Okay, it's off-topic, but I figure there are probably a bunch of PayPal users here besides myself:
I just got this rather clever message claiming to be from PayPal. > From [EMAIL PROTECTED] Wed Sep 11 22:57:03 2002 > Date: Wed, 11 Sep 2002 19:58:02 -0700 > To: [EMAIL PROTECTED] > Subject: URGENT: PayPal Account Update > From: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] The body is in HTML, but it comes out as: [bunch of PayPal images and formatting] > Dear PayPal User,<br><br>Today we had some trouble with one of our > computer systems. While the trouble appears to be minor, we are not > taking any chances. We decided to take the troubled system offline and > replace it with a new system. Unfortunately this caused us to lose > some member data. Please follow the link below and log into your > account to make sure your information is not affected. <i>Account > balances have not been affected.</i><br><br>Because of the > inconvenience this causes we are giving all users that repair their > missing data their next two incoming transfers for free! You will pay > no fees for your next two incoming transfers*. [more PayPal graphics] > <a href="http://www.paypalsys.com/cgibin/webscr/?cmd=_login-run";> > https://www.paypal.com/cgi-bin/webscr/?cmd=_login-run</a> [...] > <i>PROTECT YOUR PASSWORD</i><br>NEVER give your password to anyone and > ONLY log in at PayPal's website. If anyone asks for your password, > please follow the Security Tips instructions on the PayPal > website.<br><br>Please do not reply to this e-mail. Mail sent to this > address cannot be answered. For assistance, log in to your PayPal > account and choose the "Help" link in the footer of any page.<br> <br> I thought it sounded a little funny, but I saw a reasonable-looking "From:", so I scrolled down to the URL to click on, where I noticed it said "paypalsys.com" instead of "paypal.com" _and_ didn't match the text that would have been displayed if I were using an HTML-aware mail client. That's when I went back and noticed that "From" and "From:" don't match. The stock caution to only enter your PayPal password at PayPal's site is a nice, ironic touch. I'm pretty damned sure this message isn't legitimate. In case any other folks got it and didn't have their bogon alarms go off, take note. -- Glenn PS: As someone on another mailing list pointed out in response to this note, "paypalsys.com" was registered yesterday with bogus info to make it look like the same company as PayPal, but the IP address block winds up hosted in a different place.
