I haven't gotten the fake sale/purchase yet, but I have gotten the undeliverable e-mail ones. The fact that the attachment is a zip file was a pretty big pointer.
The cleverest ones I have seen so far (sort of like this new e-bay one), are the ones that just inform you that something has changed in your user profile, like an address or e-mail or a new credit card (that is the best one IMO -- reverse psychology) being added. All very official looking, and I am sure that if you go to the provided link it will look just like BidPay or PayPal or whatever -- but once you have tried to log in, they have all the information they need. One even came from a domain with "PayPal" in the name, but with a foreign country code rather than ".com." The genius is that they don't ask you to confirm or check anything. They rely on your puzzlement at the announcement to check it out.
I verified the fraud by going directly to PayPal (not using their link), and checked to make sure everything was unchanged.
|