PayPal Limitation Issue (phishing scam)

This is a carefully-designed phishing scam, and that means it’s a dangerous one that has a good change of tricking people. (Read more about how phishing scams work.) Some scam messages are written in broken English, but this one is clear and so might be taken for authentic. But there are a number of minor formatting problems in it, and you’ll note especially that the “From:” address (accounts@pservice.com) is not a real PayPal address:

Date: Sun, 20 Jun 2015
From: PayPal accounts@pservice.com
Subject: Limitation Issue

***

Dеаг Vаluеd Сuѕtоmег,

ΡауΡаl іѕ соnѕtаntlу wогκіng tо еnѕuге ѕесuгіtу Ьу геgulагlу ѕсгееnіng thе ассоuntѕ іn оuг ѕуѕtеm. Wе гесеntlу геνіеwеd уоuг ассоunt аnd mаdе аdјuѕtmеntѕ геѕultіng іn thе fоllоwіng сhаngеѕ.

Unfогtunаtеlу, ассеѕѕ tо уоuг ассоunt hаѕ Ьееn lіmіtеd.

Тhеѕе аге thе ѕtерѕ геquігеd tо геѕtоге уоuг ассоunt ассеѕѕ:

– Dоwnlоаd thе аttасhmеnt fгоm thіѕ еmаіl
– Ореn thе аttасhmеnt thгоugh уоuг wеЬ Ьгоwѕег (Орtіоn: Intегnеt Εχрlогег)
– Vегіfу уоuг ассоunt

Ѕhоuld ассеѕѕ tо уоuг ассоunt геmаіn lіmіtеd fог аn еχtеndеd регіоd оf tіmе, іt mау геѕult іn fuгthег lіmіtаtіоnѕ оn thе uѕе оf уоuг ассоunt ог mау геѕult іn еνеntuаl ассоunt сlоѕuге.

Тhаnκ уоu fог уоuг ргоmрt аttеntіоn tо thіѕ mаttег, аnd wе ароlоgіzе fог аnу іnсоnνеnіеnсе thіѕ mау саuѕе.

Ѕіnсегеlу,
ΡауΡаl Αссоunt Rеνіеw Теаm

[ Attachment deactivated here: form1.html 31K Download ]

And the fact that it tells you to download an attachment (deactivated here) is a big red flag. It is through attachments like this that phishing scammers either steal your passwords or introduce malware onto your computer. Here at The Scam Hunter we document these messages to help people avoid getting caught in the fraudsters’ traps. If you’re ever in doubt about a message that claims to come from your bank or a similar financial agency, it’s always best to contact that company directly and ask for confirmation.

Discover Card Phishing Scam

“Phishing” is computer slang for “stealing passwords and private account information.” Every major bank or credit card company is a target of phishing scammers, and everyone on the Internet needs to learn to recognize phishing scams.

(See more examples of phishing scam messages.)

In the message below, which would have been sent randomly to thousands of people, you are told there’s a problem with your account and need to correct it. But if you click the link (always deactivated here for safety), you will be taken not to the official Discover Card site, but to a scam website that will try to steal your private information.

Subject: Update Your Account
From: Discover Card skipper989@verizon.net
Date: Fri, 30 May 2015

Important Notice

Warning,

Some information on your account appears to be missing or incorrect.

Please confirm your information promptly so that you can continue to enjoy all the benefits of your Discover account.

If you don’t confirm your information, we’ll limit what you can do with your Discover account.

Here’s a link to all the legal details

Validate your account Here [Link deactivated here for safety.]

Thank you for being a Discover customer.

If you ever get a message of this type and are unsure if it’s authentic, it’s always a good idea to call your bank or credit card company and ask for confirmation.

Wells Fargo Phishing Scam

Every major bank or e-commerce site (PayPal, Amazon. etc.) is used by scammers trying to “fish” for private passwords. In this latest example, customers of Wells Fargo Bank are being targeted. The scam link — deactivated below for safety reasons — will take you not to a genuine Wells Fargo website, but instead to the scammer’s website where he will try to capture your private account information.

Subject: Important Notice : Update Your Account
From: Wellsfargo
Date: Fri, 29 May 2015

Dear Wellsfargo User,

Due to our recent security checks, Wellsfargo accounts have been the target to phishers and this has raised security concerns.

