Earlier in our National Consumer Protection Week coverage we posted some information from PayPal’s security director about phishing scams. Now, let’s hear the other side of the story. Suzanne wrote in this morning with a true story of what it is like to fall prey to PayPal phishing scammers:
I was the victim of a "spoof" email, allegedly from PayPal. It started out innocently enough; the email was on PayPal stationery, and asked to update my account information.
Naturally, I did so, giving out my credit card number (with expiration date and "back of the card" information), bank routing and account numbers, etc.
The next day, I received a bona fide email from PayPal, indicating that my screen name had been changed! I was dumbfounded, and called immediately to inquire about the change. They gave me a purely idiotic Yahoo screen name, and informed me that I had been "spoofed."
I sweated out the night, and went to my bank first thing the next morning to cancel my account and open a new one. When I got home, I called my credit card company, and numerous charges had been made THAT DAY on the card. I explained my situation, and they agreed to cancel that account and issue me a new card. Thank goodness I was not liable for those charges!
It just seems that it’s too easy for hackers (or whatever they are) to get private and confidential information on the Internet. I just wish there were some way to verify what is a real email from a real entity that one deals with. But – the hackers are smarter than we are…
Just thought I’d vent on one, twice-widowed, woman on Social Security Disability, who cannot afford to be a victim this way.
– Suzanne W.
Unfortunately, there is no simple way to distinguish what is a "real" email these days. You can sometimes find clues in the from name or the landing page it takes you to, but phishers are getting too smarter every day. The best rule is to never respond to an email asking you to "update your account information," especially if it is supposedly coming from PayPal or eBay. If you think the email message may be valid, don’t click on the links but instead type in the URL in a new browser window yourself and then login.
Do you have a fraud or scam story to share for National Consumer Protection Week? Send us an email at tidbits@credit.com.
{ 3 comments… add a comment }
Were the people that stole her credit card number and account number and whatever else she told them prosecuted or did they ever find out who did it? I’m writing a paper on phishing and I would like to know if they got caught so I can finish my report. The report has to have a specific story && I did this one because it was really interesting. Thank you!
You do realize this was written almost 5 years ago; your chances of getting a response are very slim…
It’s alright, I asked my teacher if i needed it and he told me no. So thanks anyway!