I use PayPal for online purchasing and for making donations to such as the SOH Bandwith Drive. I have received an email purporting to come from PayPal asking for my bank account details so they can verify my account.

I am suspicious as on the PayPal website they say they never send emails asking for bank account details. I always pay via Paypal using my credit card so why do they suddenly need to know my bank account?

Has anyone else had such an email? I copied it to PayPal as suggested in their anti fraud section but have not yet had a reply.

It should be addressed to your paypal user name if genuine. I am 99% sure this is phishing!

That's phishing! They never send mails asking that! I had the same thing with one of my banks lately. Reported it. The bank didn't react. To common I suppose.

Cees

Hi,

Check the name and web address VERY carefully ! There are a number of "pseudo-PayPal" sites out there that look very similar but are only interested in getting hold of your card details. About the only email I've received from the real PayPal recently was concerning slight changes to the Terms and conditions, and you needed to separately log in to view them.

As Cees says, any request for account details, even if its from the bank you actually have an account with, is almost certainly fraudulent.

Alastair

Sounds like a phishing scam to me. I've received similar e-mails, either asking for a bank account number or requesting that I change my password.

I received the same email-delete, gone!
Rick

Has anyone else had such an email? I copied it to PayPal as suggested in their anti fraud section but have not yet had a reply.

Exactly the same here. 100% guaranteed its phishing. Was only slightly suspicious as the message and format looked pretty authentic, which said my account had to be updated or something like that. BUT when the next page asked for complete details of bank and cc numbers it stopped me cold in my tracks AND when I logged in afresh it appeared nothing was wrong with the account. What I am not happy about is that I entered both my PayPal log in and password but not keen to change and keep track of yet another different password.

Has anyone else had such an email? I copied it to PayPal as suggested in their anti fraud section but have not yet had a reply.Yes, it's phishing. You did the right thing by notifying PayPal.

On the PayPal site there is an app. you can use called Iconix that verifies the signature of such e-mails. Sometimes they are hard to distinguish from legitimate ones. I use MS Outlook and have a rule setup to automatically file anything from PayPal and other companies. When the rule doesn't work, it raises another flag that it might be phishing.
:ernae:
--WH

I got one of those e-mails purporting to be from PayPal (which I use to buy FS software) a few weeks ago and thought right away that it was phishing just by the way it was worded (there were a couple of odd syntax errors in a couple of sentences) so I deleted it and reported it to PayPal. Then a couple of says later I got the very same message claiming there was a problem with my bank account... with a bank I had no account with! PHISH!!!

N.

PS. PayPal never replied to my report either

There's info on phishing on the paypal website as well as an email address where they would like to forward the bogus emails so they can evaulate them and take action. They will never ask you for any info except from within their site. And don't ever follow a link to their site from an email. Manually go to paypal.com before ever logging in. You'd be amazed at how will criminals can replicate emails and websites to gain info.
:ernae:

I've had emails like this myself. One of the best methods to confirm, (which I highly doubt, Harry, that the email is legit) is to log-in to your Paypal directly. Check for any messages within. If there is nothing of notifications there, you're likely being phished like many in the world. If you're suspicious by the email, my suggestion is to forward the email you received to Paypal, and get in contact with Paypal via telephone.

ALWAYS log into your Paypal account through your own link, or thru a known purchase site. NEVER enter it from an email link. Even if you know the link is legit, if it came via email, NEVER use it.

And NEVER give your account details to an email link. Period.

After more checking it seems it is a genuine PayPal message. Even though I only use PayPal to buy things using my credit card they have a limit for the year. To avoid divulging my bank details I will restrict my use of PayPal until my year has ended and my limit resets. Luckily the Bandwidth appeal came before this blew up.

Something else to bear in mind:
Do not forward a suspect email, copy and paste the contents from the preview pane (without opening the email) into a fresh email.
Very often forwarding requires downloading content from the original sender, which can contain whatever...

Shift-delete works best for me, generally.
I ask myself: if I delete this phish, how would this affect my life later on?
If nothing, then it's just... gone.

if in doubt, contact paypal support, if they do want your info, then go to paypal yourself (NOT useing any email link!!!!) and enter your stuff.

Links in emails can also be spoofed. You may see your bank's URL in blue-underline, but don't trust that. Don't trust the text you see in the status bar when you have over that link - that can be spoofed too. The only reliable way to see where a link is going is to right-lcick that link and choose Copy Shortcut, then open Notepad and paste it in there. If you're still not sure about who owns that link, you can research the main domain name with several different who-is services. The part you want to search on is the main domain name and extention. For instance:
http://www.sim-outhouse.com/sohforums/newreply.php?p=676683&noquote=1 (http://www.sim-outhouse.com/sohforums/newreply.php?p=676683&noquote=1)

You want to look between the first double slash and the first single slash. If there's more than one "dot," you want what's on either side of the last one. In this case, the "www" is a subdomain. Another site you may see like this would be "mail.yahoo.com." Everything after the first single slash is just directory information on the server that points you to the correct page, and then maybe some php or asp tags after that. Don't be fooled by a URL that might read "paypal.x8gr5.com" either. The website you're looking at has nothing to do with paypal, and what you'd want to look at is the x8gr5.com portion, which I just made up. In all likelihood, you'll find one of two things. The domain is registered through a proxy service to hide the true owner, or it's registered in either Russia or China. Neither of these cases should be true for a legitimate business site.

By the way, here's what a legitimate business address should look like when you do a who-is search:
http://who.godaddy.com/whois.aspx?domain=yahoo.com&prog_id=GoDaddy

All my on-line purchasing, including payments via PayPal, is done using Virtual Account Numbers (VANs). Before I log onto a vendor's site, I go to my credit card site and obtain a VAN. VANs are one-time-use numbers so you don't have to worry about someone pinching the number and security code, because once the vendor charges to the VAN, it becomes void and useless. It takes me about 60 seconds to obtain a VAN.

BTW, I do NO ONLINE BANKING, despite banks' persistent efforts to get me to do so. I use the telephone, which is still more secure than The Web. All the gadget geeks (and show-offs) who "live" on their smart phones (and now tablets) doing banking and stock-trading are setting themselves up for a nightmare.

- H52