PayPal Phishing Scams Getting Better and Better
Posted on March 27, 2006
Filed Under /dev/null/ | 676 views |
Every day I receive PayPal phishing scams in my Inbox and most are just plain retarded, barely worth the electrons they’re printed on. This morning, though, came a breed I hadn’t yet seen that actually made me log into my legitimate PayPal account to double-check that the info in it wasn’t real. This new scam appears to be designed to make the receiver think their Paypal account has already been stolen and is being used to buy things from Ebay that they never bought. The worried receiver is supposed to then click the Cancel link in the email, thinking they’re stopping the Ebay-based, Paypal-enabled theft, which takes them to the fake Paypal page at which point the real crime begins.
This scam email claims that I’ve bought a Creative Labs Gigaworks speaker system from Ebay and is asking me to confirm or cancel the PayPal transaction. Either option takes me to a link that executes the fake Paypal login script and the subsequent exposure of my Paypal login credentials and presumably the subsequent theft of my Paypal money and that of any bank account I have connected to my Paypal account.
This email is notable for a couple of reasons, indicating the still-growing level of sohpistication in these scams:
1. The Ebay link is real and actually does go to a closed auction for a Creative Labs Gigaworks system:
Click that link, end up at that auction and at first glance you have legitimate, real-world confirmation that your Paypal account may in fact have been used to buy that item.
2. There’s shipping information in the email to an address in the United States for a Mr. Wayne Bakewell in Brownsville, PA. As far as Google can tell there’s no one in Brownsville by that name but the presence of a real name and address gives the scam another aire of legitimacy: it puts a name and location to the supposed theft which makes it personal. It appears that Wayne Bakewell is using my Paypal account to buy things from Ebay (he’s not, for the record).
3. The final link at the bottom of the email which says “Cancel Transaction!” takes you to a script running on the legitimate web site of Mabarrack Furniture in Australia. As of this writing the link in the email is dead and thus ineffective so I can only guess that perhaps their site was 0wn3d and the script installed there to redirect?
4. The images used in the email actually come from the Paypal site. They’re real. Cick on them and you end up at Paypal.
A few signs that indicate this isn’t a real email:
1. “Cancel Transaction!” has an exclamation point in it. No online corporation worth their salt would put an exclamation point in that action (except Flickr, who use exclamation points in the wrong places like they’re crack cocaine).
2. The email address for the seller in the email is paypal@creative.com. Creative Labs is a legitimate company who make some great products - they’re not going to be selling them like this on Ebay and they’re not going to have an email address that lame for it. Unless they actually do….
3. While the From field in the email message says service@paypal.com, the Reply-Path address in the email header has nobody@finbot.com. When these two values differ it’s a pretty clear sign the email is fake.
I fully expect these scams to get more and more clever, particularly as more and more people use web-based services for financial transactions, especially as the services become more tightly-integrated with one-another. The core premise that makes this one so effective is that it is possible to pay for Ebay items via Paypal, thus it is plausible that the theft of my Paypal identity could lead to someone else buying Ebay items with it.
In all cases when receiving an email like this there are only two things to do:
First: never click any link in the email. Doesn’t matter what it says or who it’s from, don’t click the links.
Second: manually open your browser, head over to the site in question (in my case, http://www.paypal.com), manually log into your account, and check your transaction history. If you have any questions at that point, pick up the phone and give the company a call.
This cannot be said often enough: email cannot be trusted. Nothing that comes to you in email is trustworthy. When faced with the decision: “The email is legitimate and telling me I am in trouble” or “The email is lying and it is the trouble”, always err on option 2 and verify for yourself.
Comments
49 Responses to “PayPal Phishing Scams Getting Better and Better”
Leave a Reply
My parents just called me and told me about how someone had used their card to purchase speakers on Ebay.. I finally talked them into giving me the guy’s name and where he lives, with intentions of calling him and ripping him a new one.. when I googled his name, I found this site, and I am so glad! This is exACTLY what happened to them. There sure are some bad people out there!
