Published on August 8th, 2013 | by Tom Wake9
Avoid this almost ‘perfect’ PayPal scam
Important: Why you should ignore/avoid/delete any unsolicited email from PayPal that mentions sending payments from Lucy Atashsokan (this scam is so well put together, and sickeningly slick, that I was half way through submitting my login details before I realised it was scam).
Update! Please note: Sadly scammers have stolen the name of a genuine person for this. The real Lucy Atashsokan got in touch with me and is a completely innocent victim. She runs a charming little jewelry business from the North East which is on Etsy.
Below is warning who hasn’t bought from her and has received unsolicited emails from PayPal regarding a payment.
Normally when I cover these kinds of scams in Insider’s Edge I’m able to say something like:
“Ha! You can usually spot an email scam because it’ll be littered with spelling mistakes, or they’ll be some awkward phrasing, botched logos etc.”
Not so here. These scammers have hired a decent proofreader and a top flight programmer for this. They’re pros and right now they’re probably driving round Belgium (I believe that’s where this one originates) in a solid gold Reliant Robin.
As I said I was half way through entering my PayPal password before realising I’d been fooled.
1) Because the wording, layout and design of this scam is near perfect. Even the from name is from PayPal.
2) Because it takes a completely novel approach. This is exactly the kind of email you’d expect to receive from PayPal.
Here’s the email that they send through:
I don’t know if you can read that. If not, it says:
You sent a payment
Transaction ID: 38V76954M2306912H?
You sent a mobile payment for £97.41 GBP to Lucy Atashsokhan. A message has been sent to the recipient asking to accept or refuse the payment.
Please note that it may take a little while for this payment to appear in the Recent Activity list on your Account Overview.
View the details of this transaction online
Your monthly account statement is available anytime; just log in to your account at https://www.paypal.com/uk/cgi-bin/webscr?cmd=_history. To correct any errors, please contact us through our Help Centre at https://www.paypal.com/uk/cgi-bin/webscr?cmd=_contact_us.
Amount: £97.41 GBP
Sent on: 08 August 2013
(Please bear in mind the amount, date and even the recipient name will change – this is the one I receieved)
The idea is that you look at the email and think: “Hang on, I don’t remember making a payment to anyone called Lucy Atashsokan. I better login and see what it was for… maybe I bought a pair of silk pyjamas when I was drunk.”
So what happens if you click through (like I did)?
You get taken to a PayPal website clone. It’s not the official PayPal website but you’d need to have woken up with all your faculties in order to tell that it’s not.
(I haven’t woken up with all my faculties in order for at least a decade, hence my momentary lapse).
As soon as you’ve entered your login details and hit submit they’ve got you. This clone site has purely been setup to capture any details you submit.
The scammers now collect this data, sell it on or use it themselves to drain as much money from your account until PayPal put a block on it, or you notice. Most people will have their card details logged so this is a particularly dangerous scam.
What to do about it?
Don’t click through on any of the links. If you get an email saying you’ve made or received a payment from Lucy Atashsokan (or anyone else for that matter, there’s no way in hell they’re using the same name for all of these emails blasts) ignore it, delete it or spam it.
Worried that it might be genuine?
Fine, there’s an easy solution to this. Open up a completely new browser window and go to www.paypal.com. Login in from there and there only. You’ll then be able to check from the official site whether any money has been sent or received.
This is being mass mailed at the moment so keep your eyes peeled.