Rush
Cool Cruncher
- Joined
- Nov 3, 2005
- Messages
- 4,129
- Reaction score
- 9
I have advocated the trustiness and integrity of the afformentioned establishments...but i am currently in the middle of a very peeing off episode.. i will try to keep things brief and short...
1. I sell 2 PC games on a sunday
2 The buyer pays promptly on the sunday
3 I post the games on the monday
4 The buyer recieves the games and leaves Positive feedback
5 I withdraw fund from paypal into my bank account
6 On the Wednesday i look and find that paypal are investigating the transaction as the buyer has reversed his payment
7 10 days elapse and Paypal favour the Buyer... my account now goes £20 in arrears
8 I change Passwords on both accounts...I contact the buyer...He says he knows nothing about it...Ebay, Paypal fault
9 I contact Ebay and Paypal (through logging in) and recieve some gibberishly spoken English reply
10 I contact Ebays spoof department ..they say its fake
11 I again and again contact Ebay and Paypal and recieve their gibberish English spoken replies that make me feel they are spoof
12 I have still not sent feedback and instruct the buyer of my plight( rather face on) and he reiterates .Its not anything to do with me...
13 AAAAAAAAAAaarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrgh
14 I am still sending Emails to them ...In the meantime i have recieved over 20 notifications from Ebay demanding my £1.61 payment
They can swivel on a sharp garden implement for me...
I dont know what else to do...Heres a link to anyone else who might be experiencing spoof emails...
The emails invariably require that the recipient log into their account using a link embedded in the body of the email. Legitimate email-links send users to their PayPal log-in screen, while scam email-links send users to a screen that looks exactly like the real PayPal log-in screen, but actually resides on the scammer's server - not PayPal - designed to collect the user's sensitive information.
In many instances, users can't tell a real email from a fake one. Apparently, PayPal can't either.
In January, I received an email with the subject header "Monthly Statement Available." The email invited me to log into my PayPal account through the link contained within and view my transactions for the previous 30 days. Having some knowledge of traceroutes and being able to check the "headers" of an email to discern it's origination point, I examined the email and came to the conclusion that it was legitimate.
Wanting to be 100 percent certain, I forwarded it, with headers, to (e-mail address removed). Several hours later, I received a response from PayPal, thanking me for forwarding this "suspicious" email and confirming that the email was not sent by PayPal. It also advised me not to "enter any personal or financial information into this website."
A bit confused, I took a second look at the email's headers, reaffirmed that the email had originated from smtp2.nix.paypal.com, and resent the email to (e-mail address removed). Again, several hours later, I received a similar response that the email was a fake.
The only conclusions that I could come to at that point, were: I evidently had no idea how to read email headers correctly, or, PayPal was sending this "stock" response to every user that sent an email to (e-mail address removed)
I saved all the correspondence, and moved on to other things.
A month later I received a similar email, with a similar subject line, inviting me to view my monthly statement online. Being curious, I checked the emails headers and compared them with the statement I had received the previous month. They were identical.
Well, I thought, this is either a legitimate email, or this scammer is very punctual. And off I sent the email to (e-mail address removed) again. Within hours I received a response from PayPal that the email was, indeed, legitimate and had been sent by the company. According to the response, "General Notification emails and Payment Notification emails are activated by default. Therefore, a PayPal user will need to set their Preferences to "not" receive these emails if they so choose." (I've since changed my preferences not to receive these.)
Again, I checked the headers, and decided that I should contact a spokesperson from PayPal and ask why two basically identical emails had been flagged differently - one as legitimate and one as a spoof - by PayPal.
To PayPal's credit, they acknowledged that there had been an error in identifying the initial email. A company spokesperson explained that links within emails make the experience easier for users to access their accounts. But what kind of experience would it be to find that my account had been drained of its funds because I guessed wrong on clicking on a link?
The point of this story is that trying to discern the legitimacy of an email is not an easy process for most users. If a company can't recognize their own emails with any degree of accuracy, how can it expect its users to? For end-users, it becomes a game of online "Russian Roulette," and guessing incorrectly could mean that your PayPal account could be breached.
The spokesperson from PayPal explained that this is still a problem and that links have been taken out of most emails to users, and coming up with a permanent solution is one of the highest priorities for the company.
Taking links out of "some" emails is no solution at all. It only adds to the confusion experienced by many users. Remove links to log-in pages from all email correspondence to PayPal users. Direct them to log in manually until a consistent solution is found.
Considering that other financial institutions, as well as ecommerce sites, have been targets of spoof email, this applies to all organizations that send emails to their customers.
If you get hoax emails pretending to be from PayPal, forward them to (e-mail address removed). If it's pretending to be from eBay, forward to (e-mail address removed).
Resources
PayPal Security Center
http://www.paypal.com/cgi-bin/webscr?cmd=_security-center-outside (Naturally you shouldn't use this link to sign in!)
eBay Security Center
http://pages.ebay.com/securitycenter
eBay Tutorial on Spoof Emails
http://pages.ebay.com/education/spooftutorial
FTC Site on Identity Theft
http://www.consumer.gov/idtheft
About the author:David Steiner is President of Steiner Associates, publisher of AuctionBytes.com. David was formerly a television producer.
