PCMag Solutions Special Report: Inside a "PayPal" Scam | eWeek

PCMag Solutions Special Report: Inside a “PayPal” Scam

Verfasst von
Neil J. Rubenking
Neil J. Rubenking
May 2, 2003
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

We were mildly surprised when SiteOfTheWeek@ziffdavis.com received an e-mail asking for confirmation of its password, credit card number, and other PayPal account details (Figure 1) . PayPal is the online transaction and bill-paying service favored by millions of eBay auction users (eBay now owns the service). But our SiteOfTheWeek isnt a person and to the best of our knowledge owns neither a credit card nor a PayPal account. The message looked legitimate—the return address was paysecurity@paypal.com, and all of the visible links pointed to pages on the PayPal Web site. But the fact that the e-mail asked for a credit card number and password roused our suspicions.

Combing through the source code of the message, we discovered that its Log In button sent data not to paypal.com but to the URL http://www.paypal.com@topboost.port5.com/pp.php, which proved to be hosted by the legitimate site http://www.portland.co.uk. The URL in question was defunct by the time we checked it, but we notified both PayPal and the hosting site anyway. PayPal verified that it never under any circumstances sends e-mail asking you to enter private information. In fact, there is no legitimate reason for any site to ask that you verify or update private information via e-mail. You might be asked to log in to a secure site to prove your continued interest or update your profile—but thats all. Never supply your credit card number or other personal information in a direct response to an e-mail message!

If scam sleuthing piques your interest, you can hunt for clues as we did. The first step is to peruse the HTML source code of the message. In Outlook, right-click in the message body and choose View Source, which will open the messages source code in Notepad. In Outlook Express, open the message and choose Properties from the File menu. Click on the Details tab in the resulting dialog, click on the Message Source button, then copy and paste the message source into Notepad. Now search for http:// and verify that each URL in the message has a reasonable connection with the alleged source. You may find some .gif or .jpg links that go to advertising sites; dont worry about those. But if a links URL doesnt go where its text says it does, or if a FORM tags action connects to a site other than the alleged source, something is rotten. You can also check the message header as explained in our recent article “Heading Off Spam”. Using the techniques from that article, we discovered a spoofed IP address in the header. The header line listed compuserve.com as the source, but the IP address actually belonged to a company in Beijing.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.