I have been online for eleven years. I have spent three years working in a help desk. Yet I almost got suckered yesterday. One of the best phishing emails I have ever seen.

It was good. Very believable. But something seem phishy (yes pun was intended). So for your benefit, and to benefit others, I am re-printing this email word for word on this hub. After the email I will show you what it was that gave it away as a phishing scam. Most importantly I will show you how to protect yourself from these scams, and ask you to help me get the word out so that other internet users are not victimized by these crooks.

So with that said, here is...

Notification of Limited Account Access

service@paypal.com to me show details Nov 18 (2 days ago) Reply

Dear Paul Douglas ,

PayPal Resolution Center:

Your account is limited.

Why is my account access limited?

As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account: Our system detected unusual number of invalid logging attempts on you account from these blacklist ip address. (Your case ID for this reason is PP-0042310.)

How can I restore my account access?

For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause. In order to assist us with this security measure, we ask that you send us a photocopy or scan documents listed below and return them via email to security@paypalfraudcheck.com :

- A clear copy of your Passport or Photographic Drivers Licence or I.D. Card (both sides).

- A clear copy of both sides of the credit/debit card on your Paypal profile.

- A clear copy of a recent bank statement or utility bill on which your name and address are clearly visible - less than 3 months old.

Completing all of the checklist items will automatically restore your account access.

Thank you for using PayPal!

---------------------------------------------------------------------------------

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.

As I am sure you can see, this was a pretty effective scam. However, four things gave it away as a phishing or spof email. Here they are.

One. The sent it to my GMail address. Paypal does not have, nor do they communicate with me through GMail address. That was my first clue.

So to protect yourself, I would advise you use one exclusive email address for things like online banking, PayPal transactions, credit card companies, and for your bills.

Keep that address private and exclusive. That way when you receive an email from PayPal, your bank, and credit card company at your other email addresses, you know it is most likely a phishing scam.

Two. The sender's address. service@paypal.com sure looked official. However, a properties search on that address revealed the address of service@paypail.com. Paypail? Never heard of it.

One of the reasons I use GMail is that it does reveal the sender's email address at the top of the page. By hovering my mouse over it, it reveals the true adress.

Of course if you don't use GMail, you can always right click on the address and select properties on the menu.

So for your protection, I would suggest setting up a GMail account. Maybe more than one. 

Three. The info requested...

- A clear copy of your Passport or Photographic Drivers Licence or I.D. Card (both sides).

- A clear copy of both sides of the credit/debit card on your Paypal profile.

- A clear copy of a recent bank statement or utility bill on which your name and address are clearly visible - less than 3 months old.

Think about this. All the above is exactly what I will need to steal your identity and rob you blind.

Photo ID can be altered so the thief can now be you.

A copy of both sides of a debit/credit card is all I need to max out that card.

A copy of a bank statement or utility bill is also used to steal your ID, take out loans in your name, and empty your bank account.

Always keep this info private. Never, ever divulge it in an email. 

And finally. The email address security@paypalfraudcheck.com. Wouldn't PayPal use their own domain for security purposes instead on another oner?

I immediately went to Google and did a search for whois. A simple whois search reveals the owner of the domain name paypalfraudcheck.com. As you will see from the attached screenshot, paypalfraudcheck is not owned by PayPal.

It appears to be owned by someone in Burlington, Ontario, Canada. I say appears, because a thief smart enough to come up with this efective a scam will not register a domain in his own name, but in someone else's. Possibly one of their other victim's. That is why I blocked out identifying info on the screenshot.

Please spread the word about this very serious crime being perpretrated against internet users. Imagine if  your parents, grandparents or children received this kind of email and fell for it. What kind of havoc would it wreak on their lives. You can protect them and others.

Here is what you can do. Help me promote this hub. Feel free to email people in your address book with a link to this hub. If you have a mailing list, this hub can be used to provide valuable contant to them. Go to the link below to my blog post about this scam. There are all kind of buttons to bookmark it, tell your friends, and post it to your Facebook, and MySpace pages. Feel free to add the blog post to your own blog, as free valuable content to your readers.

Let's educate internet users so they don't fall victim to these crooks and con artists.