Image courtesy: mathowie

The seed for this post was an email I received yesterday. I’m a verified PayPal user using a Gmail address for the login user email address in PayPal.com. I haven’t made any transaction through PayPal within last 3 or 4 months. But I received an email to my admin email address of this website (admin@best-internet-guide.com if you are willing to contact me and don’t know my email address :-)), informing me that I have made a payment to a person having a PayPal login email id digishopbay123@macintosh.com and asking to click a link to dispute the transaction. The email I received is given below.

From: service@intl.paypal.com [mailto:service@intl.paypal.com]
Sent: Wednesday, February 20, 2008 4:50 PM
To: undisclosed-recipients:
Subject: Dispute Transaction

Dear PayPal Member,

This email confirms that you have sent an eBay payment of $47.75 USD to 

digishopbay123@macintosh.com for an eBay item. 

———————————–

Payment Details

———————————–

Amount: $38.75 USD

Transaction ID: KSUGS10992LAKLLX0909

Subject: Pioneer Cd Player 138

Note:

If you haven’t authorized this charge ,click the link below to dispute transaction 

and get full refund

Dispute transaction (Encrypted Link )

*SSL connection:

PayPal automatically encrypts your confidential information

in transit from your computer to ours using the Secure 

Sockets Layer protocol (SSL) with an encryption key length 

of 128-bits (the highest level commercially available)

———————————–

Item Information

———————————–

eBay User ID: multimediacdplr

—————————————————————-

Michael Rotenberg’s UNCONFIRMED Address

—————————————————————-

Michael Rotenberg

879 Markenson  St. 

76649 Iredell, TX

United States

Important Note: Michael Rotenberg has provided an Unconfirmed Address. If 

you are planning on shipping items to Michael Rotenberg, please check the 

Transaction Details page of this payment to find out whether you will 

be covered by the PayPal Seller Protection Policy. 

—————————————————————-

This payment was sent using your bank account. 

By using your bank account to send money, you just:

- Paid easily and securely

- Sent money faster than writing and mailing paper checks

- Paid instantly — your purchase won’t show up on bills at the end of 

the month. 

Thanks for using your bank account!

—————————————————————-

Thank you for using PayPal!

The PayPal Team

PayPal Email ID PP980

I was confused by hearing that I have made a payment which actually I didn’t. 

I was little curious and felt the scent of another probable scam. 

Therefore I thought to click that link and explore about this. 

The link which was asked to be clicked was having the URL given below.

http://mail.moraga.ca.us/users/manager/www.paypal.com/cgi-bin/webscr.php?

cmd=_flow&SESSION=60-SQEaP_wWvhPmjul-DllC5OkU8dzThCY4mF5LzvZxGdMv

LhBSjCflCmUW&dispatch=5885d80a13c0db1f02baca35d810c8ec1c019f6b4e949c

a66922b381ebbdcb08

It starts with http://mail.moraga.ca.us which is not http://www.paypal.com or a sub domain of paypal.com (Ex:http://dispute.paypal.com). My assumption was correct and I thought to explore further. When I clicked that link, I was taken to a webpage which I was stunned to see. It is added below.

It is identical to the real paypal.com home page except the URL. An average person will definitely click that link as he/she hasn’t made that transaction and visit this webpage. And he/she won’t notice that even though the home page is identical but the URL is different. Actually most of us don’t look at the URL of a familiar website. As I mentioned above, my real PayPal email (xxxxx@gmail.com, I will send you my real PayPal email address if you like to make a donation for me ), is not the same one which I received this email. Next part is the most interesting.

I wanted to check the mistakes these dangerous cheaters have done. Therefore I opened the real paypal.com webpage also. First I hit the submit button without entering the user email id or the password. A popup message box appeared as shown below.

Then I checked the same scenario with the real paypal.com website. It took me to another page and showed an error message which was embedded in the webpage (not a message box). The error message shown is given below.

You must enter both your email address and password. Please try again.

Then I hit the submit button only with the user email id. The fake PayPal website showed another error message box as shown below.

When I did that with real paypal.com, it gave the same error message mentioned above. If you noticed, you will find the title of the fake error message boxes have a URL http://mail.moraga.ca.us not something like http://dispute.paypal.com.

Then I added the email address a@a.com and password as 11111, which both are fakes. Surprisingly I was successfully verified and taken into another webpage which asks my credit card details to verify my payment and refund. That page is shown below.

If you don’t provide your real credentials to the real paypal.com, you will not be allowed to proceed further. My assumption was becoming a reality. I didn’t add my credit card details. Then I logged in to the real paypal.com with my real credentials and checked whether there are any pending dispute transactions. I couldn’t find any and I also checked all my transactions. But I couldn’t find any transaction related to that email address. I thought to do some research on this. But it didn’t take a long time as I found some information from the paypal.com site itself. They have mentioned about phishing emails and asked to report about those types of messages to an email address (spoof@paypal.com).

I forwarded the email received explaining everything as mentioned above. They replied me indicating that it is a phishing message. I have added the reply below.

—–Original Message—–
From: spoof@paypal.com [mailto:spoof@paypal.com]
Sent: Wednesday, February 20, 2008 6:21 PM
To: Sampath Wijeratne
Subject: RE: Q510 - Thank you for your email to PayPal (KMM95898866V11853L0KM) :kf1

Thanks for taking an active role by reporting suspicious-looking emails.

The email you forwarded to us is a phishing email, and our security team

is working to disable it.

————————-

What is a phishing email?

————————-

Phishing emails attempt to steal your identity and will often ask you to

reveal your password or other personal or financial information. PayPal

will never ask for your password over the phone or in an email and will

always address you by your first and last name.

Take our Fight Phishing Challenge at

https://www.paypal.com/fightphishing to learn 5 things you should know

about phishing. You’ll also see what we’re doing to help fight fraud

every day.

————————-

You’ve made a difference.

————————-

Every email counts. By forwarding a suspicious-looking email to

spoof@paypal.com, you’ve helped keep yourself and others safe from

identity theft.

Thanks,

The PayPal Team

_______________________________________________________________________

This email is sent to you by the contracting entity to your User

Agreement, either PayPal Inc, PayPal Pte. Ltd or PayPal (Europe) S.à

r.l. & Cie, S.C.A. Société en Commandite par Actions, Registered Office:

5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118

349.

_______________________________________________________________________

I hope that everything is clear for you now. Millions of PayPal users might have been trapped into this when you are reading this post and they might have lost millions of Dollars. I thought that informing others by posting this post will at least save some of their money. If you don’t believe what I mentioned here, just visit that URL and enter a fake user email address and password. You will experience the same what I experienced. But NEVER add your credit card details. If you think that this will be interesting for your friends, click the topic of this post. Then you will be allowed to tell a friend about this by sending an email. I will come with another interesting topic like this with the next post.