I got this email this morning:



Dear Customer,

PayPal is constantly working to ensure security by regularly screening the accounts in our system.

We recently reviewed your account, and we need more information to help us provide you with secure service Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.

Sep 30, 2014: We do not recognize the device used recently and we are concerned about unauthorized access to your PayPal account. For your protection, access to certain account features will be limited. (Your case ID for this reason is PP-003-401-327-342.).

Click here to Restore Your Access



Make sure that your account information (address, phone number, etc.) hasn't changed and that you recognize all of your recent transactions. If you see a payment that you don't recognize, let us know by going to the Resolution Center. Click "Dispute a Transaction" to report an unauthorized transaction. (Your case ID for this reason is PP-003-401-327-383.).

© Copyright © 2014 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

I would never click the link supplied but would normally go to PayPal's site to double check my account. When I hit reply to the above-mentioned email of course the email address was to some scumbag.

Any of you get some pretty convincing phishes?

I've been getting a few of these pay-pal ones now, every time I go to my account, and everything is fine.

The day pay-pal emails me legitimately to inform me of an out-of-date card or some other error, I'll end up ignoring it as spam probably !

I like this guys response to annoying texts,

[Link: quickmeme.com]
 

I swear, legitimate emails from these guys (PayPal, Google, etc.) look just as fake as the fake ones.

What about the calls from people telling me I have a virus on my Computer?

Of course when asked which one, they don't know.

I like it.

Daniel,
Funny thing is I did get a legit email from one of my banks and I sent a smart ass reply and they called me.

Sirround,
One of my clients will act stupid when the fake computer techs call him and he tries to keep them on the phone as long as possible :)

I'm sorry but I can see these scams a mile away. First thing is they don't use your name, they say customer. Then they ask you to click a link or download an attachment, easy to spot.

I never open any of these things.

Very simple, never respond to anything in an email, via the email.

Pick up the phone and call the number on your card or what ever the source, just not the email phone number.

What really bothers me is that if these emails did not work, they would not exist.

Most of these bastards are preying on the elderly and non tech just trying to be honest people.

There is a special place in hell for you rat bastards.

On a somewhat different level I was a victim in the CD Universe data base hack some twenty years ago (major news at the time).

What this CS did besides take all my money (debt card mistake) was ridiculous.
He started shipping random stuff all around the world.
He started a White Supremacist web site with my home address on it.
He signed me up to about 15 porn web sites.

Bank called when the money was gone, not a penny before.

All from the comfort of Germany.

Took a long time to get my money back (about two months) as the laws were different then.

Called the media and Adain Pickering and crew came to the house and did a story about it.

My 15.

The problem with the phone scams (computer fix) is they are effective when it comes to the elderly.
My step father is 82 years old and pretty tech savy, used to be an engineer. He got caught up in it, about 1/2 way through he started to get suspicious of the person on the other end and he stopped before they got all the info they probably wanted or needed.

He called me right away and told me what happened, so we quickly changed all sorts of passwords and I sent him to his bank to let them know what he had done and get any of those passwords changed.

Fortunately he has not had any issues and it's about a year later.

We may think we are smart enough to catch these things, and for the most part we probably are, but we need to continue to remind our parents and older relatives about these scams. These people get very creative and can be very convincing on the phone.

I just opened one with a variation of the Fedex logo as a header, with a purple just a little bit to dark and the message


There's a big purple button labeled "Get Shipment Label." I'm supposed to click it. When I run the mouse over it, my browser tells me it's medorya.com/user.php et cetera.

It says it's from [email protected]. If a bot wants to find this and flood them with emails, I'm good with it.

I get one of those every single time I order something online, and I forward every single one to the fraud dept. of said fraudulated carrier,(have fun Ernie).

What is funny is it is never the carrier that is shipping to me, but I always get one after I order something.

I guess a lot of it probably is 'unofficially sanctioned' by hostile governments, so they know they have zero chance of being brought to justice. Let the crooks get rich at your enemy's expense. It's two birds with one stone. It hurts the other side and helps turn outward energy that would otherwise be spent raping the homeland.

Ultimately, this is all going to come to a head. The internet was never designed for what it's already being used for, much less the many new things it's being used for every passing day. It's crazy how much reliance we are putting into something that everyone who knows anything about it understands is ill advised at best.

And the comments above about The Internet that Cried Wolf are probably accurate. If I were a crook looking to hit Amex or Visa, I'd certainly send out a barrage of bogus reports just before I did so, just to desensitize people to them and create a lot of distraction.

How about the one's for iCloud password changes or whatever?

My g/f and I had received an email from "[email protected]" in regards to our accounts. Many people on Apple's forums have mentioned receiving them too.

We knew it wasn't real. But the thing that makes it seem real is the email address. As @icloud.com belongs to Apple. So it could very will mislead a lot of people.

Or text message from 776-836 stating a security code to unlock your Yahoo email account or something like that.

KOT

It's trivially easy to fake a return e-mail address. That's one of the biggest problems with the internet currently. I can send out millions of spam e-mails with your e-mail as the return address. You end up blacklisted on lots of servers and don't realize you aren't getting mail from people, who probably now think you are out of business or something.

And it's a cheap way of generating denial of service attacks. You send out a huge number of e-mails to likely invalid addresses on many servers. Those servers then send back failure messages to the return address, which isn't you, it's who you want to attack.

And of course if you steal info from a social media network and know who people's friends are, you can send one e-mails with the other's return address, making it far easier to get you to click on something and run it.

There has been for a long time ways of insuring that e-mails come from people you know. Well, it's not a 100% sure, because someone could steal the encryption keys of a friend of yours. But, no one can steal millions of them at once, because they are not stored publically anywhere. Each person has their own, so the ability of hackers to subvert such systems is much more limited.

But, it's been very slow to be taken up. Google announced something of this sort recently. Basically with public key encryption you have two keys, one is public and the other is private. Something encrypted with one can be decrypted with the other, and the difficulty of figuring out someone's private key from their public key is what is referred to as 'computationally infeasible', i.e. it doesn't depend on secrecy, it depends on asymmetric computability, where it's almost infinitely harder to crack than to create.

So, if you send me an e-mail encrypted with your private key, I can get your public key (either from a well known public source or already have gotten via other means) and decrypt it. Though I cannot guarantee 100% that you haven't been beaten up and forced to give up your private key, I can be sure that the e-mail come from someone who has your private key. And for 99% of us 99% of the time, being beaten up for our private key isn't too likely. It tends to reduce attacks to targeted attacks, instead of carpet bombing, and the vast majority of us are not worth the effort of a targeted attack.

If everyone would take up this scheme, we'd be vastly better off. But it's sort of chicken and egg. If most people you deal with don't use it, then there's not much benefit for you to, and vice versa.

A couple of our staff got done by this fake Google Drive email [Link: gizmodo.com]

The problem is that the link in the email is a Google link!

Creative bastards. If only they used their knowledge for good.

If you have a problem at the bank...your card wont work. You dont need an email or a text or a phone call. If/when your checks bounce or your card doesn't work...thats when you need to contact paypal or chase or wells fargo etc.

Ignore everything else including phone calls claiming to be your bank. Ignore EVERYTHING ELSE including phone calls emails texts snail mail a neighbor who likes to carry verbal messages across the world. Everything. Ignore it.