I have an e-mail in my bulk folder that says: Sender: Paypal. Subject: Paypal notification: RE: unauthorized use of your Paypal account! It's obviously some kind of scam since I've never used paypal. Can I do any harm just by reading the message if I don't reply or open any attachments?:boggled:

I have an e-mail in my bulk folder that says: Sender: Paypal. Subject: Paypal notification: RE: unauthorized use of your Paypal account! It's obviously some kind of scam since I've never used paypal. Can I do any harm just by reading the message if I don't reply or open any attachments?:boggled:

Sounds like phishing... the email probably has a link that takes you to a 'log in' screen. the screen looks like paypal but actually isn't. All it does is capture your log in.

It probably won't do anything if you open it.

If you don't have antivirus, get "Avast!" It's free, and still consistently in the top 10... it will protect your computer, and email, against viruses.

DON'T OPEN IT!
I just got the same/similar in my Spam filter. I promise there's nothing you want to see in there, so don't take the chance that something is imbedded. Delete and forget :bonk:

I have a Mac and I can open these pages with no problem.
You know they're fake when there is no httpS in the address.
Also you can type "sucker" in the name and password and it lets you in to the fake secure rip off page.

fwd the email to >> spoof@ebay.com

fwd the email to >> spoof@ebay.com What will that do? I read the e-mail but will not click on the links. Here is the message; problem is, I've never used paypal! Be careful guys, this really looks official.:eek!: The links do start with https. BTW, I use AVG free edition anti-virus program. They keep trying to get you to upgrade to a pay program but the free edition works fine.

I got one today from the IRS. Seems they want to send me a $109.87 tax refund.
.......


Now ya gotta wonder...... how the hell would the IRS know what any of my e-mail addresses were?


:eek!:


The paypal phish is very common.
OS X may be a little more secure as to Viruses, but Phishing doesn't involve viruses.

With the spam email in view, go to your upper menu bar and click on VIEW. Then click on HEADERS, and then on ALL. Its usually set to NORMAL.

The header info will expand to show you where the e-mail originated from, who's in the CC list and how various mail routers treated it. I've changed some numbers so don't assume any are real anymore. Now read the received from line in bold. It doesn't match the "From" line.

You may also notice that the message was grey listed for 722 seconds ( 12 minutes), so the IDs were recognized as not matching up.


Subject:
URGENT NOTICE!
From:
"Boulder Valley Credit Union" <admin at bvcu.org>
Date:
Thu, 26 Jul 2007 07:05:39 -0500
To:
undisclosed-recipients:;
X-UIDL:
46a8a60e00000002
X-Mozilla-Status:
0001
X-Mozilla-Status2:
10000000
Return-Path:
<admin at bvcu.org>
X-Original-To:
owen@epud.net
Delivered-To:
owen@epud.net
X-Greylist:
delayed 722 seconds by postgrey-1.21 at telchar; Thu, 26 Jul 2007 05:17:55 PDT
Received:
from moe.adgistics.com (moe.adgistics.com [194.111.203.200]) by telchar.epud.net (Postfix) with ESMTP id ABBA127 for <owen@epud.net>; Thu, 26 Jul 2007 05:17:55 -0700 (PDT)
Received:
from User ([68.154.101.269] RDNS failed) by moe.adgistics.com with Microsoft SMTPSVC(8.0.3790.3949); Thu, 26 Jul 2007 13:05:47 +0100
Reply-To:
<do.not.reply at bvcu.org>
X-Priority:
3
X-MSMail-Priority:
Normal
X-Mailer:
Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE:
Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID:
<MOEbpH61yEXUIEBOeIi00000675@moe.adgistics.com>
X-OriginalArrivalTime:
26 Jul 2007 12:05:47.0867 (UTC) FILETIME=[4D55AAB0:01D7CF6D]
X-Spam-Checker-Version:
SpamAssassin 2.60 (1.212-9003-09-24-exp) on telchar.epud.net
X-Spam-Level:
****
X-Spam-Status:
No, hits=4.3 required=5.0 tests=CLICK_BELOW,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,HTML_50_60,HTML_MESSAGE,MIME_H TML_ONLY, SUBJ_ALL_CAPS,URGENT_BIZ autolearn=no version=2.60
X-Antivirus:
AVG for E-mail 7.5.476 [279.11.19/927]
MIME-Version:
1.0
Content-Type:
multipart/mixed; boundary="=======AVGMAIL-46A8B559542D======="

You've been selected to take part in our quick and easy survey.
In return we will credit $100 to your account. - Just for your time!

To continue click on the link below:

kttp://ww.bvcu.org/account/index.jsp=survey
© Copyright © 2007 Boulder Valley Credit Union



No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.10.19/927 - Release Date: 7/25/07 1:16 AM

Part 1.2

Content-Description:
"AVG certification"
Content-Type:
text/plain
Content-Encoding:
quoted-printable



This is another recent example header of a phish I got. B V C Union knows about this phish and has warned people not to fall for it. They are victums also.


First notice the "RDNS failed" that I point out in bold. This means that the email system tried to verify the DNS of the sender but couldn't find a published one. "Unknown" is also a warning flag.


From this expanded header you can find what generated the email.

Now looking at the source code of the message you can see the phish.

I've messed up the html commands just for demonstration, and I changed one or two numbers just so people will not get in trouble.


font size="2" face="Arial, Helvetica, sans-serif"
You've been selected to take part in our quick and easy survey.
In return we will credit $100 to your account. - Just for your time!
To continue click on the link below:

kref=kttp://host81-149-30-218.in-addr.btopenworld.com/vbcu/>kttp:/ww.bvcu.org/account/index.jsp=survey

The bold portion is where the clickable target is being redirected to a phish site.
and again I changed the host number slightly as i don't want to direct any one there.

But you can see how it works if you know alittle html code.

Usually just putting you cursor over a target will tell you where you are going to be redirected.
This example wasn't even close to the address displayed as the target.

Never click on anything in a phish email. Even if you think you are just going to mess with them. It confirms instantly that you are a real address if they are still active. Most phish sites are shut down sooner than a mail daemon relays back to them that an e-mail address isn't real. So the best you can do is to keep them guessing if your address is real by not responding.

The IRS Phish I just got, links the clickable target "click here for refund form" to a site in Chile.

What will that do?
PayPal and eBay want the info that FJ just posted.