Sorry Folks..its doing me head in ...GGGRRRRRRR
1. I sell 2 PC games on a sunday
2 The buyer pays promptly on the sunday
3 I post the games on the monday
4 The buyer recieves the games and leaves Positive feedback
5 I withdraw fund from paypal into my bank account
6 On the Wednesday i look and find that paypal are investigating the transaction as the buyer has reversed his payment
7 10 days elapse and Paypal favour the Buyer... my account now goes £20 in arrears
8 I change Passwords on both accounts...I contact the buyer...He says he knows nothing about it...Ebay, Paypal fault
9 I contact Ebay and Paypal (through logging in) and recieve some gibberishly spoken English reply
10 I contact Ebays spoof department ..they say its fake
11 I again and again contact Ebay and Paypal and recieve their gibberish English spoken replies that make me feel they are spoof
12 I have still not sent feedback and instruct the buyer of my plight( rather face on) and he reiterates .Its not anything to do with me...
13 AAAAAAAAAAaarrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrgh
14 I am still sending Emails to them ...In the meantime i have recieved over 20 notifications from Ebay demanding my £1.61 payment
They can swivel on a sharp garden implement for me...
I dont know what else to do...Heres a link to anyone else who might be experiencing spoof emails...
[size=+1]Soapbox: PayPal Spoofed by Its Own Emails[/size]
[size=-1]By (e-mail address removed)
AuctionBytes.com[/size]
[size=-2]February 22, 2004[/size][size=+1][/size]
eBay and PayPal users have been receiving them for years - emails asking the account holder to update their information; verify their identities; or warning them that their account was being shut down. And for years, users have scratched their heads, wondering if the email was legitimate, or an attempt by a scammer to obtain personal information. [size=-1]By (e-mail address removed)
AuctionBytes.com[/size]
[size=-2]February 22, 2004[/size][size=+1][/size]
The emails invariably require that the recipient log into their account using a link embedded in the body of the email. Legitimate email-links send users to their PayPal log-in screen, while scam email-links send users to a screen that looks exactly like the real PayPal log-in screen, but actually resides on the scammer's server - not PayPal - designed to collect the user's sensitive information.
In many instances, users can't tell a real email from a fake one. Apparently, PayPal can't either.
In January, I received an email with the subject header "Monthly Statement Available." The email invited me to log into my PayPal account through the link contained within and view my transactions for the previous 30 days. Having some knowledge of traceroutes and being able to check the "headers" of an email to discern it's origination point, I examined the email and came to the conclusion that it was legitimate.
Wanting to be 100 percent certain, I forwarded it, with headers, to (e-mail address removed). Several hours later, I received a response from PayPal, thanking me for forwarding this "suspicious" email and confirming that the email was not sent by PayPal. It also advised me not to "enter any personal or financial information into this website."
A bit confused, I took a second look at the email's headers, reaffirmed that the email had originated from smtp2.nix.paypal.com, and resent the email to (e-mail address removed). Again, several hours later, I received a similar response that the email was a fake.
The only conclusions that I could come to at that point, were: I evidently had no idea how to read email headers correctly, or, PayPal was sending this "stock" response to every user that sent an email to (e-mail address removed)
I saved all the correspondence, and moved on to other things.
A month later I received a similar email, with a similar subject line, inviting me to view my monthly statement online. Being curious, I checked the emails headers and compared them with the statement I had received the previous month. They were identical.
Well, I thought, this is either a legitimate email, or this scammer is very punctual. And off I sent the email to (e-mail address removed) again. Within hours I received a response from PayPal that the email was, indeed, legitimate and had been sent by the company. According to the response, "General Notification emails and Payment Notification emails are activated by default. Therefore, a PayPal user will need to set their Preferences to "not" receive these emails if they so choose." (I've since changed my preferences not to receive these.)
Again, I checked the headers, and decided that I should contact a spokesperson from PayPal and ask why two basically identical emails had been flagged differently - one as legitimate and one as a spoof - by PayPal.
To PayPal's credit, they acknowledged that there had been an error in identifying the initial email. A company spokesperson explained that links within emails make the experience easier for users to access their accounts. But what kind of experience would it be to find that my account had been drained of its funds because I guessed wrong on clicking on a link?
The point of this story is that trying to discern the legitimacy of an email is not an easy process for most users. If a company can't recognize their own emails with any degree of accuracy, how can it expect its users to? For end-users, it becomes a game of online "Russian Roulette," and guessing incorrectly could mean that your PayPal account could be breached.
The spokesperson from PayPal explained that this is still a problem and that links have been taken out of most emails to users, and coming up with a permanent solution is one of the highest priorities for the company.
Taking links out of "some" emails is no solution at all. It only adds to the confusion experienced by many users. Remove links to log-in pages from all email correspondence to PayPal users. Direct them to log in manually until a consistent solution is found.
Considering that other financial institutions, as well as ecommerce sites, have been targets of spoof email, this applies to all organizations that send emails to their customers.
If you get hoax emails pretending to be from PayPal, forward them to (e-mail address removed). If it's pretending to be from eBay, forward to (e-mail address removed).
Resources
PayPal Security Center
http://www.paypal.com/cgi-bin/webscr?cmd=_security-center-outside (Naturally you shouldn't use this link to sign in!)
eBay Security Center
http://pages.ebay.com/securitycenter
eBay Tutorial on Spoof Emails
http://pages.ebay.com/education/spooftutorial
FTC Site on Identity Theft
http://www.consumer.gov/idtheft
About the author:David Steiner is President of Steiner Associates, publisher of AuctionBytes.com. David was formerly a television producer.
Sorry Folks..its doing me head in ...GGGRRRRRRR
Who will buy me a drink ...any takers...? 
