I receive 3 to 5 emails from Paypal asking me to update my details. Some of them are very believable because they look professional with the company's header. The emails also seem to come from trusted sources such as [email protected].
I will use a fake paypal email here as an example:
As part of our security measures, we regularly screen activity in the PayPal system. We recently noticed the following issue on your account:
We would like to ensure that your account was not accessed by an unauthorized third party. Your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Case ID Number: PP-072-838-560
For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause.
To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Center https://www.paypal.com/. If, after reviewing your account information, you wish to seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking "Contact Us". We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
PayPal Account Review Department
PayPal Email ID PP648769005
As you can see, the email is written professionally and the links seem to come from paypal. The chances of falling into the fraud is high for unsuspecting readers.
How to Detect Fake Emails
1. If you move you mouse over the links in the email, you will have a clue of what is going on. For example, the url https://www.paypal.com/cgi-bin/webscr?cmd=_login-submit actually points to http://www.google.com/url?sa=p&pref=ig&pval=2&q=http://220.127.116.11:82/login/index.php. If you click on it, you will arrive at a page that looks exactly like paypal.com. Will you be tempted to enter your details?
2. Look at the url in the address box of your toolbar. The url reads [http://18.104.22.168:82/login/index.php]. Now, it is pretty obvious that you are not in the official PayPal website. Whatever details that you enter will reach the hands of the hacker.
3. Try logging in with a fake password and you will go through. The fake website will not have the actual PayPal database and therefore, cannot verify your identity. Any password that you enter will get you into the admin area.
Who Are The Victims
There are many complains of stolen paypal accounts or credit card numbers everyday. My personal experience tells me that most of the victims are new internet users and aged people. Busy IT professionals also make up a small percentage of it. I believe anyone can be a victim if they are not careful.
Hackers Are Intelligent
Once your paypal email, password and credit card details are obtained, the hacker will make payments using the details provided. Making large payments will be suspicious. So they like to make small payments, perhaps fifty to a few hundred dollars a month so that busy people like you and me will not take notice of that. Your credit card number might already been stolen but you are not aware of it. Checking your monthly bank statement carefully is a good way to detect unauthorized payment.
Prevention Is The Best Cure
What should you do when you realised your paypal account was stolen? Contacting PayPal might help but I am quite pessimistic about it. The thing that annoys me most is that alot of hackers are getting away from their act with no action taken. Perhaps, it just takes too much time and effort to track down the hacker.
I would suggest everyone to learn more about internet security especially if you are running an online business or want to make online payments.
Though Paypal is a great payment system, it is abused by many unethical people. The same could have been done to other payment systems such as 2checkout, moneybrookers...etc. Internet scams are everywhere and anyone with an email should becareful.