You should never EVER trust your email. Unless you know what you’re doing that is. Overnight I received the very first hoax that’s had me almost until then. Take a look at the email I received. It looks pretty legit doesn’t it? If you’ve ever gotten a paypal email, that’s exactly what it looks like. To start off, I must say that the only reason that I’ve ever had a paypal account is so that I could buy something on ebay. I don’t even remember what it was. I think it might have been Nintendo games or something. Anyway, not the point. I have a paypal account and occasionally they email me to say “here’s an email that we have to send you for legal reasons, sorry”. So, it’s not out of the ordinary to get email from them. So I open up this message and read it and I’m thinking to myself, that’s kinda odd, usually a big company like this wouldn’t fess up to being stupid. (Also the fact that the hurricanes happened like a couple of months ago is odd too.) So then I keep on reading and they say that my account might be suspended. (I’m shaking in my boots.) That should have been my first alarm right there. So I click the button and am promptly transferred to www.my-paypal.com and am faced with the exact same login screen that I’ve seen in the past. I think for just one second and see that the address I’m at is my-paypal.com and wonder, “Do they send everyone to a different domain to get into their accounts?” So I type in www.paypal.com and click on log in. Sure enough, there’s no mention of my-paypal.com anywhere. Then I get technical. I do a whois on paypal.com and then on my-paypal.com and it says it’s registered to some lady named Jane Srodon in Illinois, as opposed to the paypal corporation. The DNS addresses are different any everything. So if I wasn’t 100% sure that it was a hoax before I am now. So I go back to the email and notice the thing that should have completely made it a hoax. Whenever I sign up for a service, I use a different username @ a different domain name. That way I can differentiate who sold my address and which ones I can forward to /dev/null. I got it at a work address, which would never happen. So it’s spam and a hoax.
So now, the fun part. What happens when we do log into my-paypal.com? Let’s find out… email address… let’s go with a real one so we can track it… then password, let’s make anything up… how about that, we’re asked to verify all of our personal information… Well, John Hancock, better get to it… (note here that all the links on this page are to the real paypal website)… Now I have to enter my finanical info? Okay…. What’s that? My authorization failed, enter my PIN? Okay, it’s a tougie… Okay, it’s sucessful now. All of my information’s been stolen. Good thing! I would have been worried if it wasn’t.