Gut Rumbles

January 18, 2006

who do I trust?

Yeah, I KNOW that should be "Whom do I trust" to be gramatically correct, but "whom" is one word I wish we would get rid of. Just like the stupid rule that says "never end a sentence with a preposition." Isn't THAT just about the dumbest rule of which you ever heard? By whom up was that one thought?) But I digress...

The point of this post is a disturbing string of emails I have received from Paypal. Someone in Europe appears to be trying to use my PayPal account for nefarious purposes--- namely buying something and charging it to me. I HAVE an account, but I haven't used it in quite a while, and most assuredly NOT in Europe.

I checked my account and Paypal has blocked all the bogus transactions. Good for them. But I also received an email ALLEGEDLY from Paypal asking me to send them my password to confirm my account. Call me paranoid, but I balked at doing that.

How do I know that I'm REALLY dealing with Paypal? How do I know that it isn't the THIEF trying to fool ME so that he can turn around and fool PAYPAL? How do I know that the insidious, greedy hands of GOVERNMENT aren't behind the whole scam? How do I install a Paypal button on my sidebar so that I can start blegging for tips and make sure that the money actually comes to ME instead of to some thief or to the government??? See? I was ALL kinds of confused.

I took the coward's way out. I snuck into Paypal through Google, found my account and changed my password. I'm pretty sure that I ended up in the right place that way.

Hey! Thief! The new password is "gofuckyourself."

I gotta admit one thing. If all the emails were legitimate, Paypal must have pretty good security. The would-be thief didn't score anything.


You did the right thing,
I get that junk all the time, never follow those links they do not go to Paypal.
It never hurts to check your Paypal and now that you mention I am going to check both of mine as soon as I get home.

Posted by: Starhawk on January 18, 2006 05:03 PM

No legitiment company (credit card, retailer, etc.) would ever contact you and ask you for your personal information.

They might give you a link to a page on their actual site and from there you would be told what was going on and why.

The safest thing would be to go to the URL that you KNOW is Paypal and take it from there, talking to customer (non)service or "whom" ever you desire.

Posted by: virgl on January 18, 2006 05:06 PM

It's called "phishing"... it LOOKS like it comes from PayPal, but it doesn't. They're trying to fool you into sending them your account info.

Always type a URL for any online account information in yourself. DO NOT click on a link in email, it can redirect you to bad guys.

Internet safety 101.

Posted by: Pascale Soleil on January 18, 2006 05:18 PM

DO NOT EVER give your account info to ANY e-mails supposedly from Paypal. FWD the e-mail to and they'll send you an e-mail back telling you if the "fake" e-mail is legit or not. I get those spam e-mails all the time and NONE have ever been real. I fwd them to paypal every time. Also, Paypal will use your full name to address you in the e-mail. If it just says your e-mail address an no name, it's not from Paypal.

Posted by: Sam on January 18, 2006 05:20 PM

Yep. It's a rip. Scared the crap out of me til I figured it out.

Posted by: Bane on January 18, 2006 05:26 PM

1) Check the mail headers to see where it came from. If the originating mail server isn't, it's probably fake. Your mail client likely has a "view full headers" option somewhere.

2) Turn off html and rich text formatting in your mail client. That way, fake links are quite obvious to spot.

Posted by: Mr. Lion on January 18, 2006 05:56 PM

No legit company is going to ask for your password by email. There should be an 800 number for you to call somewhere.

Posted by: Kelly on January 18, 2006 06:37 PM

Rob, Damn! I almost spat my Johnny Walker Red (with Diet 7Up) onto the screen. You are killing me with laughter.

Posted by: Tom H on January 18, 2006 07:13 PM

I had this happen to me once. I contacted paypal directly (not through the email) and got this as the response:

PayPal and its representatives will NEVER ask you to reveal your password.
There are NO EXCEPTIONS to this policy. If anyone claiming to work for
PayPal asks for your password under any circumstances, by email or by
phone, please refuse and immediately contact us via webform at

Thank you for bringing this incident of suspicious activity to our
attention. PayPal will investigate this activity immediately and contact
you further if any additional information is required. We appreciate your
concern and Thank you for making PayPal the most trusted online payment

The scam email stopped arriving after I reported it.

Posted by: Jaime on January 18, 2006 07:54 PM

Winston Churchill's famous tongue-in-cheek rebuff to a women who had ended a sentence with a preposition:

"Madame, that is precisely the type of language up with which I will not put!"

Posted by: Carroll Brown on January 18, 2006 10:17 PM

Even better...

I get those phishing spoof emails from ebay AND paypal to my gmail account, which isn't linked to either.


Posted by: Cythen on January 19, 2006 12:08 AM

Carroll, actually it's "....shall not put", and it sure is a great line!

Posted by: Ed on January 19, 2006 09:31 AM

I'm in Europe
I did it.
I'm doin' it.
Robo's mine.
Gonna own his ass.
Toast, he is.

Posted by: James Hooker, Chancellor of the Exchequer on January 19, 2006 02:18 PM

No legitimate site will ever ask for your password for any purpose. I get a lot of those bogus babies for ebay and

Posted by: A Different Kim on January 19, 2006 04:25 PM
Post a comment

*Note: If you are commenting on an older entry, your
comment will not appear until it has been approved.
Do not resubmit it.