Many days ago we had received an email from paypal@something.com, which said to click on a link and enter my credit card information by loging into PayPal account. We knew that the email was not from PayPal(by looking at the from address of the email), but still we clicked it to test(not recommended), and the link took us to a fake website resembling PayPal. And to our astonishment, the fake website was almost an exact clone of PayPal website. Newbies and ignorant people would just do everything the email had stated them to do and you know what will happen next!
What I did was, just entered some wrong username and password(to loginto that fake PayPal like website), guess what? Any random, wrong username and password will longinto such websites. The next thing was, it prompted us to enter our Credit Card number. There also I entered some nonsense numbers. And finally it poped up a hearty message saying “Thank you”.
We do not recommend anybody to try what we did with the phishing email link. We did all those things at our own risk.
And as this was our first experience with such phishing email, we just informed about the email and the fake website to PayPal team. And got this reply email from PayPal:
Dear Satish,
Thanks for taking an active role by reporting suspicious-looking
emails.
The email you forwarded to us is a phishing email, and our security
team is working to disable it.
————————-
What is a phishing email?
————————-
Phishing emails attempt to steal your identity and will often ask you to
reveal your password or other personal or financial information. PayPal
will never ask for your password over the phone or in an email and will
always address you by your first and last name.
Take our Fight Phishing Challenge at https://www.paypal.com/fightphishing to learn 5 things you should know about phishing. You’ll also see what we’re doing to help fight fraud
every day.
————————-
You’ve made a difference.
————————-
Every email counts. By forwarding a suspicious-looking email to
spoof@paypal.com, you’ve helped keep yourself and others safe from
identity theft.
Thanks,
The PayPal Team
——————————————————————————–
That email really made me think PayPal as more secure. As the secure feeling was still in my mind, another email was spotted in my email. Now I forwarded it to spoof@paypal.com. Now, this time I got still better reply from PayPal, which was more informative:-
Dear Satish,
Thank you for contacting PayPal.
At PayPal, we care about the security of your account. Therefore, we
would like to offer you a number of Security Tips.
The tips will help you protect yourself against various types of
Internet fraud, such as ‘spoofing’ and ‘phishing’: the act of collecting
personal and financial information through fake emails, websites and
phone calls.
Using this sensitive information, the perpetrators will try to commit
identity theft, credit card fraud and various other illegal activities.
So please read the tips below, for your own sake, and in the interest
of all PayPal users.
Emails – Make sure they are sent from PayPal
1. Always check the greeting. We will never address you with Dear
PayPal User or Dear PayPal Member. Instead, we will address you by your
first and last name, or the business name associated with your PayPal
account – except in some automatic responses.
2. Look for strange links. When you’re asked to click on a link in
an e-mail that looks like it’s from PayPal, be extremely cautious.
3. Does the e-mail ask you to enter sensitive information? If it
does, it’s not from us. PayPal will never ask to you enter:
o Bank account numbers
o Credit and debit card numbers
o Drivers license number
o Email addresses
o Your full name
4. Check for attachments. PayPal will never send an attachment or
software update to install on your computer.
5. Take your time, don’t be rushed. Spoof emails can contain a
threat: You must take action, and do it now. If you feel undue
pressure, don’t respond. Simply log in to your account, and check your Resolution Center.
Website pages – make sure that they are hosted by PayPal
1. Check the URL when you log in. When you use the PayPal service,
make sure that the URL at the top of the browser is
https://www.paypal.com/. This means the website is secure. If you see a different URL, close your browser – even if it contains the word
PayPal.
2. Look for the lock. The lock symbol that appears in the bottom
right hand corner of your browser means it is a secure site.
Passwords – keep it on PayPal
1. Last but not least, create a unique password for your
PayPal-account. Don’t use this password on any other site and don’t
share it with anyone else.
2. Change your password every month.
If you think you have received a fraudulent email, forward the entire
email, including the header information to spoof@paypal.com and then
delete the email from your mailbox.
Click the “Security Center” link on any PayPal webpage for additional
tips and tools for staying safe online.
If you have any further questions, please feel free to contact us
again.
Sincerely,
Jeffrey
PayPal, an eBay Company
————————————————————————————————–
I was very much happy that PayPal is concerned about its customers.
Now PayPal has taken yet another step to teach its customers, to make them authority of online fraud detection and prevention techniques.
Now you can see an ad on the HomePage of PayPal and which will take you to https://www.paypal-promo.com/safety/ when clicked.
This site is made of flash and its visually appealing and gives full information about online fraud detection and prevention techniques.
It involves “Training Center”, where it tells about online theft and protection measures etc. And next is, it has an “Safety Exam” section where you will be presented with some questions and answers(in the form of options) to test your levels of understanding about online fraud detection and prevention techniques. Next is the “Safely Calculator”, calculates “How safe your PayPal account Is?”, by determining your answers to some of the questions.
And there is also a section called “Safety Products”, which lists some of the safety products developed at PayPal Lab — Take a look at it, they may be for you.
One thing which we never knew and came to know from this website are:
PAYPAL SECURITY KEY
All agents need gadgets. Customers in the US, Germany and Australia can use the PayPal Security Key, a small electronic device that generates a unique security code every 30 seconds.
You use this security code when you log in to your PayPal account, giving you an extra layer of protection against identity theft and account takeover. Hope this feature will be available soon in all countries where PayPal transactions are allowed. And for those who are deprived of this feature presently can make use of one of their Plug-In which offers an array of security features by generating a single-use MasterCard credit card numbers to help keep your financial information’s secure.
In India RelianceMoney demat account holders have been using such Security Key to generate new password for their account every 30 seconds. PayPal taking such measures creates an healthy, secure feeling in its customers.
Update:-
Please do not even click on the suspicious links found in your phishing emails. Because now a days the scripting(script programming) has become so powerful that, if you click on such links, a worm can be placed inside your computer(which may track your activities later). Clicking on such links is just like permitting the script to access your information.