Article on Paypay, eBay, & bank email scam & Paypal advice on same
Moms View Message Board: General Discussion: Archive January 2004:
Article on Paypay, eBay, & bank email scam & Paypal advice on same
People have posted asking about emails from Paypal,eBay, banks, etc. asking you to update your personal information. The emails are a scam, of course, and here is an article from ZDNet about it, plus the advice PayPal offers: New Mimail mixes tricks for PayPal scam By Robert Lemos CNET News.com January 16, 2004, 1:13 PM PT URL: http://zdnet.com.com/2100-1105-5142647.html Virus writers are going beyond "click to infect" programs by merging a trio of techniques to bypass security and compromise computers with malicious code. Antivirus companies point to the increase in downloader programs in e-mail as part of the trend toward more-complex attacks. These tiny Trojan horses are being used in combination with viral programs and Web site hosting to dupe PC owners and bypass security software. The latest example of this approach uses a Trojan horse dubbed Downloader-GN. When run, the less-than-3,000-byte program downloads the Mimail.p virus to the victim's computer from a Web site in Russia. That virus then attempts to convince the user to type in personal and financial information, a technique known as "phishing." The method is complicated and not all that original. Other viruses have attempted to upload other programs from Web sites to augment their abilities, and small download programs are also common. However, antivirus companies say that using all three together is a trend, and that some PC users have taken the bait. "There is a huge population that recognizes these spammings are false, but there is a small population that falls for it," said Craig Schmugar, a virus research manager for security software maker Network Associates. Downloader-GN was sent out in a bulk e-mailing two days ago with an accompanying message that claimed to be from online payment company PayPal, according to security software companies. The fraudulent e-mail claimed that PayPal would add 10 percent to the account value of any customer who filled out a form accessed by running the attachment, named Paypal.exe. "Registration is simple," stated the message. "Just unpack the attachment with WinZip, run the application, and follow the instructions we have provided." When run, the Downloader program will download a program from a Russian Web site and run it. Antivirus companies identified the program as a variant of the Mimail virus. The program could be changed, but the Web site has currently been taken down by the Internet service provider, said Schmugar. PayPal is a common target of phishing scams and has posted advice online to tell customers how to avoid becoming a victim. Customers of eBay, Amazon.com, Microsoft and banks are also popular targets of such scams. Even a small number of successes can make such schemes worth the effort for the virus writer. "Just like spammers, the malicious coders can make enough money to make it worth their while, if only a small percentage of folks actually fall for the ruse," said a statement from Chris Belthoff, a senior security analyst at antivirus company Sophos. "For those that do, the bad guys can completely drain their bank accounts." Blocking any executable attachments can protect corporate users, and personal firewalls can give warning when an unauthorized program tries to download a file from the Internet. Moreover, PC users should be cautious of trusting any unsolicited e-mail, Belthoff said. "Reputable companies do not send out files in this way, and users should think twice before they click on unsolicited e-mail messages," he said. PAYPAL ADVICE: Protect Yourself from Fraudulent Emails and Websites At PayPal, protecting your account's security is our top priority. Recently, PayPal members have reported suspicious-looking emails and fake websites. These emails are not from PayPal and responding to them may put your account at risk. Please protect your PayPal account by paying close attention to the emails you receive and the websites you visit. Please use the following tips to stay safe with PayPal: * Safe Log In: To log in to your PayPal account or access the PayPal website, open a new web browser (e.g., Internet Explorer or Netscape) and type in the following: https://www.paypal.com/ * Greeting: Emails from PayPal will address you by your first and last name or the business name associated with your PayPal account. Fraudulent emails often include the salutation "Dear PayPal User" or "Dear PayPal Member". * Email Attachments: PayPal emails will never ask you to download an attachment or a software program. Attachments contained in fraudulent emails often contain viruses that may harm your computer or compromise your PayPal account. * Request for Personal Information: If we require information from you, we will notify you in an email and request that you enter the information only after you have safely and securely logged in to your PayPal account. Often, fraudulent emails will request details such as your full name, account password, credit card number, bank account, PIN number, Social Security Number, or mother's maiden name. If you think that you have received a fraudulent email (or fake website), please forward the email (or URL address) to spoof@paypal.com and then delete the email from your mailbox. Never click any links or attachments in a suspicious email. To learn more about protecting your PayPal account, please review our Security Tips.
|