I’ve just received not one, but three emails with the subject line “Security measures” from the address “service@paypal.com” asking me to verify my personal information. Something seemed wrong; it’s not like PayPal to send the same message three times and they tend to have good copy editors who wouldn’t let bad grammar like this slip by:
Your As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts. You are requested to visit our site by following the link given below:
https://www.paypal.com/cgi-bin/webscr?cmd=verification
Clicking on the link took me to a PayPal welcome page, but the URL that appeared in the address bar was:
http://www.paypal.com@207.44.196.35/~redbarpr/cgi-bin/webscr%3fcmd=verification/
Note the boldfaced part: it’s not the secure site https://www,paypal.com (the “s” in “https” means “secure”) but some other site that has the phrase “www.paypal.com” at the start. The server is actually 207.44.196.35, which is some other machine.
Maybe it’s my recent (and not-so-recent) experience with grifters, but something seemed wrong. I decided to click on the link, expecting to see a Viagra ad. Instead, I got a page that looked like the PayPal login, except with a title in mangled English: Identify Your Verification. On a lark, I logged in by typing in random junk into the “login ID” and “password” fields and got taken to a page that looks just like a PayPal personal profile page, complete with spaces to fill out your name, address and credit card number. It was some kind of fake PayPal site built in the hopes of harvesting unwary users’ personal information and credit card numbers.
It turns out that the server on which these bogus PayPal pages were hosted does not belong to the scammers. Rather, it was broken into and used as a launching point for the scam. The site’s owners have taken down the pages and posted an explanation.
BoingBoing points to more information at Kung Fu Grippe about this scam.