We’ve taken this precaution to protect our members while we make sure that the activity doesn’t cause harm–even unintentionally–to the Wellsfargo community.

Unfortunately, you won’t be able to use your Wellsfargo account in any way. To regain your access update your Wellsfargo account We appreciate your understanding

Click Here To LOGIN TO BEGING THE PROCESS [Link deactivated for safety]

Thank you,

Wellsfargo Security

2015 Wellsfargo Inc. All rights reserved & Co

If you ever get an unexpected message from your bank or from another financial services company, it’s always a good idea to check by phone to see whether the message is legitimate.

USAA Bank Phishing Scam

Scammers try to gain access to your bank account by “phishing” for passwords. They send messages like the one below, which look like they are official messages from your bank. But the return address and the link in the message are fake, and point to the scammer’s website. If you fall for the trap, you end up entering your private information on the scammer’s website, and then he can empty your bank account.

From: “USAA” info@tasdelenemlak.com
Subject: Action Needed: New Message from USAA Bank
Date: Thu, 14 May 2015

USAA Account Update

Your account has been restricted due to suspicious account activities.

-Abuse & Terms of use issues

There are series of issues about misuse and theft of account information. To regain full access to your account, you are to download the attached secured USAA file in this email and fill in the required columns in order to restore access to your account. Further proof of identity may be required before online access is restored. This reduces the risk of others accessing your information from your unattended computer.

-USAA Account Update [scam link deactivated here]

Safeguarding your information is a priority for USAA. That’s why we offer our members different levels of security that gives you the most peace of mind.

We value your business and the opportunity to serve all your financial needs.

Thank you,
USAA

Here at ScamHunter.org we document and post copies of scam messages like these so readers can avoid getting ripped off by scammers. Study the resources we have available on our website to keep yourself safe from online scams.

Faculty Staff Email Scam

Phishing scams work by tricking you into giving private information to the scammer — your passwords or account numbers — which the scammer then uses for malicious purposes. This phishing message, probably blasted to thousands of people, tries to get you to enter your account information on a phony website (deactivated here for safety). If you fall into the trap, the scammer will gain access to your account.

From: “Lynch, Regina” Regina.Lynch@kellerisd.net
Date: Thu, 14 May 2015
Subject: RE: FACULTY STAFF AND STUDENT EMAIL FERIFICATION

Faculty/Staff/ Survey

With the strengthening off our security system and improving your mailing experience, Help Desk requires all faculty and staff, to Complete this survey by filling out the requirements correctly; to participate on survey click
[ bravenetwebbysite221.bravesites.com/#builder ]

********************
HelpDesk,
Approved

We document scam message like these here at ScamHunter.org so people all around the world can learn to avoid them. Share our scam alerts with your friends and colleagues today.

PayPal Scammer bassimo.brazil4@hotmail.com

Scammers go where the money is, and PayPal is such a successful online payment system that it naturally attracts scammers who try to cheat legitimate PayPal users out of their money. This is the second copy we have received recently of more or less the same PayPal scam message, although it uses a different phony link (deactivated here for safety). The broken English, the hotmail.com return address, and the fake link that has nothing to do with PayPal are all clues to the criminal intent of the sender.

From: Reseller Customer
Reply-to: bassimo.brazil4@hotmail.com
Subject: Your_account_is_currently_unable_to_use
Date: Mon, 04 May 2015 17:52:09 +0000 (UTC)

Update your Pay Pal Account.

Dear Member, We have faced some problems with your Pay Pal account Please Update your informations within 24h,

If you drop this email your account will be desactivated soon.To update your billing information, Confirm that you’re the owner of the account, and follow the instructions.

Thank you,

Pay Pal Support

[+] Copy This Link In Another Tab To Remove This Limitation:
[ paypal-security.skil.cagdashcizgi.com/Login ]

Past the link below to open a new secure browser window.

PayPal Phishing Scam

This is a standard phishing scam message, designed to steal your PayPal password and account information, but it’s so badly written it’s hard to believe it could fool anyone. Why would a PayPal official be sending messages from a hotmail.com account? Why would you have to go to “impactomilitar.com.br” in Brazil to fix a problem? (The scam link has been deactivated here for safety.) The people who send these messages send thousands of copies, though, so they only need one or two people to fall into their trap in order to make money from the scam.

