Please! Is this a scam?

I'm not aware that I have PayPal account and I never use eBay.


Dear PayPal Member,
This email confirms that you have sent an eBay payment of $53.85 USD to
harris2727@aol.com for an eBay item.


Payment Details
-----------------------------------
Amount: $53.85 USD

Transaction ID: 2LC956793J886333Y

Subject: Digimax 130

Note: If you haven't authorized this charge, click the link below to cancel transaction
and get full refund


Cancel Transaction:

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run&dispatchX85d80a13c0db1fa848f5a5f5ae42e779d4b5655493f625952cd6b76e9a2739e


*SSL connection:
PayPal automatically encrypts your confidential information
in transit from your computer to ours using the Secure
Sockets Layer protocol (SSL) with an encryption key length
of 128-bits (the highest level commercially available)

-----------------------------------
Item Information
-----------------------------------


eBay User ID: scratchandgnaw2


----------------------------------------------------------------
Edward Harrell's UNCONFIRMED Address
----------------------------------------------------------------

Edward Harrell

Important Note: Edward Harrell has provided an Unconfirmed Address. If
you are planning on shipping items to Edward Harrell, please check the
Transaction Details page of this payment to find out whether you will
be covered by the PayPal Seller Protection Policy.




----------------------------------------------------------This payment was sent using your bank account.

By using your bank account to send money, you just:

- Paid easily and securely

- Sent money faster than writing and mailing paper checks
- Paid instantly -- your purchase won't show up on bills at the end of
the month.

Thanks for using your bank account!



----------------------------------------------------------------

Thank you for using PayPal!
The PayPal Team
PayPal Email ID PP119

You're welcome.

and user name and then they will use that at the real site.

I clicked the link and it took me to my own Paypal account on the actual Paypal site.

maybe the person on the other end just entered a wrong email address or something.


:shrug:

I did the same, since it was quite clear that it was a link to the real PayPal site.

to not do anything at all and then sit around hissing and spitting about the SCAM that may not even be a scam at all.

And likely isn't, since we both found it went straight to the real PP site and didn't ask for personal info.


Oh well...

:shrug:

why?


My computer is loaded with lots of anti virus and anti spyware stuff, firewalls, the whole bit.

As long as I wasn't asked to enter any personal information, I wasn't worried about it being a scam. I'm not that stupid.

In any case, while everyone here was sitting around speculating...or outright KNOWING that it was a scam, I discovered that the link actually took me to my own Paypal account and didn't ask for passwords or any other personal information.


Maybe that's what pisses people off...not being able to spin a whole scam story where none likely exists.

is if you logged in....

...and if you did log in on a page you arrived at by clicking on an emailed link, all I can say is you have more cojones than I do!

I'm permanently logged in through Firefox no matter what link I follow to get to PayPal.

The only difference is, unlike with some other sites (discussion boards, etc) Firefox did not automatically enter my password there.

It won't enter it on Pay Pal, or any of my online banking sites.


Worse has happened to my computer just from following Google links in an attempt to get information. I constantly get little warning messages telling me that malicious IP numbers are trying to get access to my computer, even on the legitimate eBay site itself.

:shrug:

I work with Paypal and access my account dozens of times a day. I manually log in every. single. time.

There is no such thing as being permanently logged in to Paypal, and there is no such thing as landing directly on your Paypal account without first logging in. For one thing, Paypal wouldn't allow their site to be so insecure. C'mon, are you really serious as to suggest otherwise?

Which means you are letting your browser log in automatically. This means you either 1) live alone in a locked down fortress where there is 0% chance of someone stealing your computer, or 2) you have no money in your account with no prospects for any in the future and therefore couldn't care less if someone hijacks your account .... or, the most likely scenario, 3) you are blowing psychedelic rainbows out your bum.

Good day.

I don't have a "predicament" to explain....

No, it didn't take you to the real Paypal site.

It took you to something that looked like the Paypal site, and stole your information before forwarding you to the actual Paypal site.

My browser directs me to the real PayPal site, where my email address shows up. It never automatically enters my password on PayPal or my online banking sites, and I didn't enter it myself.

I don't have to change anything, least of all my password, since, like I said, I didn't type it in and Firefox didn't enter it, either.

