's site. I should have noticed this right away, but I'm glad I did eventually notice it before I made a worse problem. If you're looking at an email that wants you to click a link, here's what you should do:
Hover over the link. In the status bar (that's the little gray bar at the bottom of your browser) it will say the address to which the link points. If the text for the link is an address, make sure they match. (In my case they didn't.) Otherwise, just make sure that the address looks like what you'd normally see for the given Web site (i.e., www.paypal.com if the link is supposed to take you to PayPal). Likewise, when you're entering your password or personal information in the destination Web site, look at the address bar at the top and make sure that you are.
18 comments:
the same thing happened to me with amazon. i had to change my amazon password as well as everything else i use that password for. i immediately figured out what had happened as soon as i logged into the site, so i don't think i gave the assholes time to get any info.
The exact same thing happened to me with PayPal, except that I had to wonder what was going on because I don't remember ever using it. I became especially wary when they asked for my PIN for my VISA card. I've been monitoring my accounts closely since then and nothing fishy has happened and the only information they got out of me was my email address and password. So if you get any weird emails from me it might be our friendly internet thieves at work. I hate those wankers.
Check out this perfectly legitimate link to PayPal.
Gabe,
That didn't actually work right in my browser (your link just said 'Done' the whole time).
But, it's still a good point, that the status bar isn't always a reliable check.
Is there a reliable check before you click on a link in an email? Remember that one virus that gave you a link to Yahoo, except when you clicked it would really run the attached .com file? That was a good/mean trick. But, if you'd've been able to see that it lacked the 'http' in from of the link it might have saved you from clicking that file. Or, I guess, if you'd've just known that you didn't need to click yes when it said it was running a program.
this has nothing to do with your post: when did your blog become... umm... girly?
I needed a new theme. I was just getting tired of the old one. Is it girly just because it's pink? It's not even really pink. It's more of a magenta color.
I don't think it's girly.
i was just kidding. girly isn't the right word... it's more pre-teen girly angst.
ok i'm kidding again. it just took me by surprise and i needed to say something.
I'm glad you know what magenta is Bryant. And I like the change, it's cute!
If I was to name your new blog theme, I would call it "Matches-Your-Shoes-and-BBQC-Shirt". As an expert on all things Native American, I would also say that makes a good Indian name.
Yeah, I thought about the matching-my-clothes thing. I think I might even add the BBQC logo to it: Buffalo style.
And magenta's actually an important color for computer nerds.
"magenta is an important color for computer nerds"? are you serious?
Yeah, I'm serious. Why's that so weird? It's really one of the primary colors of ink: cyan, magenta, and yellow (which is the real version of the primary colors you learned in elementary school). It's also been one of the main colors on early color screens, and it and cyan are used for contrast in some picture editing programs.
I'm serious, we use that color a lot.
Hey, I didn't post this!! I've been locked out of my own blog!! And who the crap turned my blog pink!
Hey, what? I really didn't post that. Is there some identity theft going on right now? How do I know who the real me is?
I'm the real you...I mean me!
Magenta has never been a primary color on a computer monitor LCD, CRT, or otherwise. Neither has Cyan or Yellow for that matter.
Monitors operate on light emmision(CRT) and transmission(LCD). Ink operates on light reflection.
RGB(Red Green Blue) are the primary colors for additive effect. CMYK(Cyan Magenta Yellow Black) are the primary colors for removal/reflective effect. Inks absorb colors reflecting the resulting color.
Cyan and Magenta combine to absorb Red and Green leaving Blue reflected.
Cyan and Yellow combine to absorb Red and Blue leaving Green reflected.
Magenta and Yellow combine to absorb Green and Blue leaving Red reflected.
It's also been one of the main colors on early color screens....
Magenta has never been a primary color on a computer monitor LCD, CRT, or otherwise.
Maybe it wasn't a "primary" color, since that would require the "additive" colors. It was, however, a "main" color. The CGB screens used Cyan, Magenta, and Yellow. (There was also a version with green and brown or something, but I don't remember that as well.)
I meant CGA. And I guess yellow wasn't one of the colors after all.
Post a Comment