PayPal phishing scam

6/14/2019

Tech tip

I’m writing today about an email I got recently. It’s such a great example of a phishing scheme, and they are becoming so prevalent these days. In phishing, there is no initial malware placed into your computer, there’s no virus, nothing but an email. Any computer is susceptible, because it’s not based on malicious software, it’s really based on malicious intent. In the case of my email, it gave me a link to sign onto my Paypal account to “Correct” my information. It said that money was being withheld due to this problem.

Now, I do actually have a Paypal account. And I can certainly see why it might seem legitimate. These emails might pretend to come from the IRS, UPS, Amazon, anything common enough so that you would likely be a customer. Someday, these folks might actually learn to spell, and then it will be harder to discern. Meantime, here’s what they sent me:

Here’s the hyperlink they sent behind that login: https://omgclub.co.uk/renew/awur/eye/index.xyz... (link is inactive, do not follow)

First, let’s look at the From address: alerts.noreply-dmsmm.sp@notifymsp.paypal.xyx
You can see it’s NOT from paypal, but from notifymsp. That’s a clue this is fake. Next, it has a link; that Paypal icon they give shows a hyperlink, as I give above, to omgclub.co.uk. That’s clearly fake, and it’s coming from the UK no less.

Now, if you read the whole thing, starting from the subject line, there are SEVERAL errors and misspellings. I highlighted most of them in red. The grammar is bad, the spelling mistakes are too numerous, and the wording is just silly for a big corporation like PayPal. I especially liked the security TREATS. And why is it addressed to Paypal and signed from Paypal? I just don’t get it. This one was really just too funny.

Someday these emails will look perfect, but for now, pay attention and DO NOT CLICK on an embedded link in your email unless you are absolutely sure who it’s from and that it is legitimate.

Let me point out that while Carol and I are both using Windstream email, I did receive this email, but I was not able to forward it to Carol a week later. Sometime in there, Windstream started blocking it.

1 Comment

Sid

6/15/2019 02:29:27 am

URLs associate to the right, so alerts.noreply-dmsmm.sp@notifymsp.paypal.xyz refers to the notifymsp subdomain of the paypal.xyz domain. paypal.xyz is not paypal.com, even though they both say "paypal", so that's a warning, but the "From" address could have been paypal.com: "From" addresses are easily faked, no differently than I could snail mail a letter to someone and write "Jeff Bezos" in the return address. (Of course it costs 55 cents to send a letter, while spam is free, and mail fraud has severe prison penalties, while spam generally comes from foreign countries where the laws are loose.)

Also, if you hover your mouse over the "Log In" link (don't click, just hover), you should see the full link URL for that, which will almost certainly not be at paypal. That's the biggest clue of all that this is not a legit e-mail, which will be the case even when/if the spelling is better.

Tech Tips

There's a lot of fake information out there. Please be scrupulous about what you share on Facebook and other platforms. Here are some trusted sources. Please don't rely on social media for your information.

Abiquiu Computer Recycling

Abiquiu Computers gives away available computers for FREE. We recover used pc’s and upgrade them, repair them, refurbish them so they may have another life with someone else.

Free stuff:
Windows 11 desktops & laptops

Thank you!
Lynn A
Carol W
Stede B
Jack & Edwin

I could really use some Monitors. I also get asked for smart phones and tablets.

Email
Do you have a computer sitting in your closet or garage? Brian will wipe all personal information off the hard drive. Pass on that computer today.
Please contact Abiquiu Computers.

Abiquiu Computers has retired from the computer repair business but still fixes up and gives away donated computers.