Scam watch: the ‘PayPal’ card expiry scam

A while ago my account was compromised and used to sell something against their terms and conditions (not sure what it was as the first I heard was when I tried to login). But despite having many talks with the useless customer service at eBay my account was banned. They couldn’t even disclose to me what I’d tried to sell. I’d been a member since 2001 with a 100% track record too. I get the impression that eBay aren’t interested in the customer as they have a monopoly on online auctions. It’s high time some serious competition was introduced to eBay (without them buying them out of course!)

I was “had” (d’oh!) by a similar PayPal phisher. Oddly, or worryingly, I received the scamming email shortly after I had actually been doing something unusual (for me) on my more or less dormant PayPal account. It was not addressed to me personally (Rule 1: genuine PayPal emails are always personal), but it said (accurately) that there had been unusual activity on my account, and invited me to log in to check that all was well/confirm that it was me. There was a PayPal logo button link for this. (Rule 2, never use links to PayPal, go there direct). The whole thing looked very “PayPal”. I hit the button and got a very official-looking PayPal log-in page. (Rule 3: check the URL before you submit any data to anyone). It had a username and a password box. Like a chump I filled them in, correctly, and pressed “Submit”. Now – and here the phishers were greedy – the next page wanted to know everything about me, and I realised I was being had so stopped. BUT: of course it was too late, so far as my PayPal login details were concerned. I had already given them away. I forwarded the incoming phishing email to PP. Immediate auto-reply, saying I was a good chap, but then within minutes an actual email confirming that this was a (new) scam and reminding me to change my PayPal login details immediately. I was already doing that; did it in a rush to get there before the scammers did. Then I realised that I used a number of similar, “variations on a theme” passwords on other sites which I would not want compromised. So I sat down and made a list of all passwords I used – had to make a list because some were stored in my browser but I had forgotten them – and changed ALL of the same or similar or sequential ones. There and then. This was late at night but I was worried.
So far so good. My message is: it’s not just your PayPal account that you may expose if tricked like this. Change the PayPal details first, then any others.
I got another scam email within 12 hours; different pretext but I hit the link to see: sure enough, another fake PayPal log-in page. I sent that to PayPal also, with the URL link history, with the same efficient result (but, obviously, I did not fill in any information). In fact I resolved the address, through Whois, to some supposed IT and computer business in … Rwanda with a branch in Uganda.
I am supposed to be IT-savvy (for a lawyer) and, sure, late at night, bored, tired, but anyway I fell for it the first time.
Beware! And these people must have SOME way of telling that one has been at the genuine PayPal, it was too much of a coincidence otherwise. Which is why I started with “Oddly, or worryingly”.
Laurie

I need some advice, as I may have been phished out of my email address.

Someone dressed as a policewoman called at my house last week and asked for my email address, saying she wanted to add it to a police mailing list.

This is the first time I’ve ever seen or heard police ask for such information. I’m not sure now it was genuine, and I did give it to her.

Does anyone know if this is common? Do local police go around asking people for their email addresses?