Here's how it goes:
- Mr X receives an email from a Paypal email address telling him about an unauthorized access to his account.
- He freaks out, and clicks on the login icon to fix the issue ASAP without checking where the link points to is not paypal.com. One of the links even reads "https://www.paypal.com/us/" but if you move the mouse over the actual link, of course it's not paypal.com.
- They ask him for his Paypal login (which of course, they store and use later to take money out of his account!)
- Then they log him in and ask for his credit card info: Credit card number, expiry and even The PIN and the security code. Now at this point Mr X should realize what has happened and change his Paypal password ASAP. But if he's stupid enough to give his PIN to a company (you shouldn't even give your PIN to the bank) then he really deserves what's coming!
- Finally they log him in to the real Paypal web site. Since Mr X typed in his real PayPal login, he's now logged into PayPal. Once he's into his normal PayPal page he looks up sees the PayPal domain on top of the browser and doesn't even know what hit him until the credit card statements come in!
Here's a copy of the e-mail itself (Paypal's really fast in taking these fake sites down, so don't expect the links in this sample to work):
----- Forwarded Message ----
From: "email@example.com" <firstname.lastname@example.org>
Sent: Friday, March 31, 2006 8:57:52 AM
Subject: PayPal Notification: Re: Unauthorized Use of Your PayPal Account !
| Unauthorized access to your PayPal account!|
We recently noticed more attempts to log in to your PayPal account from a foreign IP address.
If you accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you are the rightfull holder of the account, please visit Paypal as soon as possible to verify your identity:
You can also verify your account by logging into your PayPal account at https://www.paypal.com/us/.
If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.
We ask that you allow at least 72 hours for the case to be investigated and we strongly recommend to verify your account in that time.