Beware! Large-Scale PayPal Phishing Attack Has Started!

A couple of minutes ago we received an info about a new phishing attack campaign. We don’t know who it’s made by but what we do know is that the good name of TemplateMonster is being involved into this in order for the “victims” to believe in what the criminals are trying to do. So right now we are informing you of this scheme in order for you to be able to identify it and therefore to protect yourself from becoming a victim. You may receive an email from help@servicepaypal.com informing you that you have purchased a template from TemplateMonster using paypal (even though you didn’t purchase anything – or at least did’t purchase this particular item with this transaction id). Plus there’s a “dispute transaction” link leading to something that may first seem a PayPal login page – but in fact it isn’t. That’s done in a typical spam fashion as they send these messages to everyone regardless of whether a person knows about TemplateMonster or not, with a plan that this person will want to dispute the transaction that he/she didn’t authorize (even though in fact there was no such transaction).

Now here comes the most important part – once you click the “dispute transaction” link and type in your PayPal email address and a password there you may kiss your real PayPal account goodbye because you’ve just shared your personal data with people who will not appreciate your trust and use it against you. What is also worth saying is that the “dispute transaction” link does not even use the paypal.com domain – that’s how you can tell it’s fake. The rest looks just like genuine PayPal page. Here’s what the fake URL looks like:

Please be careful about messages like this one, be sure to check the URLs of payment-related pages that you get to after similar spam messages before you actually insert your personal data there.

Of course this is not a matter of TemplateMonster security or something – the attack like this one may happen to every big company doing business online. By the way, PayPal is taking actions to this case and soon it will be over for the spammers – but right now we all have to be careful.

Written by Alex Flow

Alex has been a columnist for TemplateMonster blog since early 2007 and he is now the blog editor. He is also a Marketing manager for TemplateMonster primary website. Alex resides in NYC with his wife Ann and a cat named Val.

Be Sociable, Share!

http://www.icttrends.com ICT Trends
Really horrible thing. How could they manage such spamming. What is the reaction and precaution of Paypal in this regard? Ultimately Paypal is the one whose reputation is played with.
http://www.Jolapa.com Ryan
Thanks guys for posting this, that is really dirty.
http://www.Jolapa.com Job Launch Pad
I hope you guys figure out who is doing it and prosecute them to the fullest!
http://www.myudaipurcity.com udaipur
Indeed a very well written article, very informative thanks for posting it on the net..I could use this as reference and many others can also use it.
Thanks again..
Jain Neha
http://www.d-namic.com Claudio
Thanks or posting that useful information
http://www.latex-mask.com/en.html Masker
Is there really anyone left who falls for this anymore? This whole idea/scam is probably as burned as the whole 419 scams from nigeria.
Aski
What a Low Life. Somebody take this host down. 62.166.213.242. This person is using a dsl account in belgium or is hopping from that point somewhere else. dsl.versadsl.be is a domain controlled by two nameservers at versanet.be and that mail server is there also. Looks like this guy got Ebayers too.
http://www.stefancarter.com Upendraya
thanks very much for posting this!

This entry was posted on Tuesday, July 28th, 2009 at 6:21 am and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed.Both comments and pings are currently closed.