I don't have - nor have I ever had - Paypal account but look what I received in e-mail today:

Reminder: Confirm Your Credit or Debit Card

Dear Customer,

This is a reminder that we need you to confirm your Credit or Debit Card.

PayPal will never reveal any of your financial information. From industry-leading security to extensive protection programs, PayPal is always working to safeguard you and your account. Only you can initiate transactions using your bank account, and PayPal will remind you via email whenever there is a fund transfer from your account.

How To Confirm Your Credit or Debit Card

PayPal has made two small deposits into the bank account you registered. These deposits should appear on your Account Statement.

Log in (here) to your PayPal account and enter the exact financial information required.

Why Confirm Your Credit or Debit Card?

It increases security

When you enter your exact financial information, you confirm that you are the owner of this bank account. This is because only you as the owner would have access to the exact amounts of the 2 deposits PayPal sent. This process increases the safety of the entire PayPal payments network.

Your PayPal account will become verified

Your PayPal account becomes verified once you confirm your financial information. With a verified account, there is no limit on the amount of money you can send through PayPal when you choose to make these payments using funds from your bank account.

When you confirm your financial information:

* You will improve your reputation by letting others know you're a confirmed, Verfied member of the PayPal community

* Your sending limit will be removed

* You will be able to fund purchases directly from your checking or savings account, in addition to using credit cards

* You will be able to add funds to your PayPal account directly from your bank account

* You will be able to send money to friends, family, and PayPal Personal Account holders

Thank you for using PayPal!
The PayPal Team

i_XpUser

Yep. That's a standard phishing email. I get them all the time.

Soylent Green is PEOPLE!!!

Me too

Have sent a couple to Pay-Pal - they confirm the Scam

Lesley

Shucks, there goes my retirement fund XpUser?

Just do as paypal tell you to and forward it to spoof@paypal.com

If any advice helps, please post back as it might help others.

Yeah, I get those too (as does anyone who has got themselves onto the spammers data base).

Any minute now you'll get them from various online banking firms, Ebay, your server, and goodness knows who else.

All scams which of-course go straight into the bin.

DerekW

I've done some forensic work on the mail header of this phishing email. Here is what I found:

Return-Path: <service@paypal.com>

Received: from actionboxinc.com (mail.actionboxinc.com [216.201.235.194])

Received: {(helo=instagate)
}}by actionboxinc.com with esmtp (Exim 3.36 #1)
id 1FILJ7-0007af-00; Sun, 12 Mar 2006 01:48:05 -0600

Received: from [141.85.0.75] (helo=User)
by actionboxinc.com with asmtp (Exim 3.36 #1)
id 1FILJ5-0007Zw-00; Sun, 12 Mar 2006 01:48:03 -0600

If I had clicked on the Log in link to PayPal account to enter the exact financial information required, I would have been taken to:

http://cm.lusterworks.co.ip/css./www.paypal.com.cgi-bin/webscr/cmd-verification_run/

instead of PayPal.com.

The point I am trying to share here is to Always know who you are dealing with before you click the mouse!

i_XpUser

Yep, switching you to another website is what they always do. Don't rely too much on Message Source info either, they know darned well we can all do that and are getting more clever at concealing themselves as every day goes by.

If at any time you feel one of these is not a scam (scams often obvious because of implied threats withdraw service) then use your normal link to the website if you have one and not anything included in an email.

I've had stacks of these attempts in the last 12 months. It's almost unheard of for websites to request Credit Card info again at some later date.

"Always know who you are dealing with before you click the mouse!" - yeah, too right.

DerekW

Absolutely. By the way they were clever enough to attach the following fine print at the bottom of the email:

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and choose the Help link located in the top right corner of any PayPal page.

To receive email notifications in plain text instead of HTML, update your preferences here.

The bold clickable link shown in the above fine print would also have taken me to:

http://cm.lusterworks.co.ip/css./www.paypal.com.cgi-bin/webscr/cmd-verification_run/

PayPal Email ID PP432

i_XpUser

Baby, you got way too much time on your hands! LOL I just delete the emails. :)

Soylent Green is PEOPLE!!!

Sure I do have a lot of time standing by the phone to answer customers SOS calls :-) How can you tell how well versed are you really in recognizing phish emails? Go HERE to find out for yourself. Enjoy :-)

i_XpUser