Monday, March 26, 2007

Phishing trip

Mrs C and I have just had a scary time … we’d found some
emails about the purchase of certain items by a PayPal account,
which was linked to one of Mrs C’s email addresses …. an
email address which might have been obtained from a website
I’d set up for Mrs C.

The first few emails were all about attempts to hijack my

wife’s PayPal account, by allowing someone else to link in his
email address into her PayPal account. Then there were emails
about two eBay purchases using the same account, and then
2 days ago there was yet another email about someone
having bought an Acer laptop using Mrs C’s PayPal account
…. a bill for $450 dollars was coming our way.

On these emails, there were links to PayPal or eBay, which
we were invited to use if we disputed any of these purchases.
However, when I tried clicking on the links, none of them
worked. And some of these emails were interspersed with
warnings about phishing attempts in black bold print. The
emails from PayPal looked very genuine.

I was starting to feel panicky at this point. I tried entering
Mrs C’s email address and her known passwords into the
official Paypal site, but I got nowhere. My own Paypal site
showed no recent activity at all. Had I at some time in the
past set up a PayPal account for Mrs C. with a password I'd
forgotten?

In desperation, I phoned the emergency contact number at
PayPal and told the guy at the other end what had happened.
He was very helpful and sympathetic. He told me very quickly
that there was no PayPal account linked to my wife’s email
address, and that the only PayPal account linked to our
credit card was my own. He went on to say that we’d been
victims of an elaborate phishing attempt – to get PayPal
account details out of us.

So the moral of this story is don't put up on a website an
email address that's linked to one of your bank accounts.
I feel less inclined to use online banking in future, other
than just checking my main bank account details.

4 Comments:

Anonymous Anonymous said...

You should count yourself extremely fortunate in that the phishing links had already been cut off. The solution is not to avoid online banking; the solution is to get educated on phishing and scams. Even if you avoid the computer, you can get phished or scammed on the telephone, and you can get scammed in person. You can certainly lock yourself in a closet and avoid contact with technology and people, but the practical solution is to smarten up and protect yourself in the virtual online world in the same way you do in the real world. Good luck.

8:38 AM  
Anonymous edt said...

Luckily I've not had your experience YET.
Internet banking and a very low level of internet shopping are extremity handy here in a smaller regional town, I would hate not to have the facility so its try and be secure as one can be and box on.

This site while from NZ has some interesting info, the principles of which hold true internationally. I'm sure there's the equiv in ol'blighty?

Best of Luck. Regards from a wet early winter morning in NZ.

11:48 PM  
Blogger justin said...

Thanks, Anon & EDT (the same person?). I was very lucky ... the bogus PayPal emails looked very convincing ... I became very worried indeed at the escalation of payments from our fictional PayPal account.

7:37 AM  
Anonymous edt said...

Nope twas not I m'lud...edt is not quite that blunt;)

8:46 AM  

Post a Comment

<< Home