If I had been directed to a page where I had to enter my email address, I would have been highly suspicious, since I know that my browser always remembers to put my user name/ID in the appropriate field.

A lot of phishing attacks are "blind" email blasts.

Some phishing attacks are premised on an earlier compromise of user information, which is used to provide a greater degree of authenticity to the attack.

Not knowing you, your machine, your email and browser client, or your patch level, one defaults to basic assumptions.

And considering that link directs you to the secure Paypal.com site, I'm fairly sure no one's information has been stolen. Do you get some kind of thrill by telling people to be deathly afraid of such benign things? I have a feeling you know far less about computers than you pretend to.

What I do have is a doctorate in electrical engineering and long experience with people who were looking at things on computers which are not what they appear to be.

There are techniques by which email clients can be caused to display what appear to be links to valid sites (even if you look at the link ID down at the lower left of the typical Outlook display, for example).

There are also techniques for pasting a graphic over the upper and lower browser bars - the address bar ant he lower information display, that make it appear as if the browser is directed to the actual site by a secure socket connection.

If someone whom you know nothing about says, "I clicked on a link to from an email", then assuming that they were completely aware of multiple phishing techniques is not a safe assumption.

Yes, I'm very well of techniques used to make people believe they're going to valid sites when they're not. This is NOT one of those cases. I'm in my 16th year of IT work and I'm 31 years old. If you have decent knowledge of computers, you can find out in about 5 seconds that this particular link goes directly to Paypal's secure site.

Do you charge for evaluating the motives and character of people you do not know, or is it a free public service?

An email can have more than one payload and/or can be sent to someone who already has some other piece of malware on their computer. Hence, the presence of a valid or invalid link in this particular email, without knowing anything else about the state of their machine, the software on it, and patch level, is indeterminate as to whether this email is or is not a threat - regardless of whether the pasted link is valid.

This person received an email about a transaction they did not make. That is reason enough to be suspicious of it.

Are you really going to suggest that if the person hasn't used a Paypal account in years, then they have received a "totally legit" email from paypal about a $58 transaction to someone they don't know for a purpose they also don't know?

Really?

Paypal sends out notifications of transactions people didn't make. Ummm... no.

I wouldn't have clicked on it myself if I didn't have a Paypal account. However, a very quick check shows that link goes directly to Paypal's SECURE site. There's no way that anything could have occured by clicking on that link that would have led to any malware infestation or identity theft. And THAT is what I was referring to. Getting people all in a tizzy about needing to scan their computers for infections and such is just fear mongering.

The text may have been duly copied from the email.

It can also be anchor text from an HTML message in which the underlying link went elsewhere, and WASN'T copied/pasted in the OP above.

You can't diagnose the situation on this forum.

Funny, a few minutes ago you knew exactly what the issue was. It wasn't some stupid, benign email, it was a threat worthy of CAPS!!!!! Now you seem more interested in what it 'coulda' been.

Have a nice day.

If you have to misquote words on the same screen, there's not much point in continuing the discussion.

The OP received an email about a non-existent transaction.

The probability of it being an actual email from Paypal is zero.

The point is, you flipped out and said with no equivocation that the link in the OP was to a scam site and his/her personal information and computer had been compromised. None of that is true. And the capital letters didn't make the fear mongering any less ridiculous.

I said the link within it directs to Paypal's secure site and it wouldn't be dangerous to click on it. You, however, said the link goes to a fake site and steals their information instantly. That is a bunch of bullshit and you obviously weren't qualified to make such a determination. The email could have been sent by mistake, it could have been sent by some idiot who wants to confuse a lot of people. It wasn't sent by an identity thief. At least not an identity thief who knows a damn about his/her job.

The email refers to a fictitious transaction.

Your assumption is that the copy/paste above reflects the actual code of the email message instead of copied anchor text from an HTML message.

If the code in the message was:

<a href="http://badsite.tld">http://goodsite.tld</a>

Then the OP will copy/paste and post a valid link to "goodsite", but the actual email will direct the user to "badsite". The underlying code here at DU also does not accurately represent plaintext URL's (as noted by it thinking the HTML code example above includes actual links). Try it yourself.

You do not have, and do not know, the underlying code of the email message in question, in plaintext.

Before the APWG was formed, I used to do this solo for a bank.

