Last Night I Was the Victim of a Phisher

I was phishered last night—and until this morning I didn’t even know what phishing was! If you have more savvy than I have, you know that phishing has to do with identity scams. Phishing involves scam emails that lure one into turning over credit-card information to a Web site that looks like, in my case, PayPal, but actually belongs to the phisher.

The vehicle for my being phishered was a pseudo-email from PayPal. This is the second one of these that I have received; however, this one appeared more real that the other and it was sent to my primary email address while the first was sent to a Yahoo account that I have never used with any business related activities. I caught that first one fast and emailed PayPal immediately. And PayPal immediately responded that the message wasn’t from them.

The second message—the one I received late last night—got me. It was directed to my primary email account and looked just like any other email I have received from PayPal. The message subject read “Update Your PayPal Account Until 06/30/2005” and threatened closure of my PayPal account if I didn’t follow the link and update information in my account.

I admit that I was irate when I received it. Earlier this year I was ripped off for $150.00 via PayPal by a guy whose wife I contracted to sell the seven model railroad train sets I had inherited from an uncle. But that’s another story. Anyway, with my antique selling on eBay just getting started, I couldn’t afford not to have a PayPal account, so I followed the link and began answering the questions regarding my bank accounts.

The phisher would have gotten all of my information and I’d not have been the wiser—until, of course, money started disappearing from my bank account—except the phisher tried fro too much information. I had already given him my local bank account information and my VISA/debit card number and those three security numbers on the back of it. However, when the phishing site asked for mt ATM PIN number, I backed off.

My first response was to be aggravated with PayPal for asking for information my bank has told me to share with no one. So I clicked the “Help” link at the fake PayPal site—and nothing happened. I think it was at this point that my brain went into gear. Using a different browser, I logged into the main PayPal site. There I encountered a “Security Check” in which PayPal asked me to confirm who I am and change my password. I deduced from that exercise that PayPal knew that something was going on. So I telephoned PayPal, confirmed I had been phished, and forwarded the phishing email I had received along with the pseudo-PayPal link to their fraud investigators.

Now, when they open, I must contact my bank and most probably I’ll end up having to change my credit/debit card number, which leads to a whole new bunch of problems! In the meantime—and before I began writing this blog—I did a Google search and from that I learned about “phishing.” You may be interested in reading a couple of the articles on identity theft and phishing that I found through Google. (Those two words in that last sentence are hyper-links that will take you to the respective articles).