Issue 121 - December 2011 - Page 10
Skype TopUp Payment PayPal Phishing Scam
Email notifies the recipient that a Skype TopUp payment of 69.99 GBP has been made via his or her PayPal account.
The message is not a genuine PayPal transaction notification. It is a phishing scam designed to trick recipients into visiting a fake PayPal website and divulging their login and financial details to Internet criminals.
Detailed analysis and references below example.
Last updated: 18th November 2011
First published: 18th November 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Confirm your TopUp !
You sent a payment of 69.99 GBP to Skype (TopUp@*******.com)
Thanks for using PayPal. To see all the transaction details, log in to your PayPal account.
It may take a few moments for this transaction to appear in your account.
Instructions to merchant
You haven't entered any instructions.
Shipping address - Unconfirmed
United Kingdom Postage details
The seller hasnít provided any postage details yet.
Description Unit price Qty Amount
Online Number, 3 month subscription 69.99 GBP 1 69.99 GBP
Subtotal 69.99 GBP
Total 69.99 GBP
Issues with this transaction?
If you haven't authorized this charge, open a dispute at:
[Link removed] and get a full refund.
This email, which masquerades as a transaction notification from online payment service PayPal, claims that a Skype TopUp payment of 69.99 GBP has been made via the recipient's PayPal account. According to the message, the recipient can open a dispute about the transaction and get a full refund by following a link included in the email.
However, the email is not a genuine PayPal message. The message is a phishing scam designed to trick people into handing over their personal and financial details to scammers. The recipient has not been charged 69.99 GBP for a Skype TopUp as claimed in the scam message. In fact, the supposed charge is simply the bait used to trick people into clicking the "refund" link.
The scammers bank on the fact that at least some recipients, panicked into believing that an unauthorized transaction has been made on their PayPal account, will follow the "refund" link in the mistaken believe that they can dispute the transaction and get their money back. Those who do follow the link will first be taken to a fake webpage designed to closely resemble the genuine PayPal website and asked to login with their PayPal username and password. Once they have logged on to the fake site, they will then be presented with the following "Refund Request - Identity Verification" form which asks them to provide their credit card number and a large amount of personal information:
Any information entered on the fake website can be collected by the scammers and used for credit card fraud and identity theft. Since they have also stolen the victim's login details via the fake login page, the scammers can also hijack his or her real PayPal account and conduct further fraudulent transactions.
Because it conducts its operations primarily online and via email, PayPal is an ongoing target for phishing scammers
. Be cautious of any message purporting to be from PayPal that asks you to follow a link to supply personal or financial information. Always login to PayPal by entering the PayPal address into your web browser. PayPal has published information
on its website that helps users identify phishing scams like this one.
PayPal 'Verify to Resolve Account Limitations' Phishing Scam
Pages in this month's issue:
- Bogus Warning - Scammers Asking for Baby Details to Claim Benefits in Your Children's Names
- False Claim - Cardiff City Football Club Refused to Donate Club Shirt for Fallen Soldier's Coffin
- Summer Chain Email - Blond Hair And Blood Shot Eyes
- Facebook Account Reported Phishing Scam
- Christmas Tree App Virus Hoax
- Sears Supports Reservist Employees Email Forward
- False Claim - Colour Photographs of Hitler Taken by American Life Photographer
- Budweiser Frogs Virus Hoax
- Phone Text Message Lottery Scams
- Skype TopUp Payment PayPal Phishing Scam
- Hoax - Mark Zuckerberg Blames Facebook Porn Attack on the Philippines
- 'DGTFX Virus' Email Account Phishing Scam
- Recent Facebook Porn Attack Highlights Dangers of Misleading 'Security' Warnings
- False - Send Christmas Cards for Recovering Soldiers to Queen Elizabeth Hospital
- Christmas Cards for Recovering American Soldiers
- Starbucks Coffee Free Gift Card Survey Scam
- Facebook 'Virus' Warning - 'Nobody can watch this for more than 15 seconds' Video
- Advance Fee Scam - British National Lottery Promo Programme
- Live Ants In The Brain Hoax
- Hoax - Albany Bread Poisoned by Staff
- PayPal 'Verify to Resolve Account Limitations' Phishing Scam
- Red Bull Car Adverts Money Laundering Scam
- Hoax - Facebook Shutting Down on March 15
- False Warning - Red Dot Inside a Red Square On Chocolate Bars Indicates That Product Contains A Pork Derivative
- IT Service Desk 'Scheduled Maintenance & Upgrade' Phishing Scam
- Abandoned Two Week Old Sydney Baby Prayer Request
- Protest Message - Prison Sentence for Spray Painting Poppy on Mosque
- Protest Message - Dog Named 'Parrot' Shot by Police
- Inaccurate Protest Message - Poundland and Bodyshop Banning Staff From Wearing Poppies
- Apple Store Account Phishing Scam