Important: Why you should ignore/avoid/delete any unsolicited email from PayPal that mentions sending payments from Lucy Atashsokan (this scam is so well put together, and sickeningly slick, that I was half way through submitting my login details before I realised it was scam).
Update! Please note: Sadly scammers have stolen the name of a genuine person for this. The real Lucy Atashsokan got in touch with me and is a completely innocent victim. She runs a charming little jewelry business from the North East which is on Etsy.
Below is warning who hasn’t bought from her and has received unsolicited emails from PayPal regarding a payment.
————————————————-
Normally when I cover these kinds of scams in Insider’s Edge I’m able to say something like:
“Ha! You can usually spot an email scam because it’ll be littered with spelling mistakes, or they’ll be some awkward phrasing, botched logos etc.”
Not so here. These scammers have hired a decent proofreader and a top flight programmer for this. They’re pros and right now they’re probably driving round Belgium (I believe that’s where this one originates) in a solid gold Reliant Robin.
As I said I was half way through entering my PayPal password before realising I’d been fooled.
Why?
1) Because the wording, layout and design of this scam is near perfect. Even the from name is from PayPal.
2) Because it takes a completely novel approach. This is exactly the kind of email you’d expect to receive from PayPal.
Here’s the email that they send through:
I don’t know if you can read that. If not, it says:
You sent a payment
Transaction ID: 38V76954M2306912H?
Dear customer,
You sent a mobile payment for £97.41 GBP to Lucy Atashsokhan. A message has been sent to the recipient asking to accept or refuse the payment.
Please note that it may take a little while for this payment to appear in the Recent Activity list on your Account Overview.
View the details of this transaction online
Your monthly account statement is available anytime; just log in to your account at https://www.paypal.com/uk/cgi-bin/webscr?cmd=_history. To correct any errors, please contact us through our Help Centre at https://www.paypal.com/uk/cgi-bin/webscr?cmd=_contact_us.
Amount: £97.41 GBP
Sent on: 08 August 2013
Yours sincerely,
PayPal
(Please bear in mind the amount, date and even the recipient name will change – this is the one I receieved)
The idea is that you look at the email and think: “Hang on, I don’t remember making a payment to anyone called Lucy Atashsokan. I better login and see what it was for… maybe I bought a pair of silk pyjamas when I was drunk.”
So what happens if you click through (like I did)?
You get taken to a PayPal website clone. It’s not the official PayPal website but you’d need to have woken up with all your faculties in order to tell that it’s not.
(I haven’t woken up with all my faculties in order for at least a decade, hence my momentary lapse).
As soon as you’ve entered your login details and hit submit they’ve got you. This clone site has purely been setup to capture any details you submit.
The scammers now collect this data, sell it on or use it themselves to drain as much money from your account until PayPal put a block on it, or you notice. Most people will have their card details logged so this is a particularly dangerous scam.
What to do about it?
Don’t click through on any of the links. If you get an email saying you’ve made or received a payment from Lucy Atashsokan (or anyone else for that matter, there’s no way in hell they’re using the same name for all of these emails blasts) ignore it, delete it or spam it.
Worried that it might be genuine?
Fine, there’s an easy solution to this. Open up a completely new browser window and go to www.paypal.com. Login in from there and there only. You’ll then be able to check from the official site whether any money has been sent or received.
This is being mass mailed at the moment so keep your eyes peeled.
9 responses to “Avoid this almost ‘perfect’ PayPal scam”
Thank you for the warning, Tom.
I would have spotted it as a scam immediately.
Firstly, “Dear customer”, NOT “Dear (my name)”. I always know that if my name is not included in a greeting, this indicates that an email is not genuine.
Then, I do not use my mobile phone to access the Internet, so “mobile payment” screams “SCAM!” nice and loudly. If it was money received, again that would alert me; nobody gives me money for nothing! (Well, nobody, apart from my family when it’s my birthday.)
Then, I do not use my PayPal account. And if I did, I would be fully aware of any transactions made. I am meticulous in keeping record of anything that I spend online. So no chance of accidentally buying any silk pyjamas (and especially drunk, as I am teetotal!)
Plus, the name of the payee (or sender of money to me) would be unknown to me, so another warning signal.
And as a final safety net, I would never click on a link in a financial email. Plus, resting the mouse on a link reveals where that links leads to and it certainly would not have been to the PayPal website.
Your advice is spot on. You were right to write your article. Unless someone is as alert as me, or perhaps is not fully attentive for any number of reasons, it is easy to be fooled. So thank you for warning your subscribers.
Best wishes.
any genuine email from paypal will start with your name not dear customer or member or such
I often get emails purporting to be from PayPal and I immediately fiward them to the spoof at PayPal do they can deal with it. Same with Natwest and Barclays most financial instituyions will have a phishing dept
Sorry that should have been forward and institutions. Predictive text!
Following on from the previous comment. PayPal always say
‘Spoof or ‘phishing’ emails tend to have generic greetings such as “Dear PayPal member”. Emails from PayPal will always address you by your first and last name.’
i opened one of these scam emails it stated service@paypal you have made a mobile payment to this lucy atashsokhan and you can guess the rest 2 days later 4,588 quid was stolen from my bank account i have contacted action fraud they told me it wasnt the email but i told them about these sites whether they knew and werent saying ive told all my friends the person responsible had hacked into my verified by visa and obtained my password they had the cheek to send me the same email again just worded differently.
Hi everyone, I am Lucy Atashsokhan, I had received a few emails from people saying they had received these kind of emails from “paypal” saying they had sent money to me, how or why they have used my name I do not know. I have contacted Paypal a few times who have been unhelpful, basically telling me there is nothing they can do as it isn’t actually them sending the emails. I had no idea how big this problem was until someone else alerted me to it and I googled my own name. I run my own jewellery business and this kind of thing on my reputation could be hugely damaging, I am absolutely gutted, is there anything I can do?? I believe I am the only person in the world with my name too, it is quite unusual.
Sorry about this everyone, I am just as angry as you are.
Lucy
Hi Lucy, that’s awful – I’m so sorry to hear that. I can’t believe PayPal have been so unhelpful.
I’ve put a note up at the top of this article to clarify things and also put a link to your etsy so that my readers can see your shop. Hopefully something positive can come out of this for you!
What was the actual url of the fake Paypal website? In the email there are 4 urls, 2 of them have the text “https://www.paypal.com…” so people think that they will visit the real website. But it’s not the actual hyperlink, it’s just the text for the hyperlink.
For example http://www.facebook.com, you think that you will go to google if you click that link, but you go to facebook. 😛
If I got a phishing e-mail, I would recognize a fake url, so did they make the url look like paypal.com, like paypaI.com with a capital i? That would be a perfect scam if browsers didn’t convert it to lowercase letters. 😛 Also a w could be replaced with vv or the other way around. I hope that all those phishing websites will get reported and deleted as soon as possible so less technical people who don’t check the url won’t get robbed.