Until today I hadn't been aware of the term phishing, but I almost became a victim of it this morning. I received this email this morning...
You have added firstname.lastname@example.org as a new e-mail address for your account.
If you don't agree with this e-mail and if you need assistance with your account fallow this link:
malicious link removed by moderator. Suffice it to say, it is a web address faked to look like paypal's
Please confirm your information to continue using your account normally.
Copy and paste the link on your internet explorer address bar.
Please do not reply to this e-mail.
Not being familiar what form PayPal uses to email their clients, I used the link to go to the site, and after entering my email address and password to log in, another page immediately came up titled "Security Measures" asking for these items...
Social Security Number:
Mother's Maiden Name:
Card Number: VisaMastercard
Expiration Date: /
CVV2 Number: Card Verification Number (CVV2) is located on the back of your card.
ATM PIN: Electronic Signature (ATM PIN) is required for bank verification.
The first thing that caught my eye was their asking me for my social security number, but the real alarms started going off when I saw that they were requesting my ATM pin number!
I called PayPal, and the first thing the rep asked was how was it addressed, it turns out that they always begin their letters by addressing the individual by name, as you can see this one isn't.
I immediately ran all of my av, spyware, adware, malware...but found nothing, thank you very much.
What I would really like (short of having a little face to face meeting with these $&*#@) is to know how they got my email address, and if it was associated with PayPal as I do have an account with them.
Be aware people...these guys are slick!