(Close Window)
Topic: Paypal info updates
Message: Posted by: Bernard Sim (Apr 12, 2003 10:03PM)
Hi, has anyone been contacted by PayPal asking to update personal info? I've received an email to do so. Below is what they emailed me.

"Dear valued PayPal member,

It has come to our attention that your PayPal Billing Information records are out of date. That requires you to update the Billing Information. If you could please take 5-10 minutes out of your online experience and update your billing records, you will not run into any future problems with PayPal's online service. However, failure to update your records will result in account termination. Please update your records in maximum 24 hours.
Once you have updated your account records, your PayPal session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems."

Please click [url=http://210.82.193.106/secure/PayPalSecurity=UsingSSL=0pUserId=ru=http3A2F2Fcgi1.PayPal.com2Faw-cgi2FeBayISAPI.dll3FMyPayPalLogin26pass3D7B_pass7D26userid3Dpp=check/check.html?MyeBayPreference&userid=62165&pass=b6/pwNtvmyYXtAWtLL5Hn10&first=N&sellerSort=3&bidderSort=3&watchSort=3&bidderSort=3&watchSort=3&dayssince=2&p1=0&p2=0&p3=0&p4=0&p5=00&p5=0&siteid=344%22]here[/url] to update your billing records.

Thank you for your time!
Marry Kimmel,
PayPal Billing Department team.

This site is not a secure site. If you look at the form, it requires an update on an ATM pin. Is this right? I've emailed PayPal and they were vague in their answers, in fact, they never mention anything about updates. I even had a few transactions recently. Users beware.
Message: Posted by: Phil Pearce (Apr 12, 2003 10:14PM)
Bernard,
Yes, I received a similar email a few weeks ago. It is obviously bogus. PayPal NEVER asks you for your password, etc.
If they were vague in response to your inquiry, shame on them. They are trying to not "get involved".
My advice: delete the email, and carry on.
Cheers!
Phil
:dance:
Message: Posted by: AlexWong (Apr 12, 2003 10:58PM)
Ya.. I was also cautious not to reply with any information. It may leak into the wrong hands.

Thing is... if it is a malicious hacker, how did he get our information? If our information leaked from PayPal's database, they should do something about it.

I had also emailed them, but they have not replied.
Message: Posted by: Tom Cutts (Apr 13, 2003 01:43AM)
To whom did you email?

I emailed the Security Department from the Paypal site (not this phony) and they responded very quickly and directly.

The vague response you got is probably automated or from the phonies and deliberately vague. If you check the Full Header email path with that of legit Paypal correspondence, you will find this did not come from Paypal.

To repeat from above, Paypal never asks you to re confirm your password info.

Tom
Message: Posted by: Chris Boyd (Apr 13, 2003 02:06AM)
That is so obviously a scam, it is not even funny. Asking for your ATM pin number? Are they serious? No one anywhere ever asks for the pin number never no how. It is like they are asking to be caught.

And saying that, if you do not update your account information in 24 hours, your account wil be terminated? I could cry; that is ridiculous.

Seriously, I hope no one got taken in.
Message: Posted by: Mary B. (Apr 13, 2003 09:40AM)
I got the same letter a couple nights ago. I did some poking around, and the bogus webpage is hosted by a company in Beijing, China. The domain is listed as being owned by someone from China as well. They also have a bogus page set up to collect information from eBay users as well as PayPal users.

The email I got was sent to an email address I don't even use for PayPal - they probably got it off the web somewhere. If they had access to the PayPal database, they would have used one of my PayPal emails I would think.

I sent the email, complete with headers to PayPal's security team, as well as all the other information I gathered about these idiots.
Message: Posted by: Bernard Sim (Apr 13, 2003 10:53PM)
Seems like I'm not alone. Need to be careful on future transactions. Thanks for the advice.
Message: Posted by: AlexWong (Apr 16, 2003 05:22AM)
I logged on to their main page, and used their online form to email them. That was to make sure that it went to to correct hands. I did not have the security dept's email address.

Mary : That's cool. I never thought to trace the origin... not that I know how.... all they had was an IP address on the link.
Message: Posted by: Chris Boyd (Apr 17, 2003 04:06PM)
Go to this address...

http://www.apnic.net/apnic-bin/whois.pl

and look up this IP address 210.82.193.106 using "1st level less specific" or "All less specific", not changing anything else.

That will give you all you need on them.