Tuesday, February 14, 2012

Yikes - I got phished!

I do most of my knitting biz through PayPal, and tonight I had an email that appeared to be from PayPal that said that my credit card had been changed.  John was standing here, and I showed him the email and asked him if he changed the account.  We talked about whether that card expired.  Then I clicked on PayPal, logged in (!) and it went to a "site not found" page.  About that time, John pointed out that the url was not http://www.paypal.com/, it was http://www.paypai.com.au/ ...a fake.  The "paypai" looked like "paypal" because the font was very plain.  The fake site had undoubtedly recorded my password that I had just typed in and was ready to plunder my PayPal account and help themselves to my credit card on file!

Shakily, I hurried over to the real PayPal and immediately changed my password and moved all my balance out and into my bank account.  Now they can't get into my account because I changed the password.

I can't believe they got me!  I'm always fighting viruses at my office and I'm always suspicious of any email that suggests that you click on something...oh dear, better run and do a complete virus scan next.  And maybe a system rollback.


  1. Oh, that sucks. Any email from PayPal always has your member name :) I always hover over any links and see what the url destination is. I recently got one that did look really convincing, but then got the exact same one to my other email address, which I don't use for PayPal.
    It's the same thing with phoney bank emails. Sure, the ones for banks we don't use, I know they're spam. But when one comes in from my bank, I have to really check it out. However, my husband's bank said they NEVER send emails about security/account issues so if we ever get one, it's not real. I also think PayPal or ebay also says this--if there really is an issue with your account, it'll be in your messages once you've signed into the website.
    Hope nothing serious happened with your account!

  2. I received the same email. I always forward them to spoof@paypal.com and for eBay, spoof@ebay.com

    They usually reply and can locate the dishonest individual(s) by their IP address.

  3. Whoops! Sounds like you may have been tired to make that mistake. I get these emails from "Paypal" all the time. I never click on the link, rather I type in the real Paypal's address into my browser, and check my account information that way. I have never found anything amiss. My hubby is in cyber security, so he has trained me well. I'm even more vigilant than he is! Now you need to report that email to Paypal by including the entire header when you forward it to them. I don't know the address to email it to offhand, but you can find it on their security page. Something like phishing@paypal.com or spoof@paypal.com. Good luck! Hope it all works out, and that it wasn't too late!

  4. You managed to put a stop to it immediately. Well done!


  5. Hi, Heidi,

    It's amazing John and I did that. We know better...yes, I did forward the original email intact to spoof@paypal.com, which is their address for phishing attack reports.

  6. Phwoo! That was close!!! But you had cat-like reflexes and sprang into action! Saved!!

  7. Diana,
    I would be worried about a key logger but I am sure you have already done a system clean up. Could you tell me how I post here leaving my name? I enjoy your site as well as your videos. I am new to MK and absolutely love it. I recently upgraded to a brother 965i and am I ever having fun now!! Good thing I don't know your phone number lol. I live in Florida and the sweet lady I purchased my machine from lives 3 hours away so a lot of home study for me. Again thanks for all your teaching and advice!!

  8. Thanks for posting, the more people who know about this the less chance there is that anyone can actually manage to make any money out of it.

  9. Thanks, Harrow, exactly why I posted.

    I had another attempt last night, and this one actually said it was from paypal.com. I had to dig into the email header to see that it wasn't. In addition, there wasn't an obvious link in the email, just an announcement that the card was invalid and removed, and a link that appeared to be ordinary help screens at paypal. This one was VERY clever, but they didn't get me again. I sent it to spoof@paypal.com.

    If they can fool people like John and me, (I am the sys admin at my office, and John is an o/s programmer), they can fool almost anybody. We all need to be very suspicious. My purposes in admitting to my gullibility are (1) warn people and (2) show people what to do.

  10. Oh, yes, I ran a complete Trend Micro (client/server version) virus check and a registry restore.