<Jacob Palme <jpalme@dsv.su.se>> Sat, 10 Jan 2004 13:58:53 +0100
I received a message which is abbreviated below [and even more by PGN]:
> Received: from unknown (HELO reva) (81.196.161.141) > by 0 with SMTP; 6 Jan 2004 01:55:14 -0000 > Reply-To: "service@paypal.com" <spooff@paypal.com> > From: "service@paypal.com" <service@paypal.com> > To: <jpalme@dsv.su.se> > Subject: Account issue > Date: Tue, 6 Jan 2004 03:51:33 +0200 > > Due to concerns, for the safety and integrity of the PayPal community we have issued this warning message. > > It has come to our attention that your account information needs to be renew due to inactive members and non-functioning >mailboxes. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into > any future problems with the online service. > > However, failure to update your records will result in account deletation [sic]. This notification expires on January 10, 2004. > > Once you have updated your account records your PayPal will not be interrupted and will continue as normal. > > Please follow the link below and renew your account information. > http://https-ebay.com PayPal Service Department
When I clicked on the link, I got to a form which requested a number of personal data, including my credit card number, its security code and its PIN code! I have put up a copy of the form they asked me to fill in at http://dsv.su.se/jpalme/temp/domain-name-spam-2c.pdf
I got suspicious for several reasons:
(a) No company has ever before asked me for my credit card PIN code.
(b) This information was requested by http, not https. But with a domain name, http://https-ebay.com which might make some people believe it was actually using https.
(c) Looking up in whois indicates that the owner of the domain name https-ebay.com is a private person, not a company.
To be on the safe side, I immediately blocked my credit card, since I had entered some information before I understood this was a spoof. I also wrote to PayPal, who confirmed that the mail was not from them!
I have learnt to be more careful and suspicious in the future!