There's no reason why you need a paypal account to send an email message to spoof@paypal.com must be something else wrong. Heck I send a couple a week.
The message is a "Phish" if you (or anyone else) clicks on the link, it takes you to a look alike site that asks you to login, then it copies the name and password that you so kindly provided.
If you use any of the links in the message, or header, to report the message, it goes to a dead email address.
I get a couple a week from banks that I don't have accounts at. I get at least one a week, sometimes more from PayPal and eBay.
The two addresses to remember are:
spoof@ebay.com
and
spoof@paypal.com
The old safeharbor and other addresses are either gone, or you'll get a note saying, write to one of the above.
Option #2 - delete it and let someone else write to them, with full headers and all the information. I finally got sick of these, so I always forward every stupid attempt at trying to get my information.
ps if you look at the link, it's always to something like paypal-accounts-login (or whatever they fill in to look like plain old paypal.com) and a network that's out of the United States.
Most of these attacks come from former USSR countries for some reason. No way to get at them, maybe? The bulk of the eBay spoofs seem to come from Asia.
They must be getting enough responses to hit and run, to make it worth their while.
ps - ps the sites they link to are usually hijacked servers, so the real people behind this are not even the owners of the sites that capture the data.
Tangled Web!
|