Question
Hello Bobby Beeman,
PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.
As part of our security measures, we regularly screen activity in the PayPal system.
We recently noticed the following issue on your account:
We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Your bank has contacted us regarding some attempts of charges from your credit card via the PayPal system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your PayPal account Due to recent activity, including possible unauthorized payments placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your PayPal registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of PayPal policy to represent oneself as another Paypal user. Such action may also be in violation of local, national, and/or international law. PayPal is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.
To confirm your identity with us click here:
https://www.paypal.com/us/cgi-bin/we...gin-run-verify
Case ID Number: PP-895-290-18
After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.
Sincerely,
PayPal Account Review Department
PayPal Email ID PP522
This message and any files or documents attached may contain classified information. It is intended only for the individual or entity named and others authorized to receive it. If you are not the intended recipient or authorized to receive it, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately then delete it from your system. Please also note that transmission cannot be guaranteed to be secure or error-free.
I logged into PayPal to check and see if there was anything noted in my account and didn't find anything. Then I called CS and verified that it was a spoof and that PP number was a fake.
I figured they would get sneakier and they have. The mouseover on the URL wasn't exactly the same as the link in the email, but it looked really close. Watch out, they are getting trickier than ever before...
Answer
I've gotten two of these identical to that. They are really getting good. I sent to PayPal over two days ago as a spoof and asked that they verify it as such but have not received anything back from them. I was 99% sure it wasn't legit but just that tad of being uneasy. It was good enough that the only reason I wouldn't have fallen for it was their requirement to clink on that link. Like you, I checked the account itself and all looked well. I get so sick of getting these and now that something has been breached somewhere and they have our actual account names it really is disturbing, especially from a financially related account.
Answer
There have been at least three threads about this up to now, one of which was mine.
Seems like I read the explanation here once, but I'll be damned if I can find it right now. Something about doing a pretend payment to an email, and thus getting the buyers real name to show. Some kind of glitch in PayPal's system that I "trust" has been fixed now.
Answer
I've started sending 100% of everything purporting to be from ebay or paypal to spoof. I figure if anything is ever legit they'll have to be the ones to sort it out (gg). But then someone said even forwarding could be dangerous? The world just shouldn't have so much nastiness in it. Maryanne
Answer
thanx for posting this and it doesn't really matter how many times it gets posted, we always need to be reminded to be careful.
Answer
I got a paypal spoof last night which wigged me out.
It was sent to an email address that is NOT on my main business domain. It's used for an eBay ID I occasionally sell/buy on. That email address is linked to my PayPal account, but the only folks who would know that would be folks who actually have bought from or sold to me on that ID or folks at PayPal. (The *other*email is used in those listings.) The spoof INCLUDED my business name . . . the name on my PayPal account. It's not like this is something someone could have guessed because there is NOTHING relating those two domains.
I didn't respond to the email, of course, and reported it to paypal spoof. I've also asked them to explain this, since I am having trouble coming up with an explanation that doesn't involve some sort of security breach there . . . .
Answer
I have a personal account that I use to recieve payments from friends and some limited customers. I get spam on that account all the time.
I think PayPal has a mole
Answer
Originally Posted by stevemills
Seems like I read the explanation here once, but I'll be damned if I can find it right now. Something about doing a pretend payment to an email, and thus getting the buyers real name to show. Some kind of glitch in PayPal's system that I "trust" has been fixed now.
Originally many security professionals attributed it to PayPal's database being compromised, either through an employee or a database cracker like 'Trinity' of Matrix fame.
Sadly the true story was much simplier: PayPal had a HUGE security hole you could drive a Mack truck through. Supposedly fixed for now (until the next hole is found). Unfortunately a huge number of active PayPal accounts were compromised.
Answer
Here
Originally Posted by stevemills
Seems like I read the explanation here once, but I'll be damned if I can find it right now. Something about doing a pretend payment to an email, and thus getting the buyers real name to show. Some kind of glitch in PayPal's system that I "trust" has been fixed now.
Answer
PayPal had a security hole on their web site for over a year that allowed phishers to obtain the full name of any PayPal member:
Auctionbytes 3/24/06: http://auctionbytes.com/cab/abn/y06/m03/i24/s00
There was another hole on the PayPal web site that allowed phishers to obtain PayPal member's email addresses:
eWeek 1/05: http://www.eweek.com/article2/0,1895,1754013,00.asp
edited to add: blame eBay and PayPal for being so lax with site security. There is a security hole on the eBay site which has existed for over a year and which eBay refuses to fix become they think (according to eBay spokeswoman Catherine England) allowing users to put javascript in their listings outweighs the risk of users having their identity stolen. The US Department of Homeland Security's US-Cert has issued 2 alerts about that security hole this month. The latest one issued Thursday (4/27): http://www.us-cert.gov/cas/alerts/SA06-117A.html and http://www.kb.cert.org/vuls/id/808921