adrianc
Member of DD Central
Posts: 10,014 
Likes: 5,143
|
Post by adrianc on Nov 2, 2022 8:06:46 GMT
Yes, that's a genuine Paypal URL. It starts www.paypal.com/The bits you redacted will refer to the exact invoice that's been sent.
|
|
Greenwood2
Member of DD Central
Posts: 4,385
Likes: 2,784
|
Post by Greenwood2 on Nov 2, 2022 8:11:49 GMT
Yes, that's a genuine Paypal URL. It starts www.paypal.com/The bits you redacted will refer to the exact invoice that's been sent. Log in to your account directly and see if there is an invoice? Edit: That's what I do with the Amazon ones that say I've bought something. I know I haven't but I still check. Paranoid me?
|
|
adrianc
Member of DD Central
Posts: 10,014
Likes: 5,143
|
Post by adrianc on Nov 2, 2022 8:18:46 GMT
Yes, that's a genuine Paypal URL. It starts www.paypal.com/The bits you redacted will refer to the exact invoice that's been sent. Log in to your account directly and see if there is an invoice? Edit: That's what I do with the Amazon ones that say I've bought something. I know I haven't but I still check. Paranoid me? It'll be there, unless PP have removed it after sending the notification. It still won't be genuinely owed to the sender, of course. But that's what it relies on - the recipient assuming that it is legit and just paying it. I've recently taken on a role, "dead man's shoes", with a backlog of email. In there were a stack of scammy-looking debt collector messages. A little digging, and it turned out they were genuine, debt for a server hosting account that everybody assumed had long since been cancelled....
|
|
|
|
Post by overthehill on Nov 2, 2022 11:38:26 GMT
Yes, that's a genuine Paypal URL. It starts www.paypal.com/The bits you redacted will refer to the exact invoice that's been sent. Log in to your account directly and see if there is an invoice? Edit: That's what I do with the Amazon ones that say I've bought something. I know I haven't but I still check. Paranoid me?
Just be aware that even the sender email address can be spoofed i.e. it could be a genuine email address for a legitimate company but the email has been sent by a scammer. If you just replied to the email, it would go to the legitimate company and they would go  . The scammer is hoping that you follow a link or telephone number in the actual email. Most email providers do three different tests and if one fails it goes into Spam folder. You can see these test results in the raw email message e.g. fail flag if the email hasn't been routed through the expected mail server for a domain. Again I doubt phone apps offer this basic view option.
I don't even think most email apps on phones show the email address, just the stupid 'from display' description where a child could enter Amazon Support.
|
|
|
|
Post by batchoy on Nov 2, 2022 13:09:02 GMT
Log in to your account directly and see if there is an invoice? Edit: That's what I do with the Amazon ones that say I've bought something. I know I haven't but I still check. Paranoid me?
Just be aware that even the sender email address can be spoofed i.e. it could be a genuine email address for a legitimate company but the email has been sent by a scammer. If you just replied to the email, it would go to the legitimate company and they would go . The scammer is hoping that you follow a link or telephone number in the actual email. Most email providers do three different tests and if one fails it goes into Spam folder. You can see these test results in the raw email message i.e. if the email hasn't been routed through the expected mail server for a domain. Again I doubt phone apps offer this basic view option.
I don't even think most email apps on phones show the email address, just the stupid 'from display' description where a child could enter Amazon Support.
It could also be that sender has been phished, and the scammer has configured the senders email route replies to the email so that the sender does not see them and is thus not aware that they have been phished similarly with the out going emails. Plus the scammer could potenitally have configured an auto response confirming that the original email is real. One of the things we teach users is that if they want to confirm an email either do it with a known phone number, not one that is in the email, or if doing it by email create a new email thread and don't mention the subject of the orginal email in either the subject or content of the new email. You are correct, most mobile and tablet email apps don't show underlying email addresses and URLs, one reason why we time phishing simulations to go out after people have left for the day so that they are more likely to see the emails on a portable device.
|
|
michaelc
Member of DD Central
Say No To T.D.S.
Posts: 5,706
Likes: 2,981
|
Post by michaelc on Nov 2, 2022 13:51:49 GMT
Yes, that's a genuine Paypal URL. It starts www.paypal.com/The bits you redacted will refer to the exact invoice that's been sent. Yes its a genuine paypal url which is why I don't understand how the scam works. I don't need to log in to know it is a scam email. So I can only think that a scammer controls a Paypal account which is the recipient of this invoice? In other words, I click the url, it simply goes to Paypal which presents me with this bill. I pay it and the scammer runs away into the sun.
|
|
|
|
Post by batchoy on Nov 2, 2022 14:18:11 GMT
Yes, that's a genuine Paypal URL. It starts www.paypal.com/The bits you redacted will refer to the exact invoice that's been sent. Yes its a genuine paypal url which is why I don't understand how the scam works. I don't need to log in to know it is a scam email. So I can only think that a scammer controls a Paypal account which is the recipient of this invoice? In other words, I click the url, it simply goes to Paypal which presents me with this bill. I pay it and the scammer runs away into the sun. Thats about they way of things, its no different to invoice fraud using high street banks but potentially much easier to set up. We had a major one locally back where the scammers set up a bank account in the name of a local construction firm and then invoiced all the sites where sign boards were displayed and accompanied the invoices with a change of account notice. By the time it got reported and the bank closed the account the scammers had received and withdrawn tens of thousands pound. It should be noted this was some years back before it became harder to set up bank accounts and the banks became more liable for fraud.
