Earlier in our National Consumer Protection Week coverage we posted some information from PayPal’s security director about phishing scams. Now, let’s hear the other side of the story. Suzanne wrote in this morning with a true story of what it is like to fall prey to PayPal phishing scammers:
I was the victim of a "spoof" email, allegedly from PayPal. It started out innocently enough; the email was on PayPal stationery, and asked to update my account information.
Naturally, I did so, giving out my credit card number (with expiration date and "back of the card" information), bank routing and account numbers, etc.
The next day, I received a bona fide email from PayPal, indicating that my screen name had been changed! I was dumbfounded, and called immediately to inquire about the change. They gave me a purely idiotic Yahoo screen name, and informed me that I had been "spoofed."
I sweated out the night, and went to my bank first thing the next morning to cancel my account and open a new one. When I got home, I called my credit card company, and numerous charges had been made THAT DAY on the card. I explained my situation, and they agreed to cancel that account and issue me a new card. Thank goodness I was not liable for those charges!
It just seems that it’s too easy for hackers (or whatever they are) to get private and confidential information on the Internet. I just wish there were some way to verify what is a real email from a real entity that one deals with. But – the hackers are smarter than we are…
Just thought I’d vent on one, twice-widowed, woman on Social Security Disability, who cannot afford to be a victim this way.
– Suzanne W.
Unfortunately, there is no simple way to distinguish what is a "real" email these days. You can sometimes find clues in the from name or the landing page it takes you to, but phishers are getting too smarter every day. The best rule is to never respond to an email asking you to "update your account information," especially if it is supposedly coming from PayPal or eBay. If you think the email message may be valid, don’t click on the links but instead type in the URL in a new browser window yourself and then login.
Do you have a fraud or scam story to share for National Consumer Protection Week? Send us an email at firstname.lastname@example.org.