Just got this email from Paypal inc...

You have added laptopseller@yahoo.com as a new email address for your
PayPal account.

If you did not authorize this change or if you need assistance with
your account, please contact PayPal customer service at:

https://www.paypal.com/row/wf/f=ap_email



Thank you for using PayPal!
The PayPal Team


Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.

----------------------------------------------------------------
PROTECT YOUR PASSWORD

NEVER give your password to anyone and ONLY log in at
https://www. paypal. com/ Protect yourself against fraudulent websites
by opening a new web browser (e.g. Internet Explorer or Netscape) and typing
in the PayPal URL every time you log in to your account.

----------------------------------------------------------------


PayPal Email ID PP007



I've never done any business with said email address...

Your views please as I've changed my log on password since getting the email.

It looks pretty good. But if you feel the need to check i'd go to the website manually as i didnt think ebay or paypal included links in their emails.

Probably complete ********. I would suggesting logging into your Paypal account and checking the details. If the email address isn't there, I would suggest either ignoring the email (which is what I usually do) or report it to Paypal.

Probably complete ********. I would suggesting logging into your Paypal account and checking the details. If the email address isn't there, I would suggest either ignoring the email (which is what I usually do) or report it to Paypal.

Too true there about reporting it to their abuse department

I Smell a phishing scam , most probably a Nigerian money raiser,

Numbers

Sounds like a phishing exercise. Just don't follow the link in the mail as it will go to some site that looks like paypal and you then enter your paypal username/password, they reject it storing your details and redirect you to the real paypal.

You then think you typed your password wrong, check your details, breath a sigh of relief that there is nothing wrong and log out. Then you discover that somebody had then t logged in as you, changed the email address/password and spent your money with goods delivered to a collection address.

Because you did not recieve notification by email you only find out when your bank/card company write to you to say you have gone over your limits.

out of interest just hover over the link to the paypal address and look where it thinks it is going. probably just an ip address or a domain name nothing like paypay

Beware Pay pal emails - I had one that looked just like a real pay pal one asking me to verify my details. I did (stupid naive person) click the link but as soon as I saw the questions they were asking - full card details WITH PIN, card verification number etc I smelled a dodgy thing and closed it down. I forwarded the email to ebay or a real pay pal address and they confirmed it was a phishing thing. Had a couple of others after but none recently.

I found that the link address written on the email was actually not the one that came up in the address bar when you clicked on the link. If you manually go to pay pal and log in the normal way its fine. Have had no problems paying with pay pal normally by the way...

Here is the page at the end of the link....

http://upload4.postimage.org/145434/Untitled_2.jpg (http://upload4.postimage.org/145434/photo_hosting.html)


.

what address was it sent from?
image certainly looks real but i'd be wary

The link is quite bona fide. Simply log on to your PayPal account in the normal way and check your details, and if necessary email them with a query.


.

Steve

Not wishing to teach my granny to suck eggs, but how can you know what the page is that the link refers to with only the "text" that numbers has posted. It is only if you look at the underlying html or hover on the actual link in abrowser that you will see where it actually goes.


This is one of my arguments against the growing use of html based mail. People see what they think they see. Would you click on a link that was titled "paypal scam", no of course you wouldn't but is the link said "I am the genuine paypal" then people trust it.

it is simple html tags like http://www.paypal.com (http://timspaypal.com/phising.pl). Using this the test in the browser says paypal but when you click on it off you go to the phishing site.

ahhhh...my lovely paypal friends...

It did take me until recently nearly 12 months to verify my address and card details.

Waste of bloody time sending any correspondence to them.


All the best trying to get anywhere with them :?

Also took me 6 months to get my account unlimited after a dispute between me and another customer.

Eventually got it done the other day, and funds added to my account for no apparent reason, to bring it to a positive balance...

it is simple html tags like http://www.paypal.com (http://timspaypal.com/phising.pl). Using this the test in the browser says paypal but when you click on it off you go to the phishing site.

Yes, but in this case it doesn't - it's PayPal most definitely.


.

