Yet Another PayPal Phishing Scheme

Written: April 29, 2016

I’ve been a user of PayPal since the very first days, enjoying how easy it is to send and receive money by email using my credit card or bank accounts. With success comes imposters who want to trick you into believing that they are PayPal, when in fact they are scammers sending out official-looking emails that look a lot like a real PayPal message. Here’s an email that I received today from a scammer:

PayPal Phishing

The logo looks official, but there are a few things that stand out to tell me that it’s a phishing scheme instead:

  1. The from address should be service@paypal.com, but it isn’t.
  2. The first letter in the first sentence isn’t capitalized.
  3. The spacing on the sentences and paragraphs aren’t right
  4. They don’t show my first and last name.

The final two clues that this is a fake are the From email address:

From PayPal email

And the hyperlink in the email is not going to any secure paypal.com address:

PayPal hyperlink

So the moral of this story is to continue using PayPal, however just double check any email from a financial institution like PayPal before blindly clicking the hyperlink. If I were to click this phishing hyperlink I’d end up at a site that would request my login credentials, giving them directly to the bad guys, who would then probably lock me out of my PayPal account and siphon off any of my PayPal funds or worse yet, get into my linked banking accounts.

Tags: ,

Are You Using or Offering Android Pay Yet?

Written:

I pretty much love all things related to Google because they are often free and quite useful to running my business and personal tasks, such is the case with Android Pay, a way to make purchases at retail locations using your Android phone, keeping your wallet at home or in the car. What is Android Pay? Fair question.

Android Payn

To use Android Pay requires that you have an Android phone equipped with something called NFC, Near Field Communications. The NFC is a type of secure, wireless system used on both your phone and the retailer credit card equipment. Next time that you visit your retailer look at their credit card terminal for this wave symbol:

NFC symbol

Yes, that symbol looks a lot like a WiFi signal, but don’t be confused because it really stands for NFC.

Next, check if your Android phone supports NFC. On my phone I swipe down from the top, then click the icon in the upper right-hand corner to find the NFC logo, clicking the NFC logo to turn it on or off:

NFC in Android

Install the free Android Pay app at the Play store, add some of your credit cards by snapping a photo of the front side, then start using Android Pay. There are over one million stores in the US that now offer Android Pay, so expect the numbers to keep increasing because it’s a winner. In my area I use Android Pay at:

To use Android Pay I double-check that NFC is turned on, click the Android Pay app, then place my phone on top of the credit card terminal. An email receipt is automatically sent to your phone by text message, so when you get home there are no more paper receipts and it’s quite easy to see where you’ve been shopping and what the amounts are.

I’m still waiting for Wells Fargo Bank to add NFC to their ATM machines, and the state of Oregon to allow the use of cell phone ID, then I can just about live without my wallet and only use my Samsung Galaxy Note 4 phone with Android Pay.

Samsung Galaxy Note 4

Tags: , ,

How to Not Change Your Password

Written: April 21, 2016

I’ve used the free Skype app for several years now and it has allowed me to speak with other professionals in San Jose and Tokyo for free by using a computer connected to the Internet. We all setup Skype accounts, then use the app to talk on our computers instead of making expensive overseas telephone calls. Way back in 2011 Microsoft paid some $8.5 Billion to acquire Skype and they pretty much left that company alone to run their business as before, that is until just recently. I received an email update from Skype yesterday telling me that a credit in my account was becoming inactive, so I decided to login to Skype and keep my credit active.

Microsoft wanted me to login with my Skype or Microsoft account, and I selected my Skype account. Next, it showed a dialog forcing me to update my password:

Skype Password

The first time that I tried this update password procedure I was confirming my password and the dialog told me that the passwords didn’t match, however it would let me go back and update the first password, it would only let me update the confirmed password. Uh, that is a catch-22, I couldn’t proceed because I had a typo in my first password yet I wasn’t allowed to change my first password. The only work around was to revisit the site at www.skype.com and start all over.

I’m all for security and sometimes prodding web users to update their passwords to something more secure, but when you do that prodding you need to allow a web user to update any field on the form, not keep them stuck on the confirmation password field only.

I would expect a small company to make an annoying user interface mistake like this one, but not a major corporation like Microsoft which should know better about using best User Interface best practices that allow a user to change any form field at any time, for any reason.

Tags: , ,

Banking Phishing

Written: April 12, 2016

Both my business and personal banking are online, saving me time and effort to run my company and personal finances. Getting an email alert from a bank can be a bit dramatic, as I found out this morning when the following message arrived.

WFB phishing

At first glance this appears to be an official email from Wells Fargo Bank, but upon closer inspection a few things didn’t look quite right to me:

The final detail to help me realize that this was actually a phishing scam was that hovering my cursor over either button showed that the link was not going to www.wellsfargo.com, but rather another phishing web site that would certainly try and steal my real username and password to break into my real account.

Be very suspicious of any email from a financial institution like a bank, because you need to be 100% certain that the email is coming from your trusted vendor and not a scammer trying to steal your identity.

Tags:

Recent Posts

Blog Tags

Blog Directory & Business Pages at OnToplist.com