(APWG - Anti-Phishing working group - http://www.antiphishing.org/)

You told the OP, in no uncertain terms, that the link they clicked on was a phishing attempt and their data and computer was compromised. That is 100% bullshit and you trying to create a scenario where you would be slightly less full of shit doesn't make it so.

So, sure, don't get tested.

I bet the original email was set up to not go to the link it appeared it WOULD go to, but by copy/pasting the text, the hidden webpage link was not provided.

I wouldn't click on a link directly from an email, but copy/pasting can show either the (1) hidden true link or (2) will show only what appears to be the correct link. Here the link that was copy/pasted ended up being the paypal link, with the hidden nasty one not showing up.

Clicking here on DU is not directly from the email.

I'm a crazy power-tripping alarmist. What do I know.

Rofl, that guy was a treat.

My electrical engineering courses didn't deal with domain name servers, or TLS, or proxy servers, or peering centers, or fully qualified domain names, or how many octets are in an IPv4 address.

Of course you do have to have a fundemental understanding of electricity to understand telecomunications. I.E. the reason we have AC/DC theory, semiconductor circuit analysis, etc,.


Sorry, pet peeve of mine. Along with folks who do some level of IT work (even DBA's) who think since they know there are 24DS0 on a T1 they are an expert LOL.....Until you ask them what something like AMI actually means :P

Your browser can be sent to any ip but show the paypal.com name.

It's not just going to do that discretely.

but nice try. I can do it discreetly through a web control. Take a look at an cleaner called "hijack this" This was made primarily to fix host redirection attempts.

I could gain privileges on your machine with a java exploit and update your hosts file. When you bring up a browser and head to "paypal.com" the name would show in in the address bar but your machine would resolve this to a new IP as defined in your host file. If the new site was done correctly, it would look and feel just like paypal.

Im sure you have heard of this being the consummate computer pro that you are. its called phishing.

Being the consumate computer pro that you are, you should have no problem modifying my hosts file. Fortunately for me, I know it would require me to make an awful lot of stupid decisions on my part for that to happen. I know enough about phishing to know that the vast majority of successful attacks are due to idiots who don't take the most basic of precautions.

that is really all it takes. no, it does not require that you run an executable.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2010-0094.N

Not one that takes me to paypal's secure site. And it's quite easy to tell the difference. The link in the OP does not lead anywhere malicious, it goes directly to paypal.

and tell whether it is legit or not. So im guessing you have never heard of adding redirect instructions into a url for a legitimate website?

Look man, you can think what you want, but the fact remains the phishing occurs on a grand scale and its more insidious than just gettign people to click on obviously wrong URLs.

Here is an example of the kind of thing you dont believe exists.

http://www.howstuffworks.com/framed.htm?parent=phishing.htm&url=http://www.antiphishing.org/Evolution%20of%20Phishing%20Attacks.pdf

the pdf at the end shows exactly how obfuscated URL emails are constructed.



here is another example, CNN at howstuffworks
http://www.howstuffworks.com/framed.htm?parent=phishing.htm&url=http://www.cnn.com
or
http://www.howstuffworks.com/framed.htm?parent=phishing.htm&url=http://www.paypal.com
this one in which the redirect completes itself at the end.


with the right site and the right coding, you can bounce people around all you want. You can add tons of trash to a URL that makes the text non-readable in an email but interpretable by a browser.

never click a link on an unexpected email. Just bring up a browser and and hit the front door.

Yes, they could easily cap your cached information or phish your info.

Don't hit any of the links. Forward to spoof@paypal.com

edit to add - btw there is no ebay user with that name : I just checked for you.

Don't click!

so they can go after the sender.

have any worries. Forward the message to spoof@Paypal.com. They will be interested in seeing it.

Any message from Paypal that is official will be addressed to you by name not just "Paypal Member".

I've received similar messages myself and I have an account. No troubles, but do not respond.

people who have gotten the same phishing email:

http://www.google.com/search?hl=en&q=harris2727@aol.com&aq=f&aqi=&aql=&oq=&gs_rfai=

A great place to find people who know stuff.

only problem is: I do not have ANY account(s) with BofA

Be careful out there...

/Sarcasm

Even if you have an account with Paypal or the bank or other business that is alleged.