Seems to be a few going around , from mail-order catalogues to banking sites, cunningly misdirecting links to other sites (not the official one)

Just a simple rule I find works is If I want to change update details / profiles etc, I'll go in and do it manually not waiting for a mail, which usually sets of alarm bells

Edit:

Sorry, does in fact look like the real site, i couldn't see anything, but what i would do is open it from your computer, right click and view source, you'll get a pretty good idea where its from, if neccessary copy and paste the source up on here and we'll have a look

Greg

Am I missing something or just being stupid. Richie has posted the visual text of his mail message. Not the message source. In doing this his mail client and browser have automatically converted what look like urls and mail addresses into same.

It is only by examining the mail source or (Only richie can do this as he is the only one with the original message) by hovering over the link in your mail client, that you will see where those links actually refer to.

The same with the actual mail from etc. It is so easy to forge SMTP mail headers I do it all the time when manually testing smtp setups


telnet mailserver.com 25
HELO test.co.uk
MAIL FROM : <customer.services@paypal.com>
RCPT TO: <richie.numbers@his.mail.com>
DATA
Subject: New User Added
From: Customer.Services@paypal.com
this is a phising mail etc...
.

et voila the mail looks like it came from paypal customer services etc.

Here is the page at the end of the link....

http://upload4.postimage.org/145434/Untitled_2.jpg (http://upload4.postimage.org/145434/photo_hosting.html)


.

Look its not real, he has copied the message text from the email. It will only copy text you can see not the underlying URL. So its not a real email.

If you have FF why not get Netcraft phishing toolbar. It protects you against most phishing urls & gives you a Risk Rating for sites

http://upload4.postimage.org/145562/Image2.jpg (http://upload4.postimage.org/145562/photo_hosting.html) http://upload4.postimage.org/145570/Image3.jpg (http://upload4.postimage.org/145570/photo_hosting.html) http://upload4.postimage.org/145571/Image4.jpg (http://upload4.postimage.org/145571/photo_hosting.html)

tim's right you know :wink: thats why i edited my post

[Look its not real, he has copied the message text from the email. It will only copy text you can see not the underlying URL. So its not a real email.

If you have FF why not get Netcraft phishing toolbar. It protects you against most phishing urls & gives you a Risk Rating for sites

I just clicked on the link in the original post, which would, of course, take you to the url as it was typed.. I was forgetting the underlying source code could redirect you :oops:

If you keep HTML email turned off, their is far less chance of this happening anyway...

.

I've changed my pay-pal password through the proper pal-pay site, then I thought I'd follow the link to see where it went .
So I logged in with a Completely made up password and it led me to this page where I'm supposed to fill in all my Personal card details...
So I now have the word MUPPET tattooed on my head do I... No I don't think so...
This must be a scam please beware out there...
http://upload4.postimage.org/145717/fakepaypalscreenmaybe.jpg (http://upload4.postimage.org/145717/photo_hosting.html)

I did not submit any information to the site and have emailed paypal centre.

I typed that url into FF and the Netcraft toolbar blocked it as they had it listed as a phishing site.

I typed that url into FF and the Netcraft toolbar blocked it as they had it listed as a phishing site.


Thank you TSM for putting mind at rest.. :wink: :notworthy: :thumbsup:

Look its not real, he has copied the message text from the email. It will only copy text you can see not the underlying URL. So its not a real email.

If you have FF why not get Netcraft phishing toolbar. It protects you against most phishing urls & gives you a Risk Rating for sites



Thank you, Have now downloaded both. F/F & Netcraft phishing toolbar.

I just send all the emails straight to spoof@paypal.com

Everyone of 'em has been phishy!!!

Look its not real, he has copied the message text from the email. It will only copy text you can see not the underlying URL. So its not a real email.

Ah, yes. I was just going on the URL supplied, i.e. https://www.paypal.com/row/wf/f=ap_email , which of course is a genuine PayPal one. I didn't consider that by copying and pasting it PHPBB would make the text URL one and the same :oops: .

Naturally with any email I always look at the source code to check the validity of the URL.


.

bottom line, never ever log in to anything that requires personal information like financial details, etc.. linked directly from an email, always type it in yourself.

If I ever get any mail from either EBay or Paypal or any other site that has nothing to do with a particular transaction that I have made, I just ignore it.