Regular readers here are smart people – very smart people. Over the last few years I’ve come to know many of them. And, none better than John Bent – my good buddy from the UK. In fact, John is the third leading commenter on this site.
I don’t mind saying, that I look forward with some anticipation to John’s comments – he is, in a sense, a writer in disguise. And, a good one at that. But, best of all, John’s comments invariable hold more than a nugget of cyber wisdom.
The following comment (from earlier today), sets out how John – a super user – responded to a PayPal account phishing email. There’s a strong lesson to be learned here – for all of us.
Hi Bill,
Re:https: Fake “confirm PayPal Account” email leads to phishing.
The version I received told me that my account had been changed to “limited” status, because of “suspected invalid use by a third party”. The cheek of these people!
I have to say it was a very good imitation, so I took it seriously enough to open a new browser window to check my account directly, NOT via the link in the email. Surprise, surprise – no mention of my account being limited.
While I was on their site, I found the address to forward suspected phishing emails to; I know, I ended a sentence with a preposition, so sue me. I always make a point of forwarding these emails to the appropriate address; a link to this can usually be found on the home page, not always easily.
I guess they do not want to highlight this problem too clearly, probably regarding it as the customer’s problem rather than theirs; how’s that for customer service?
If I still had any doubts, the sender’s email address was a complete giveaway; no mention of PayPal anywhere. One final thing, if this kind of email is genuine, it usually addresses the account holder by name and will NEVER ask you to click on a link and input sensitive information.
Kind regards
John
The sidebar on this site sets out the following – “Comments are an important feature of this Blog.” John’s comment is a perfect example of how one reader’s comment can be a teaching moment for others.
Thank you John for taking time to fill in the blanks.
Updated – July 30, 2012.
Heads up on another attempted PayPal scam. This one was confirmation of a supposed payment to Skype of £46.49 gbp. Thoughtfully a link was provided so that I can raise a dispute if I have “issues” with the payment. This is, of course, a devious way to harvest your login details so that the scamscum can actually take money from your account
Of course I know I’ve never paid anything for Skype and a quick check on my account confirmed this.
Bill Mullins' Weblog - Tech Thoughts 
Pingback: HIGHLY RECOMMENDED: An Internet Security Blog For Home Based Computer Users and Experts Alike « What's On My PC
Thanks Rick.
Bill
liked this information a lot, thank you very much for that.
Sure.
Glad it helped.
Bill
Hey Bill,
I think I might have received that very same email in the past. Trouble is, I don’t use Paypal lol.
Seriously though, John’s way of dealing with it is spot on. Good advice.
Cheers
Hey Mal,
PayPal has 350 Million+ users but even so, can you imagine the number of spam emails that go out over and above that number? Boggles my mind. No postage required – just a bunch of neanderthals who don’t know that their personal machine have happily joined a bot net. 🙂
Yeah, John has it down perfect. If only the neanderthals would come out of their cave and pay attention.
If only the Moon was made of Swiss cheese. If only….. Yeah, right. lol
Best,
Bill
Reblogged this on Poch Peralta.
Hey Pochp,
Thank you, my friend. Trust all is well with you.
BTW, I was on your site a few times this past week – most impressed with all your hard work.
Best,
Bill
Hi Bill,
As ever you are far too kind, especially as most of what I know from a security point of view, I have learnt from your good self. Still your comments are much appreciated.
I have to say I continue to despair. I was told by a good friend the other day that her daughter uses “1234” as her bank password; seriously, can you credit it? This was no time to mince words and I told her how stupid her daughter is being and followed up with some basic advice. After about ten seconds her eyes started to glaze over and I knew I didn’t have, or even interested, audience. It is this kind of crassness and “it’ll never happen to me” attitude that the bottom-feeding scum thrive on.
Kind regards
John
Hi John,
“her eyes started to glaze over and I knew I didn’t have, or even interested, audience.” Now where have I seen that before? Oh yeah – every time I’m asked to recommend a security procedure.