I’m glad it could help. Hopefullyy they didn’t click the link and enter any of their private info.
Thanks for the explanation. Got the email just as you did and didn’t know what to make of it. Your advice is helpful.
I second the thank you. I got the same email, and was immediately suspicious as I have also received a number of earlier, less sophisticated variations. I googled “Wayne Baker” and got your URL as well as what may be a legitimate company (Applegate, http://www.applegate.co.uk/indexes/people/all-b.htm) where a Wayne Baker is listed.
Undoubtedly there are real Wayne Bakers in the world but note that the phishing email I got was from a Wayne Bakewell, of which there are undoubtedly also many real, perfectly criminal-intent-free versions roaming around the world. And well done to anyone smart enough to head to Google to look for more details rather than blindly fall prey to these scams.
I don’t know what the odds are but I have a brother named Wayne Bakewell who has been deceased since October of 2004.
Hi. I received the same email and forwarded it ti “spoof@paypal.com” They will look into it, There Is a Willard Bakewell at 16 Elm St Brownsville PA phone 724 785 6162.
I would imagine that he is somewhat annoyed. Thanks for the info
I got an email saying Wayne Bakewell had spent $700 at Dell.com on a new laptop.
I reported it directly to paypal.
Remember Paypal will always use you name not “dear memeber” at the start of the letter.
Happened to me, too! Did you know I just ‘Bought’ a new Dell?
Here it is:
Dear member,
This email confirms that you have paid orders@dell.com $699.99 USD using PayPal.
This credit card transaction will appear on your bill as “PAYPAL *DELL INC”.
——————————————————————————–
Payment Details
Purchased From:Dell.Inc
Item # Item Title Quantity Price Subtotal
250016390196 New Dell 6400 e1505 Intel Core Duo 1.66GHz 1GB Laptop 1 $669.95 USD $669.95 USD
Shipping & Handling via USPS First Class Mail to 154XX
(includes any seller handling fees) $19.16 USD
Shipping Insurance (optional): —
Sales Tax (6.000% inPA) : $10.88 USD
Total: $699.99 USD
Note:Thank you!
——————————————————————————–
Shipping Information
Shipping Info: Wayne E Bakewell
16 elm st
Brownsville, PA 15417
United States
Address Status: Confirmed
——————————————————————————–
If you have questions about the shipping and tracking of your purchased item or service, please contact the seller orders@dell.com.
——————————————————————————–
Do you confirm this transaction?
If this transaction was not made by you please immediately take the following steps:
Login to your account by clicking on the link below
Provide requested information to ensure you are the owner of the account
Find this transaction in HISTORY and click ‘Cancel Transaction’
CANCEL TRANSACTION!
Thank you for using PayPal!
The PayPal Team
I am naive. I was also fooled by this email. $699 for a new Dell computer. Thankfully, I was suspicious and Yahooed the name and found YOUR site outlining the details of the scam. Thank you SO much for passing along this valuable information.
I’m very glad you were able to find this before being caught up in the scam - it’s amazing the number of phishing scams like these that exist and the sophistication of them iis still growing.
Amusingly I just received the Dell version of this scam this morning with the following link as the call to action: http://aboriginaleng.com/https/www.paypal.com/cgi-bin/login.html
Obviously clicking that link and entering your personal info would be a bad idea.
Mr. Bakewell just purchased a Dell with my account, too. He is a busy guy and must have a lot of Dells by now. Thanks for posting this to help me confirm his “purchase.” I, too, was struck at the new levels of “sophistication” of PayPal scammers. The scammy link in my email goes to asiaticcommunications.com. Go figure!
Unfortunately i was stupid enough to answer this email. i’ve done almost all i could to keep him from getting access to my accounts but he’s still got my info. does anybody have any suggestions on how to stop or catch him?
I got this today. i don’t have PayPal account. But - there IS a W. Bakewell is Brownsville PA at that address. Do a peopleSearch.