From: Reseller Customer bassimo.brazil3@hotmail.com
Reply-to: bassimo.brazil3@hotmail.com
Subject: Confirme_your_identity
Date: Mon, 04 May 2015 09:29:21 +0000 (UTC)

Update your Pay Pal Account.

Dear Member, We have faced some problems with your Pay Pal account Please Update your informations within 24h,

If you drop this email your account will be desactivated soon. To update your billing information, Confirm that you’re the owner of the account, and follow the instructions.

Thank you,
Pay Pal Support
[+] Copy This Link In Another Tab To Remove This Limitation :
[ paypal-security.skil.impactomilitar.com.br/new/ ]
Past the link below to open a new secure browser window.

Navy Federal Credit Union (scam alert)

This is a typical example of a password phishing scam message, and it came with an attachment — something you should never open unless you know and trust the specific sender. (The attachment is deleted here for safety.) Scammers blast thousands of messages like this to random email addresses in the hope that someone will fall for the trick and enter their account information as requested on a fake website that has nothing to do with the actual bank. Once the scammers have your bank account number and password they will proceed to empty your account and then disappear.

From: Navy Federal alerts-CelyWLn@navyfederal.org
Subject: Suspicious Account Activity Reference
Date: Thu, 30 Apr 2015 04:35:32 -0400

We have reason to believe that your Navy Federal Credit Union Banking Card may have been compromised. We have attempted to contact you by phone to speak with you personally but have been unsuccessful. As a precaution we have reduced your daily purchase limit. We now need to re-confirm your account information with us.

Please verify your identity immediately in order to confirm your recent account activity and restore your purchase limit.

You will need to download and open the document attached to this e-mail in order to verify your records. Please follow the instructions from the document.

We document scam messages like this here at ScamHunter.org to help people avoid getting caught in fraudsters’ traps. Please share this scam alert with your friends today and do your part to help fight online scammers!

Faculty and Staff Login Verification (scam)

This is a standard phishing scam message, designed to steal your passwords or account information. (We have deactivated the dangerous link, as we always do here at scamhunter.org.) Phishing messages are often sent from hacked email accounts, so you should always assume than any real person named in the message isn’t connected with it (and probably doesn’t even know the messages are going out from their hacked account). Messages of this kind work by tricking you into visiting a phony website — “bravenetwebbysite33” in this case — and then telling you to enter your username and password. The scammers then take your username and password and use them for their own nefarious purposes.

From: “Dzen, Jennifer” jdzen@swindsor.k12.ct.us
Subject: RE: FACULTY $ STAFF LOGIN VERIFICATION
Date: Tue, 28 Apr 2015 15:54:36 +0000

Faculty/Staff/ Survey

With the strengthening off our security system and improving your mailing experience, Help Desk requires all faculty and staff, to Complete this survey by filling out the requirements correctly; to participate on survey click SURVEY http://bravenetwebbysite33.bravesites [ . . . ]

********************
HelpDesk,
Approved

Webmail Account Scam

Lots of people have probably created free accounts on various websites and then just abandoned them for lack of interest. Maybe you created a free account at Yahoo, or Google, or some other service a long time ago and have just never used it. One scam method takes advantage of this common behavior and tries to get you to give away your secret passwords. Of the thousands of people who receive the message below, a few probably do have Webmail accounts. If they respond, thinking that their service may get canceled, the scammer will gain access to their private account, and can then engage in who-knows-what nefarious activities.

from Account User maintains@ymail.com
reply-to maintainsite07@ymail.com
date Sat, Mar 27, 2010 at 10:06 AM
subject Attention: Account User.

Account Alert
Dear Valued Member

Due to the congestion in all Webmail users and removal of all unused Webmail Accounts,Webmail would be shutting down all unused accounts,You will have to confirm your E-mail by filling out your Login Info below after clicking the reply botton, or your account will be suspended within 72 hours for security reasons.

UserName: ………………………………
Old Password:………………………………….
New Password:……………………………………..
Date Of Birth: …………………………………..
Country Or Territory:…………………………

After Following the instructions in the sheet,your account will not be interrupted and will continue as normal.Thanks for your attention to this request. We apologize for any inconvinience.