June 8, 2006
Among the spam messages hitting consumers' email inboxes lately is a
message that appears to be from PayPal, warning the recipient that
they are the apparent target of hackers.
The message, however, is designed to steal sensitive information from anyone who responds.
The message bears the PayPal logo and the bright graphics one would expect from a corporate communication. It informs the recipient that their account has been blocked because someone tried, unsuccessfully, three times to access it.
For extra effect the message even gives an IP address, allegedly traced to the supposed hacker.
To remove the block from the account, the recipient is told to click on a link and log into their PayPal account. Those who click on the link go, not to the actual PayPal login page, but to a phony PayPal site operated by the scammer.
When they enter their user name and password, they are providing it to the scammer, who can then access the account.
There are a number of tip-offs that the message is a scam. There are a couple of misspellings and at least one word, "apologize," is written with the British/Canadian spelling. The syntax is also odd. If you read it out loud, you can almost hear the Russian accent.
But the biggest tip-off is the request that you access your account by clicking on a link in the message. Computer security experts say you should never do that, and that neither PayPal nor any other legitimate enterprise would ask you to.