Dan, sorry to hear that it reeled you in. From Microsoft, What to do if you’ve responded to a phishing scam: http://www.microsoft.com/athome/security/email/phishingrespond.mspx
Hope that helps some
I also purchased a computer from Dell for Wayne Bakewell. I called Dell and the rep told me that they had 28 transactions for him!
I got hit by the Dell scam this morning. Does anyone know if this guy is actually getting to people’s money? I reported it to PayPal, cancelled my credit card, changed my PayPal e-mail and password, called my bank, and put an alert in with the three major credit reporting agencies. Is there anything else I can do to protect myself from this person?
Does anyone know if there is technology out there to find this person? If we can find out who it is, we could file a suit.
My parents recieved this email and I have been looking into it and I found Wayne Bakewell. He is listed as a Bakewell, Willard and his number is (724) 785-6162. Ive called it a few times but it has a generic voicemail. People should either harass this guy and find out what hes up to or mabye he is just a stolen identity or something
I hope they find out who he is! I got the Dell scam too. I’ve gotten fake e-mails like this before, but this one looked VERY convincing. I was freaking out a little, then forwarded it to PayPal and hopefully they took care of it. Enought to make me think of cancelling my PayPal account altogether.
I got a hold of him and he said the police told him to tell everyone who called him to not click on the link and that he did in fact have his identity stolen. Just follow the rules of not clicking on the link and you should be okay. I hope this info gets out to everyone
It is highly, highly unlikely anyone pulling a scam of the order of magnitude this one is perpetrated on would use their own real name. Particularly if they lived in the States where the laws against this sort of fraud are severe. I suspect Mr. Bakewell is just as much a victim as anyone who falls for this scam.
The scam is not the attempt to get free stuff using your info, the scam here is to get your personal info and financial data. Chances are this scam is being run out of Eastern Europe somewhere, the same place that 90% of the world’s spam email is from.
The best thing you can do is educate anyone you know about this and help educate people with regards to this kind of fraud.
FYI -
Bakewell scam is back - just received one 30 seconds ago but now it is being redirected to:
mail.federalgroupbd.com
I should also mention that one recent strong preventative measure you can take to protect yourself against these scams is to use a web browser that flags potential phishing sites automatically. I strongly recommend that if you haven’t already, you start using Firefox 2.0 or upgrade your Internet Explorer to IE 7.
Alas us Safari users will have to wait until Safari 3.0 for these features. In the meantime I strongly recommend Mac users switch to Firefox.
By using a browser that has anti-phishing features built-in you’re adding an extra wall of protection between them and you. Lots of people are working very hard to fight back against this kind of fraudulent crap, take advantage of their efforts.
Seems we all have Mr Bakerwell in common. I click to site to cancell but was told that “Unable to locate site”. I see that is a good thing. I contacted PayPal right away and made a few changes to accounts. I checked my PayPal account everyday for a few days to make sure there was no action on it, till I hear back from PayPal. Good thing the people at PayPal are on the ball.
Alright, Mr. Bakewell just “purchased” another laptop from Dell through PayPal. I see he has been doing this with PayPal since May, 2006. Note to PayPal, when are you going to take action and get this stopped?? It’s been over 7 months this guy has been doing this to your good name and taking advantage of your customers. When is it going to stop?????
I don’t think you’re understanding the nature of the scam Jim. It actually has nothing to do with Paypal and I don’t see what they could do about it. It’s a social engineering scam, not a weakness with Paypal itself.
Wish I had done some research first. clicked on link, provided info & sent. Then the lightbulb went off in my head. Called paypal to change password & cancelled my CC. I feel like I big fool, I am always warning my mother about this.
This jerk is still out there phishing. He/she didn’t catch that Dell Laptop in my lake though. I fowarded their phishing lure to spoof@paypal.com. Better luck next time chump. I pheel (lol) bad for Mr. Bakewell though. Sucks to be him.
