Members
Change Profile

Discussion
Topics
Last Day
Last Week
Tree View

Search Board
Keyword Search
By Date

Utilities
Contact
Administration

Documentation
Getting Started
Formatting
Troubleshooting
Program Credits

Coupons
Best Coupons
Freebie Newsletter!
Coupons & Free Stuff

 

Article on Paypay, eBay, & bank email scam & Paypal advice on same

Moms View Message Board: General Discussion: Archive January 2004: Article on Paypay, eBay, & bank email scam & Paypal advice on same
By Ginny~moderator on Sunday, January 18, 2004 - 06:43 am:

People have posted asking about emails from Paypal,eBay, banks, etc. asking you to update your personal information. The emails are a scam, of course, and here is an article from ZDNet about it, plus the advice PayPal offers:

New Mimail mixes tricks for PayPal scam
By Robert Lemos
CNET News.com
January 16, 2004, 1:13 PM PT
URL: http://zdnet.com.com/2100-1105-5142647.html

Virus writers are going beyond "click to infect" programs by merging a trio of techniques to bypass security and compromise computers with malicious code.

Antivirus companies point to the increase in downloader programs in e-mail as part of the trend toward more-complex attacks. These tiny Trojan horses are being used in combination with viral programs and Web site hosting to dupe PC owners and bypass security software.

The latest example of this approach uses a Trojan horse dubbed Downloader-GN. When run, the less-than-3,000-byte program downloads the Mimail.p virus to the victim's computer from a Web site in Russia. That virus then attempts to convince the user to type in personal and financial information, a technique known as "phishing."

The method is complicated and not all that original. Other viruses have attempted to upload other programs from Web sites to augment their abilities, and small download programs are also common. However, antivirus companies say that using all three together is a trend, and that some PC users have taken the bait.

"There is a huge population that recognizes these spammings are false, but there is a small population that falls for it," said Craig Schmugar, a virus research manager for security software maker Network Associates.

Downloader-GN was sent out in a bulk e-mailing two days ago with an accompanying message that claimed to be from online payment company PayPal, according to security software companies. The fraudulent e-mail claimed that PayPal would add 10 percent to the account value of any customer who filled out a form accessed by running the attachment, named Paypal.exe.

"Registration is simple," stated the message. "Just unpack the attachment with WinZip, run the application, and follow the instructions we have provided."

When run, the Downloader program will download a program from a Russian Web site and run it. Antivirus companies identified the program as a variant of the Mimail virus. The program could be changed, but the Web site has currently been taken down by the Internet service provider, said Schmugar.

PayPal is a common target of phishing scams and has posted advice online to tell customers how to avoid becoming a victim. Customers of eBay, Amazon.com, Microsoft and banks are also popular targets of such scams.

Even a small number of successes can make such schemes worth the effort for the virus writer.

"Just like spammers, the malicious coders can make enough money to make it worth their while, if only a small percentage of folks actually fall for the ruse," said a statement from Chris Belthoff, a senior security analyst at antivirus company Sophos. "For those that do, the bad guys can completely drain their bank accounts."

Blocking any executable attachments can protect corporate users, and personal firewalls can give warning when an unauthorized program tries to download a file from the Internet. Moreover, PC users should be cautious of trusting any unsolicited e-mail, Belthoff said.

"Reputable companies do not send out files in this way, and users should think twice before they click on unsolicited e-mail messages," he said.

PAYPAL ADVICE:
Protect Yourself from Fraudulent Emails and Websites
At PayPal, protecting your account's security is our top priority. Recently, PayPal members have reported suspicious-looking emails and fake websites. These emails are not from PayPal and responding to them may put your account at risk. Please protect your PayPal account by paying close attention to the emails you receive and the websites you visit.

Please use the following tips to stay safe with PayPal:
* Safe Log In: To log in to your PayPal account or access the PayPal website, open a new web browser (e.g., Internet Explorer or Netscape) and type in the following: https://www.paypal.com/
* Greeting: Emails from PayPal will address you by your first and last name or the business name associated with your PayPal account. Fraudulent emails often include the salutation "Dear PayPal User" or "Dear PayPal Member".
* Email Attachments: PayPal emails will never ask you to download an attachment or a software program. Attachments contained in fraudulent emails often contain viruses that may harm your computer or compromise your PayPal account.
* Request for Personal Information: If we require information from you, we will notify you in an email and request that you enter the information only after you have safely and securely logged in to your PayPal account.

Often, fraudulent emails will request details such as your full name, account password, credit card number, bank account, PIN number, Social Security Number, or mother's maiden name.

If you think that you have received a fraudulent email (or fake website), please forward the email (or URL address) to spoof@paypal.com and then delete the email from your mailbox. Never click any links or attachments in a suspicious email.

To learn more about protecting your PayPal account, please review our Security Tips.


Add a Message


This is a private posting area. A valid username and password combination is required to post messages to this discussion.
Username:  
Password:
Post as "Anonymous"