Saturday, August 22, 2009


Most PayPal phishing scams are done by emails with links to bogus websites that look like the official PayPal site. The scammer sends an email to get the victim to supply personal information, to dispute a bogus charge, or to download spyware. Once the victim enters the requested information or downloads the spyware, the criminal uses the information to steal the victim's identity.

Beware of Identity Theft Scare Tactics

The goal of the identity thief is to alarm the victim into acting quickly without thinking. For example, an email will state that there has been a major security breach and that PayPal is working hard to protect its customers from fraud. In order to protect sensitive information the email directs the victim to a spoof website to "verify" their PayPal password and bank account information. The victim is told that providing this information will prevent thieves from robbing their bank accounts when, in fact, the opposite is true. The thieves play on the victim's fear of losing their money.

Other emails tell the victim that a charge was made to their account that may not be legitimate. Of course, the fictitious charge was not authorized by the victim so the victim feels compelled to act quickly to correct the problem. The victim is directed to a spoof website to dispute the charge and asked to supply account information in order to recover their funds. The identity thief then proceeds to clean out the victim's bank account.

Identity thieves also send emails that threaten to suspend or freeze a person's PayPal account if the requested information isn't supplied immediately. Once again, the victim is told that this is for their own protection. The people most vulnerable to this scam are those who use PayPal for their business. When people are told their livelihood is threatened, they tend to panic and act too hastily. Legitimate businesses do not try to rush people into taking action.

Spyware for Identity Theft

Another scam email urges the victim to open an attachment that downloads spyware into the victim's computer. The identity thief can then retrieve critical information about every account held by the victim. The thief can use these accounts and open new accounts in the victim's name. PayPal never sends emails with attachments. This is a definite indication that the email is fraudulent.