I got the Dell email scam. I did in fact click the link, although did not enter any details. Is this in itself a problem?
Thanks for the warning.
Will
No, clicking the link alone doesn’t seem to be a problem. I tend to click the link each time I receive one of these emails just to see the URL of the machine that’s been compromised to host it. However, I use a Mac and Safari so if the linked page does contain any exploit code that could take advantage of IE flaws, I wouldn’t notice them.
That’s not to start a Mac/PC war, it’s just prudent to be cautious with foreign links in spam when using Windows since malicious code tends to target that platform most commonly.
Thanks for the post, I got the same thing,looked it over twice then googled the name and found your post as I expected, these people stink. mine was for 39 dollars and the thing that tipped me off was: when the only link said “dispute this”
This is the latest version of Mr. Bakewell’s (or whomever) ploy scam innocent people! BTW- Thanks Mr. Happy for the information!
Dear member,
This email confirms that you have paid orders@dell.com $699.99 USD using PayPal.
This credit card transaction will appear on your bill as “PAYPAL *DELL INC”.
——————————————————————————–
Payment Details
Purchased From:Dell.Inc
Item # Item Title Quantity Price Subtotal
250016390196 New Dell 6400 e1505 Intel Core Duo 1.66GHz 1GB Laptop 1 $669.95 USD $669.95 USD
Shipping & Handling via USPS First Class Mail to 154XX
(includes any seller handling fees) $19.16 USD
Shipping Insurance (optional): —
Sales Tax (6.000% inPA) : $10.88 USD
Total: $699.99 USD
Note:Thank you!
——————————————————————————–
Shipping Information
Shipping Info: Wayne E Bakewell
16 elm st
Brownsville, PA 15417
United States
Address Status: Confirmed
——————————————————————————–
If you have questions about the shipping and tracking of your purchased item or service, please contact the seller orders@dell.com.
——————————————————————————–
Do you confirm this transaction?
If this transaction was not made by you please immediately take the following steps:
Login to your account by clicking on the link below
Provide requested information to ensure you are the owner of the account
Find this transaction in HISTORY and click ‘Cancel Transaction’
CANCEL TRANSACTION!
Thank you for using PayPal!
The PayPal Team
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and choose the Help link located in the top right corner of any PayPal page.
PayPal Email ID PP843
I got the same one exact Dell Computer purchase. I did hit the cancel transaction button. Got in touch with Paypal and the reply they emailed me was, “claim denied”.
There is also one coming out of Highland Park New Jersey. That was the second one I got but they only listed a hand cart for $28.99. I contacted the seller directly to let them know I did not purchase. So far paypal has been no help to me whatsoever, I am seriously thinking of going to my local news station because they have a consumer advocacy group. Maybe getting this guy some TV press will slow him down.
Well, it’s unlikely that the news coverage would stop the spammer since chances are they’re not in North America, but any coverage that helps educate other people would be fantastic! It’s pretty obvious a lot of people are receiving this email and being conned by it.
I received the fake Paypal email from (see above). I called Dell and they did not have any record of a purchase from me. I then googled this “Wayne Bakewell” person and found this site. I also went to the online white apges for Brownsville, PA, which appears to be an actual small town. There is a Willard Bakewell listed in the white pages of Brownsville, PA - at 16 Elm Street. The phone number is 724-785-6162. Has anyone tried calling him?
I imagine by now he’s been called a few times indeed. But don’t, it’s not his fault and he’s not involved. Ask yourself this: if you were going to perpetrate an email scam on a massive scale, would you use your a similar name and real address inside the borders of a country that won’t hesitate to prosecute you? Let’s not bother the guy any more than I’m sure he’s already been bothered.
This email confirms that you have paid orders@dell.com $699.99 USD using PayPal.
This credit card transaction will appear on your bill as “PAYPAL *DELL INC”.