|
|
|
|
Post by overthehill on Nov 2, 2022 14:58:58 GMT
Yes, that's a genuine Paypal URL. It starts www.paypal.com/The bits you redacted will refer to the exact invoice that's been sent. Yes its a genuine paypal url which is why I don't understand how the scam works. I don't need to log in to know it is a scam email. So I can only think that a scammer controls a Paypal account which is the recipient of this invoice? In other words, I click the url, it simply goes to Paypal which presents me with this bill. I pay it and the scammer runs away into the sun.
All explained here. As soon as someone forwards an email to spoof@paypal.com instead of phoning the bogus support number the account will probably be closed. No ID verification presumably on account so paypal shouldn't allow invoices. They might refund for these scams.
|
|
Greenwood2
Member of DD Central
Posts: 4,385
Likes: 2,784
|
Post by Greenwood2 on Nov 2, 2022 15:14:00 GMT
Yes its a genuine paypal url which is why I don't understand how the scam works. I don't need to log in to know it is a scam email. So I can only think that a scammer controls a Paypal account which is the recipient of this invoice? In other words, I click the url, it simply goes to Paypal which presents me with this bill. I pay it and the scammer runs away into the sun. Thats about they way of things, its no different to invoice fraud using high street banks but potentially much easier to set up. We had a major one locally back where the scammers set up a bank account in the name of a local construction firm and then invoiced all the sites where sign boards were displayed and accompanied the invoices with a change of account notice. By the time it got reported and the bank closed the account the scammers had received and withdrawn tens of thousands pound. It should be noted this was some years back before it became harder to set up bank accounts and the banks became more liable for fraud. Lucky if any invoices were paid in less than three months from receipt in the construction industry... And gone over with a fine tooth comb to see where they can pare it back!
|
|
michaelc
Member of DD Central
Say No To T.D.S.
Posts: 5,706
Likes: 2,981
|
Post by michaelc on Nov 2, 2022 15:41:01 GMT
Yes its a genuine paypal url which is why I don't understand how the scam works. I don't need to log in to know it is a scam email. So I can only think that a scammer controls a Paypal account which is the recipient of this invoice? In other words, I click the url, it simply goes to Paypal which presents me with this bill. I pay it and the scammer runs away into the sun.
All explained here. As soon as someone forwards an email to spoof@paypal.com instead of phoning the bogus support number the account will probably be closed. No ID verification presumably on account so paypal shouldn't allow invoices. They might refund for these scams.
Nice explanation thanks ! Good job mine was addressed to "Annie Walker" and contained this message below - clearly not from Paypal. I guess the real trouble comes when your name IS Annie Walker AND you have just bought an iPhone 14 for £899....... Hello, ANNI WALKER <at the top of the message>
<and this further down> Seller note to customer
According to the details you provided, your PayPal account may have been illegally accessed by some one. GBP 899. 00 has been charged from your paypal account to cover the cost of IPHONE 14 PRO MAX. This reference number will appear on the activity page in the amount that will be deducted after 48 hours. If you have any dispute on this transaction, reach us immediately at +44 808 196 3198, or reach us at PayPal Support Center for any assistance. Our Business Hours: (06:00 a. m. to 8:00 p. m. , monday to friday)
|
|
adrianc
Member of DD Central
Posts: 10,014
Likes: 5,143
|
Post by adrianc on Nov 2, 2022 15:46:06 GMT
So I can only think that a scammer controls a Paypal account which is the recipient of this invoice? Correct. Almost certainly a disposable email and account, the money will quickly be transferred out of PP, and - as you say - sunset... Remember, a shedload get sent out at zero cost, and it only needs one or two gullible muppets for the scammers to be in profit.
|
|
|
|
Post by overthehill on Nov 4, 2022 12:37:03 GMT
TikTok says staff in China can access UK and EU user data. 1 man with absolute control over 1.4B people, nothing to worry about here for the world.
|
|
benaj
Member of DD Central
N/A
Posts: 5,609
Likes: 1,738
|
Post by benaj on Nov 5, 2022 13:55:33 GMT
|
|
|
|
Post by overthehill on Nov 10, 2022 21:31:08 GMT
more cryptocrap.
FTX woes: 'I'm waiting to get £2,000 back from crypto giant'
|
|
|
|
Post by overthehill on Nov 11, 2022 19:47:30 GMT
This is how you deal with internet scammers, trolls and bots. Are you paying attention India ?
|
|
. The scammer is hoping that you follow a link or telephone number in the actual email. Most email providers do three different tests and if one fails it goes into Spam folder. You can see these test results in the raw email message e.g. fail flag if the email hasn't been routed through the expected mail server for a domain. Again I doubt phone apps offer this basic view option.