If you have questions, contact the company directly, but avoid the use of the email or links in it to respond.

As there are doubtless people that will click them here.

You'll see upthread where two of us clicked on that Paypal link.

Guess what...


it goes to the actual PayPal site.

It actually brought me to my OWN Paypal account.

So that part isn't exactly a scam. As for the rest, I would definitely advise NOT submitting any personal information at all.

But clicking the link itself isn't going to blow up anybody's computer or cause plagues of locusts in their hometown.

In any case, it did go to the actual PayPal site, but I didn't go any further and enter a password or anything, just in case...

In the HTML version, the link would have viewable text that says "paypal.com" while the actual URL goes elsewhere.

In the text version of the email, the URL part of the link is removed leaving only the viewable text to the real paypal site.

It will always have the name of the person who is on the account.

On Edit:

Email Security

•Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account. If you believe you have received a fraudulent email, please forward the entire email—including the header information—to spoof@paypal.com. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.

https://www.paypal.com/cgi-bin/webscr?cmd=p/gen/fraud-prevention-outside

That's the give away every time for any of those phishing attempts. especially since I have an email account I use ONLY for my financial stuff, so when I get one of these on another email address I already know it's phony.

I usually have fun with the phishers. I fill out the blanks with whatever pops into my head.
Name: George Bush or Dick Cheney
mother's maiden name: demonspawn, etc.
for a phone number I give the FBI's 800 number.

That would take you to PayPal. For my last Ebay purchase, there was a link back to the original auction page. They gave the details of the transaction in the email, enough to know which it was, but the format is very different from what you posted.

At the end there is this:



PayPal is very aware of how the scammers work and try to not help them get their victims.

Any business that sends out emails with links to take you to a site to log in is either a ripoff or is run by very stupid people.

hahaha, my wife always falls for all the email scams.

Then of course she gets mad at me that she never has a computer at home to use, because everytime I fix her computer for her she gets another virus on it.

If you don't do business with PayPal, or Bank of America, or Ebay, or Amazon, or the "FBI," etc., anything you receive purporting to be from these entities is a scam.

If you receive e-mail purporting to be from a company you do business with, if anything, you might type in the address separately yourself and see if you have any message.

Edit:
You would not, of course, use the suspicious e-mail itself as a source for the address. Use an address you have saved, or do a careful web search to find the real web address of the entity in question, e.g. "amazon.com."

NO ONE will legitimately e-mail you asking you to click on a link in order to insert your name, password, SS#, credit card number, etc. for "security purposes" or any other reason. Common scams claim to be from PayPal, Ebay, Amazon, major banks, etc.

would be to contact PayPal with the appropriate information...or as much as possible...

https://www.paypalobjects.com/IntegrationCenter/ic_transaction-search-and-details.html


If you inquire about a specific transaction, you're more likely to get a reply than if you merely report something as a scam.

And I'm really curious about the outcome of this one...

Paypal is a bad joke. I'd suggest you close your account and avoid doing business with them.

They're just like your typical large, evil, bank -- except with even fewer regulations and safeguards.

as mentioned in the OP

i get these all the time, i never click and no money is ever taken from my paypal account

as for paypal itself, it's a great service i've used for over 10 years traveling the whole world, it's definitely worth preserving your paypal acct security because it is just too useful to be able to cheaply withdraw foreign country, purchase items in other countries or from ebay, and so on, i really like it, and they have been a money market/credit & debit card vendor for many years so they DO have gov't protections of your accounts

Of course it's a scam.

Paypal will always address you by name. "Dear Paypal Member" did not come from Paypal.

it could also just be a reactionary troll chain-mail, in the same vein as the "Hitler virus hoax," and stuff like that. It's just meant to piss people off.

it says he has been a member since 7-07.

He has never sold anything, has NO feedback - but his page had 8223 views.

Definitely a scam!

1) Without clicking on the email link, open a new browser window and get to paypal (this would apply to people who actually have a paypal account and have received such an email)

2) Log into your paypal account as you usually do

3) Check the "recent transactions" page to see if such a payment actually happened to your account

4) if not, don't worry. End of story.

5) if so, then you have an issue to take up with paypal

If you ever were a member of EBay your email would be addressed to your user name, Whenever you see something from Ebay or a financial institution without your real name think scam.