——————————————————————————–
Payment Details
Purchased From:Dell.Inc
Item # Item Title Quantity Price Subtotal
250016390196 New Dell 6400 e1505 Intel Core Duo 1.66GHz 1GB Laptop 1 $669.95 USD $669.95 USD
Shipping & Handling via USPS First Class Mail to 154XX
(includes any seller handling fees) $19.16 USD
Shipping Insurance (optional): —
Sales Tax (6.000% inPA) : $10.88 USD
Total: $699.99 USD
Note:Thank you!
——————————————————————————–
Shipping Information
Shipping Info: Wayne E Bakewell
16 elm st
Brownsville, PA 15417
United States
WHO EVER THIS IS I HAVE REPORTED YOU TO POLICE DEPT, AND THE FBI
No need to shout, we’re all friends here.
Just got the one for a Dell computer. My spam filter caught it, but I opened it anyway. Then my anti-phishing filter would not allow me to open the link. The phone number referenced in earlier replies has now been disconnected. I found it on zabasearch with the Elm street address but under the name Willard.
Well it looks like I’m not alone. I recieved the “paypal statement that he had bought a Dell computor. He supposed changed my paypal password, so I will have to contact them by phone to check this and then to close my account. It’s not worth the worry and hassle.
Gail
The Dell scam is still ACTIVE. I got a notice I bought a Dell computer and would be charged to my PayPal account. PayPal had posted a notice that this is a scam. Don’t click on CANCEL TRANSACTION! It just a ploy to get you in deeper. Someday someone will catch this joker if enough pressure is put on OVERSTOCK.COM the web site he is using now.
I Recieved one of these emails too about 2 weeks ago checked with my pay pal seprately (not though the e-mail) found it even more strange,my name Wayne Bakewell,i’m from Kent and i don’t have a middle name.
Just received one for buying a computer from Dell. They have drop the ! in cancel transaction
I had canceled my paypal account 2 years ago.
It is now September 2007 and the Dell email is still going around…Just got Wayne Bakewell’s shipping info too…Got the same Dell email and completely freaked out even called Dell in India to cancel. Thankfully for me, the link was disabled so I should be alright, considering I no longer even remember the password for Paypal. I couldnt believe this!
My wife has been frantic until we found this website, we had gotten another email very similar on her other address just a few days ago, I’m glad we googled the name and came up with this site. Thanks!
Thank you for this blog. I just recieved (December 6, 2007) the DON’T PAY THIS ITEM ! Wayne E Blakewell $699.99 Laptop patpal scam. I’ve never gotten one before (guess that means I have officially lost my scam virginity). I googled key words and your blog here offered me the best and most up-to-date information to put my mind at ease.
Thank you for offering ‘defensive driving’ for the timid online set. You may not be known, but your deeds are appreciated.
Hey Chris,
Great write-up. The one thing I always suggest to friends is NEVER click on a link in an email. If you receive an email claiming something like this, open a new browser window, and go directly to the site. (do not pass go, do not collect $200) These phishing attempts use hijacked servers, hosting bogus store fronts, simply looking to capture your username and password to PayPal.
Secondly set a strong password (8-15 characters using a mix of alpha-numeric and symbols if possible, like “Ih8SpaMMers!”. If you have a good password, phishing attempts like this will make you laugh. Get yourself a password keeper (like pwsafe) to keep them around using an encrypted, password protected file. (nothing the geek squad can read when they work on your computer.)
Quit punishing (don’t call him, don’t drive by the house, don’t send him letters) the name on the email. He’s innocent of all of this. Don’t drop your paypal account, protect it. This email did not come from either of these entities; it is a scam that they have no control over.
Be safe and sane.
I have been getting e-mails all week saying someone is trying to log in to my ebay, amazon, and paypal accounts. Today I got one saying taht Wayne E. Bakewell has ordered a Dell Laptop computer and it is pending. I went to the link to cancel and it took me to the “PayPal” site. I called the police and canceled my debit cards. I’m still leary of this, but feel better after seeing this e-mail.