There are times when I want to pick up a big stick, and beat these people black and blue. But, one must maintain a sense of decorum. Besides which, handcuffs are not my favourite jewelry accessory. Almost always class with the apparel of the day 🙂
Best,
Bill
Hi Bill,
Should have read “I knew I didn’t have a concerned, or even interested, audience.”.
Must start reading my posts before clicking on “Post Comment”. Comes of trying to type while watching Anna Ivanova at Wimbledon.
Kind regards,
John
Hey John,
Not to worry – I can see how you might find Anna “distracting.” 🙂
Best,
Bill
Thumbs up, John. 🙂 I guess you can be happy you weren’t watching Anna Ivanova when that email came in. …..
Here’s another story that almost ended up sad..:(
“I’ve been working with computers for 17 years now — and I am aware of almost all of the tricks. But I almost fell for this one. The moral of the story is — anyone can be tricked. Be careful. Be wary.”
Hey someone is saying really bad rumors about you…Beware of this fake Twitter message | Cloudeight Information Avenue
Hi delenn13,
I was so distracted I even got her name wrong she is, in fact, Ana Ivanovic. Sadly she’s out of Wimbledon now, as is Maria Sharapova. Couldn’t watch Maria because of the horrible sounds she makes and it’s not the same with the sound off.
The story you quote is a great reason for using a password manager to log in to sites. An unexpected security benefit.
Regards
John
@John,
Yes, and this is the wrong but best Ivanova I know..Babylon 5: My quite personal top 10 of Susan Ivanova I know it’s long..but at least watch the one where she performs “Human Sex”. Then there is one where she claims “God sent me” or “Ivanova is God”. Wow! Come to think of it. i am surprised They limited it to 10. 🙂
Hi delenn13,
2 comments on “Human Sex”. 1: I’ll have what she’s having. 2: Did the “guy” remind you of a certain W.Mullins on a bad day? Sorry Bill 🙂
Thanks for an excellent link.
Regards
John
lol!!
Nicely done John. When the shoe fits…………… 🙂
Oh, I’ll have some of what she’s taken as well. Seems to work to perfection. 🙂
Best,
Bill
Yes, I am back. Glad you both enjoyed the video. 🙂 CC(Ivanova) was in the UK there for a while doing a sci fi TV show. Not sure where she is now.
Hey Delenn13,
That was a bit different – enjoyed it though. 🙂
Best,
Bill
Hi Bill,
Still off topic and on Wimbledon; I have a new favourite in Agnieszka Radwanska from Poland. Such a clever, understated and subtle player; took a set off Serena Williams in the ladies’ final. The complete antidote to much of what the ladies’ game has become lately. No huge serves, baseline bashing or shrieking.
Have to congratulate Serena on her 5th Wimbledon title after all she’s been through, though.
Kind regards
John
Hi John,
Didn’t see much of this year’s, but I did see that Serena blasted through the final. 5th title – amazing. I echo your congratulations.
Yes, the shrieking bit is just craziness. Turned me away from the game. We need to get back to the era of gentleman players – ala Rod Laver and the like. I think I’m dreaming, though.
Oh, I better throw in Billy Jean King, just in case. 🙂
Best,
Bill
Reblogged this on suryadihafid.
Thanks Suryadihafid.
Bill
Hi Bill,
Heads up on another attempted PayPal scam. This one was confirmation of a supposed payment to Skype of £46.49 gbp. Thoughtfully a link was provided so that I can raise a dispute if I have “issues” with the payment. This is, of course, a devious way to harvest your login details so that the scamscum can actually take money from your account
Of course I know I’ve never paid anything for Skype and a quick check on my account confirmed this.
I would have attached a screenshot of the body of the email but could not see a way to do that, so I’ve sent it to you in an email. As you will see, there are several other clues that this is not a genuine email, all of which are described in my original piece.
Kind regards
John
Hi John,
It’s a bloody good one – sophisticated and very crafty. I’ll hazard a guess, that this one will have a rate of response that will generate major $$$$ for the bad guys.
I’ll update the previous post – and include your screen capture, shortly.
Best,
Bill