/ Money

Scam watch: the ‘PayPal’ card expiry scam

Email in box scam watch

Ever spotted a phishing email in your inbox? There’s a new one in town. Read why you should be wary of emails purporting to be from PayPal that ask for personal information.

Anthony Johnson told us: I believe that I had a near miss recently after an expired credit card was due to be replaced. I received a genuine email from PayPal noting that my card was due to expire and asking me to update my profile.

But another email, allegedly from PayPal, soon arrived. It also asked me to update my details. It was only when bank details were requested that my suspicions were aroused.

On realising that the latest email was addressed ‘Dear Customer’, I broke off all contact and deleted the email. Instead, I entered the new credit card expiry date directly onto the PayPal website without difficulty.

Our say on phishing emails

A number of Which? members have let us know they’ve been contacted by scammers purporting to be from PayPal. Some emails ask customers to confirm their details. Others suggest that a recent payment has failed.

Anthony was correct to be suspicious about this second email, because any communications from PayPal will always address customers by their full name. It’s also worth noting that PayPal will never ask you to download an email attachment or give away personal information without first logging in to its website.

These phishing emails often look almost identical to official ones. If you’re suspicious about an email asking you for personal details, it’s always best to contact the company directly before taking action. Help PayPal tackle these scams by forwarding emails to spoof@paypal.com.

Have you ever been sent a suspicious email claiming to be from PayPal? Are you a dab hand at avoiding scam emails, or have you ever been fooled?


Has anyone been receiving spam emails from FanBox? Is there a way to stop them?

And Joe, you should run a virus and rootkit scan on your computer.

A while ago my account was compromised and used to sell something against their terms and conditions (not sure what it was as the first I heard was when I tried to login). But despite having many talks with the useless customer service at eBay my account was banned. They couldn’t even disclose to me what I’d tried to sell. I’d been a member since 2001 with a 100% track record too. I get the impression that eBay aren’t interested in the customer as they have a monopoly on online auctions. It’s high time some serious competition was introduced to eBay (without them buying them out of course!)

Have you talked to a lawyer about this? Or Trading Standards?

Laurie West-Knights says:
22 September 2014

I was “had” (d’oh!) by a similar PayPal phisher. Oddly, or worryingly, I received the scamming email shortly after I had actually been doing something unusual (for me) on my more or less dormant PayPal account. It was not addressed to me personally (Rule 1: genuine PayPal emails are always personal), but it said (accurately) that there had been unusual activity on my account, and invited me to log in to check that all was well/confirm that it was me. There was a PayPal logo button link for this. (Rule 2, never use links to PayPal, go there direct). The whole thing looked very “PayPal”. I hit the button and got a very official-looking PayPal log-in page. (Rule 3: check the URL before you submit any data to anyone). It had a username and a password box. Like a chump I filled them in, correctly, and pressed “Submit”. Now – and here the phishers were greedy – the next page wanted to know everything about me, and I realised I was being had so stopped. BUT: of course it was too late, so far as my PayPal login details were concerned. I had already given them away. I forwarded the incoming phishing email to PP. Immediate auto-reply, saying I was a good chap, but then within minutes an actual email confirming that this was a (new) scam and reminding me to change my PayPal login details immediately. I was already doing that; did it in a rush to get there before the scammers did. Then I realised that I used a number of similar, “variations on a theme” passwords on other sites which I would not want compromised. So I sat down and made a list of all passwords I used – had to make a list because some were stored in my browser but I had forgotten them – and changed ALL of the same or similar or sequential ones. There and then. This was late at night but I was worried.
So far so good. My message is: it’s not just your PayPal account that you may expose if tricked like this. Change the PayPal details first, then any others.
I got another scam email within 12 hours; different pretext but I hit the link to see: sure enough, another fake PayPal log-in page. I sent that to PayPal also, with the URL link history, with the same efficient result (but, obviously, I did not fill in any information). In fact I resolved the address, through Whois, to some supposed IT and computer business in … Rwanda with a branch in Uganda.
I am supposed to be IT-savvy (for a lawyer) and, sure, late at night, bored, tired, but anyway I fell for it the first time.
Beware! And these people must have SOME way of telling that one has been at the genuine PayPal, it was too much of a coincidence otherwise. Which is why I started with “Oddly, or worryingly”.

Laurie West-Knights says:
22 September 2014

oh and just in case I swept my machine, full scan with Sophos Virus Removal Tool, though I have “live” A-V installed. Clean, and all seems well.

The normal antivirus might not be enough. You should do a deep rootkit scan with something like Malwarebytes, and post on their forums.for advice.

I’ve just had my nectar card hacked believe it or. I collected about 77 pound for Christmas and someone spent it in Richmond home base! I live nowhere near Richmond, and can only assume they cloned a card from stolen details from another website (perhaps eBay?)

Google’s Doubleclick ad delivery network has just been hacked, and people are using it to distribute viruses. Any website you visit now that has a Doubleclick advert could potentially install a virus on your computer.

renniemac says:
24 September 2014

I have also received this e-mail, but deleted it immediately, I don’t correspond back to Bank, Building Societies, PayPal or EBay through this kind of e-mail, telling bank and building society never to send me e-mail as I wont open them, call me instead. when I received the PayPal e-mail I deleted and like Anthony I contacted PayPal direct, they told me it was a scam. I have also had e-mail from same scam saying a have to click on link re a recent purchase. especially since this particular time I had made a purchase. my concern is, was this scammer involved in PayPal in some way to know I had made recent purchase or was it just coincidental that I had, had a recent purchase. to be safe don’t ever open anything like this.

I need some advice, as I may have been phished out of my email address.

Someone dressed as a policewoman called at my house last week and asked for my email address, saying she wanted to add it to a police mailing list.

This is the first time I’ve ever seen or heard police ask for such information. I’m not sure now it was genuine, and I did give it to her.

Does anyone know if this is common? Do local police go around asking people for their email addresses?

Contact your local police or community officers.

If you are worried, seriously think about changing your email address on bank accounts etc. You can get one from Yahoo as a temporary measure.

Definitely doesn’t sound like something the police would do.

Laurie West-Knights says:
30 September 2014

Sounds iffy. First – ask your local police station. They will say whether this was genuine or not. If it was, fine, if not then they should be VERY interested: impersonating a police officer is still, so far as I know, a criminal offence and a dangerous one which would trouble the police.

If, as supposed, that was not genuine then if you use your email address for web site access to anything that would trouble you being hacked, change your address and change your details on the site(s).

Laurie West-Knights says:
30 September 2014

But all of this is WAY “off-topic”…