Thursday, December 14, 2006

duh.

So I fell for a spam scam, kind of.

Listen, tell you what: if you have a PayPal account? and you get a -very- authentic looking email that looks almost exactly like the real deal? telling you your account (email address intact and reposted) has been charged for something like oh an iPod to someone whose address is listed, via eSales? and you click on the "dispute this transaction" and it takes you to a site that looks just about exactly like the -real- PayPal page? asking you to reconfirm your information?

...yeah. Well, one, if you keep trying to fill out the automatic form and yer browser keeps going, "Computer says no," take that as a sign, and stop trying.

two, if the email went to your junk box, that was also a sign, yes, your first instinct was correct.

three, you may want to take a few deep breaths or at least wait for the maddeningly slow PayPal phone help center to pick up before calling to cancel your credit card.

oh well.

no real harm done.

fuckwads.

19 comments:

Hahni said...

Don't feel dumb; those things are very very real-looking and persuasive.

Paypal has an email address you can send possible spam messages to if you don't know--I've had to do that a couple of times.

So anyway, don't feel bad.

Zan said...

Gods. I've been getting those things for days. I was like...wait. This isn't right. I know it's not, but....it looks really really really authentic. I, however, don't have a PayPal account :) So I was like...what the fuck? Did someone steal my identity? Hrm.

So, I decided to be crafty and went to paypal.com and asked them to send my login information to my email account, so I could change whatever was there. And, of course, nothing got sent because, hello, there is no account in my name.

Bastards. Freaking me out like that. Grr.

belledame222 said...

you know, i'd gotten them in the past too, and ignored them, even though i -did- have a PayPal account. i thought.

then though, i wanted to send some money to some people, and, unlike the last time i'd done it, i think? where i couldn't be bothered with logging in and it let me just send it anyway? it needed me to log in. So I did; and it told me that my account had been closed with a $0 balance and there was no way to change it or open any account with any information related to that account, no explanation, no shit.

which kind of freaked me and also annoyed me, because i wanted to send the money.

and i couldn't email and ask for an explanation (I'd never used the old account for anything but small donations to people--no purchases, no money coming in to me) because they needed you to log in for a specific response and, well, hello, that was the damn problem.

and the phone lines were jammed, and i was...edgy.

so i opened a new account anyway with my other email address, same card, and it let me. g figure. i figured just use the damn thing and whatthefuck ever, i hate these goddam things, i was cranky.

and those did go through, confirmed by bank as well as official email. so fine.

a day or so after is when i found this new and improvedly authenthic looking fake email in the -other- email box, dated yesterday--and i'd never gotten any of -that- sort of spam in that box, you know--so, naturally, i freaked.

if i'd taken a moment to notice there was another, backdated "charge" from -before- i'd opened the new account (which apparently i'm not supposed to anyway, says the -official- PayPal which of course never screws anything up--did i mention i hate this kind of shit?), i might have waited.

but as it was i already had the credit card woman on the phone when i noticed this, and it seemed easier to just go ahead and cancel. and maybe the smart move after all at that; i did enter the card number in the fake "confirm your info" form, even though luckily (?) it didn't -appear- to go through.

i should've been tipped off by, you know, i don't -remember- them asking for my social security number; but by then i was in sort of a blind partially hormone-and-caffeine-induced rage and panic. anyway i didn't type it at all, thank fuck.

belledame222 said...

but anyway, yeah, that's the scam: they want you to enter your info on the "confirm" page (comes with a "secure login" button and everything!) and then they grab -that.-

little light said...

Yeah, I've been getting those every day, as well as similar ones purportedly from eBay.
My big clue is that even though I've used PayPal, oh, twice, it was only through one e-mail address, and I was getting those messages at both of mine.
And I've never used eBay. So.

God, those bastards are getting sophisticated.

midwesterntransport said...

i got something similar, an email which said, you know, "Your Account Has Been Compromised," but every time I tried to go to the website, Computer Said No. It did look authentic, though, so I feel your pain.

belledame222 said...

mwt!!

Hahni said...

the email address if you want to know if an email is really from paypal is spoof@paypal.com

forward the possibly fraudulent email to them and then delete the email. Paypal will let you know within 24 hrs usually if it's the real deal or a scam.

Also paypal says if you get an email headed "dear paypal user" instead of your real name it's a scam too.

belledame222 said...

yeah, i did see that bit afterward. gah.

oh well, probably not a horrible idea to get a new card anyway; i'd been using it all over the 'Net, and while i haven't had any trouble thus far (knock wood) I'm always a bit leery...

nezua said...

the rule i learned was never ever ever click on an email link when in doubt. always login separately in a browser.

(also firefox has a plugin that tells you if you are on a spoofed site...might help)

rey said...

I only ever use my platinum or gold cards online, because it's easier to dispute via the credit card company.

Also, in general I call the credit card company first to check for fraudulent charges. They always have better customer service centers, and you can contribute to the developing economies in India and Southeast Asia (that's a joke).

rey said...

I only ever use my platinum or gold cards online, because it's easier to dispute via the credit card company.

Also, in general I call the credit card company first to check for fraudulent charges. They always have better customer service centers, and you can contribute to the developing economies in India and Southeast Asia (that's a joke).

rey said...

I only ever use my platinum or gold cards online, because it's easier to dispute via the credit card company.

Also, in general I call the credit card company first to check for fraudulent charges. They always have better customer service centers, and you can contribute to the developing economies in India and Southeast Asia (that's a joke).

rey said...

I only ever use my platinum or gold cards online, because it's easier to dispute via the credit card company.

Also, in general I call the credit card company first to check for fraudulent charges. They always have better customer service centers, and you can contribute to the developing economies in India and Southeast Asia (that's a joke).

midwesterntransport said...

buon giorno!

belledame222 said...

Again! Again, again!

Donna said...

Nezua is right. Paypal and Ebay will never have clickable links to sign into their sites in email. They will tell you to go to their sites and sign in. Most of the time you can tell they are phishing emails just by mousing over the link, and seeing that it won't take you to paypal or ebay. It'll say something like "http://someweirdwebsite.com/ebay/signin.html" or something like that instead.

belledame222 said...

yeah, cheers. could've been worse. but, cheers.

Alon Levy said...

Four, if you get emails in accounts other than the one you created your PayPal account in, it's safe to assume it's not PayPal stalking you.