[X4U] Not an OS X issue but ....

Linda xpressobean at mac.com
Thu Mar 12 15:19:01 PDT 2009 

On 3/12/09 5:02 PM, Ed Gould wrote:

> PAYPAL must have been hacked or I would not have been getting all
> these phishing attacks telling me to update my paypal account.

That's not necessarily true, though. I get several phishing attempts every
week, telling me to update my Paypal information -- they don't come from
Paypal, they come from people who copy Paypal graphics and hope that they
can get control of your account without having anything to do with Paypal at
all whatsoever.

> Even  
> if they weren't I find it interesting that PAYPAL would tell you to
> update my account when the account was current with all pertinent
> information.

Paypal DIDN'T tell you. The phishers told you to do this. They want you to
follow a link in the phishing email, which doesn't take you to Paypal, but
takes you to a site that records your Paypal account name and password, so
THEY can go to your Paypal account and use it.
 
> *IF* paypal was trying to communicate with me they blew it because
> there were *SO MANY* emails over a few months.

If there's a real Paypal email, you'll know it. They never, ever say "click
here". They never, ever ask for your password. They call you by name --
whatever name you used on your Paypal account. They instruct you to log into
your Paypal account the normal way. On the one occasion I forwarded a
legitimate email to Paypal as a phish, they sent me a followup email letting
me know it was for real.

> On the OTHER extreme I
> have a monthly account that pays for USENET and when my charge card
> expires I find out because I can't login and I have to set up a new
> account. I complained to them and they say they NEVER email account
> holders for any reason.

Perhaps that's their policy now (I know for a fact that it wasn't always,
because I have received email from Paypal telling me that someone at a
particular IP tried, and failed, to log into my account). If that is their
policy now, it would be so that you don't get confused with the phishing
scams. 

> I have essentially marked as SPAM any communication from PAYPAL as a
> result.  They do(did?) seem to acknowledge that PAYPAL was hacked so
> I am guessing the hack got at least members email address. No
> (erroneous) charges were ever made on my CC.

I believe they acknowledge that phishing is a problem. I don't find any
corroboration that Paypal as a company was actually HACKED. It's not that
uncommon for individual accounts to get hacked when people follow links from
within phishing emails, however, but that's not Paypal's fault.
 
~Linda

More information about the X4U mailing list