David Fletcher wrote:
I set up an email box specifically for use with this email list just
I submitted some work to the list on Friday that I've not yet had a response
to, but what puzzles me is that today I had a genuine email from paypal to
the normal address that I set up for use with ebay and paypal, asking me to
update my credit card details because it was about to expire.
Also today to the address I set up for this list only, I received two
fraudulent emails, claiming to be from paypal and Barclays, both also saying
that my card details were about to expire, and both having http links in the
email pointing to a server at 220.127.116.11.
Has anybody else had any emails like this? I have not used this address
anywhere but with the Documentation list.
The arrival of the fraudulent emails and the legitimate email in the
same day are purely coincidence. That kind of spoofed message is very
common, and you can always safely discard them. As a precautionary
measure, I generally recommend that people never use links from emails
to visit ecommerce sites. In many clients, especially web-based ones,
you cannot rely upon any part of the link details (in the status bar or
elsewhere) to be accurate, as there are tricks to disguise the actual
destination. If you have even an inkling that the message is
fraudulent, you shouldn't even open it. It will never cause you a
problem if you miss a legitimate email from eBay or PayPal, so you don't
need to worry about missing a potentially legitimate one. You can
always manually point your web browser to their respective sites to
check in on your account if you feel the need.
There are many, many ways that email harvesters can collect your
addresses. It is likely that one of your past messages hit a public
archive and the harvesters picked up the email from there. As far as
the content of the message, this is also likely a coincidence, as that
rouse is one of the more common techniques. I would only be concerned
if the emails displayed some part of your actual card number. Think of
it this way: if they already have your information, they don't need to
trick you into giving it to them. ;-)
If you have any other questions regarding online security or email
fraud, let me know.
Patrick "The N-Man" Barnes
Have I been helpful? Rate my assistance! http://rate.affero.net/nman64/