Paypal Scam Alert!

March 8, 2008 – 2:21 PM

Do you have a Paypal account? If so, then you need to be aware that, once again, someone is trying to steal your password.These scams are usually easy to spot because Paypal always logs you into your account using a secure page (https:// means secure). In this case, however, the con artist has registered a certificate for use on a secure connection. He has also disguised his web address to make it appear as if it led to Paypal’s web site.

Occasionally you may have come across a page on a web site that asks you to log in using a network password (example). You type in your user name and password and click OK to gain entry. There is a way to avoid having to enter your user name and password. You add your user name and password to the beginning of the internet address. http://my_name:[email protected]/passwd_protected/ is a good example of this.

The scammer’s email gives you a link to, but it includes a user name and password for a password protected directory, and the user name happens to be This is the same cute trick used recently by a browser hijacker to fool people into thinking they were loading the web page linked in the email, there is a login form. If the victim fills in their password, they give this scammer their Paypal password, and his script combines that with their email address. After submitting the form, the cgi script redirects the user to the real Paypal login page. This is done in hopes that the victim doesn’t notice anything suspicious. The victim may not realize that anything is wrong until they get the email receipt of the scammer cleaning out their account.

Please, pass this warning along. Too many people fall victim to these scams, and this one is very convincing.


You must be logged in to post a comment.