Is this a legit paypal email?

  • Wanna Join? New users you can now register lightning fast using your Facebook or Twitter accounts.
Dec 30, 2002
885
0
0
#1
First of i got like six of them all saying the same thing. I don;t think it is real, but i aint to sure. There is also an attachment. here:





Subject :
Problems with your PayPal account.

Date :
Mon, 17 Nov 2003 20:48:48 -0400 (EST)

Attachment : InfoUpdate.exe (19k)
Reply Reply All Forward Delete Put in Folder...InboxSent MessagesDraftsTrash CanBARTda boysmacamillionremindersSites Printer Friendly Version


Dear PayPal member,

We regret to inform you that your account is about to be expired
in next five business days. To avoid suspension of your account
you have to reactivate it by providing us with your personal information.

To update your personal profile and continue using PayPal services
you have to run the attached application to this email. Just run it
and follow the instructions.

IMPORTANT! If you ignore this alert, your account will be suspended
in next five business days and you will not be able to use PayPal anymore.

Thank you for using PayPal.
 
Apr 23, 2003
289
3
18
#5
http://story.news.yahoo.com/news?tmpl=story&cid=1093&e=1&u=/pcworld/113478

New Virus Appears as PayPal Scam
Mon Nov 17,12:00 PM ET Add Technology - PC World to My Yahoo!


Lincoln Spector, special to PCWorld.com

If you get an e-mail message warning you that your PayPal account is about to expire, don't open it. If you open it, don't double-click the attachment. If you double-click the attachment, don't complete the form asking for your credit card information. And if you do fill in the form, call your credit card company immediately.


• Virus Writers Dismiss Microsoft's Bounty
• Microsoft Puts Bounty on Virus Writers
• Virus Experts Ask: What's in a Name?
• Predicted Sobig.F Attack Misses Deadline
• Sobig.F Breaks Speed Records





Multimedia Cell Phones
Get the right one for you, plus best hybrid phones and great phone games.





And don't blame PayPal. The problem is an e-mail virus, Mimail.I, first spotted on November 13. Most viruses are sick jokes; this one's out to steal your money.

How It Works

Mimail (pronounced "my mail") arrives in an e-mail that appears to be from PayPal. In very convincing language, it states that your account will expire soon unless you resubmit your credit card information. "We apologize for any inconvenience that this may cause," the text politely reads.


The letter even appears concerned about your privacy: "Please do not send your personal information through e-mail, as it will not be as secure." Instead, it asks that you run the attached program. That's where you enter your valuable information, which it then sends to four different e-mail addresses.


It also scours your hard drive for new e-mail addresses to send the same bogus message. These messages, like the one you got, are "spoofed" to appear as if they came from PayPal.


"It appears to be another step in the advancement of spam," says David E. Sorkin, an associate professor with the Center for Information Technology and Privacy Law, at John Marshall Law School. "A few months ago there was talk about spammers using viruses to send spam. Now they're using them for fraud."


Bryson Gordon, senior product manager for McAfee's Security Consumer Division, finds this "far more sophisticated in social engineering [than previous worms]... We're starting to see marked change in the battle with viruses: a worm for profit."

Slow-Moving Pest

Luckily Mimail hasn't spread very far--at least not yet.


"It's not a major event. We're seeing less than a hundred infections overall," says Vincent Weafer, a senior director at antivirus vendor Symantec Security Response.


As Weafer notes, that can change. "103259 Klez sat around for about a week and then shot up," he says. But he doubts this one will spread like Klez. Mimail is a "relatively easy one to explain. You can say 'If you see this, delete it.'"


But justice is not likely to be served. According to Weafer, the culprits will get caught "Only if they're stupid." The logical trail to follow, of course, is the four e-mail addresses embedded in the code, but it's possible to set up anonymous e-mail accounts without identifying yourself, or set up an account with a stolen credit card.

What to Do

One thing is for certain: We'll see this sort of trick again, so it pays to take precautions.


Be suspicious of any e-mail that asks for personal information, security experts advise.


PayPal promises it "will never ask for your password or account information in an e-mail," and most other companies on the Internet do likewise. If an e-mail message contains a link to a form, examine the URL closely--it could be just one letter away from the correct domain name.


Report suspicious e-mail to the company that is allegedly its source. PayPal has an e-mail address, [email protected], for just this purpose.


And, of course, keep your antivirus applications and definitions up to date. Users of Symantec's Norton AntiVirus products, as well as security programs from BitDefender and Network Associates, were able to download the appropriate protection by last Friday morning. In addition, both BitDefender and Network Associates offer free Mimail fixes on their Web sites.









good luck