PCMag Solutions Special Report: Inside a "PayPal" Scam
We were mildly surprised when SiteOfTheWeek@ziffdavis.com received an e-mail asking for confirmation of its password, credit card number, and other PayPal account details (
Combing through the source code of the message, we discovered that its Log In button sent data not to paypal.com but to the URL http://firstname.lastname@example.org/pp.php, which proved to be hosted by the legitimate site http://www.portland.co.uk. The URL in question was defunct by the time we checked it, but we notified both PayPal and the hosting site anyway. PayPal verified that it never under any circumstances sends e-mail asking you to enter private information. In fact, there is no legitimate reason for any site to ask that you verify or update private information via e-mail. You might be asked to log in to a secure site to prove your continued interest or update your profilebut thats all. Never supply your credit card number or other personal information in a direct response to an e-mail message!
If scam sleuthing piques your interest, you can hunt for clues as we did. The first step is to peruse the HTML source code of the message. In Outlook, right-click in the message body and choose View Source, which will open the messages source code in Notepad. In Outlook Express, open the message and choose Properties from the File menu. Click on the Details tab in the resulting dialog, click on the Message Source button, then copy and paste the message source into Notepad. Now search for http:// and verify that each URL in the message has a reasonable connection with the alleged source. You may find some .gif or .jpg links that go to advertising sites; dont worry about those. But if a links URL doesnt go where its text says it does, or if a FORM tags action connects to a site other than the alleged source, something is rotten. You can also check the message header as explained in our recent article "