Welcome to my anti-scam page. It is geared towards spotting and understanding the art of "phishing"..... specifically PayPal phishing. What phishing refers to is a type of scam where the "phisher" developes a web page that LOOKS like the web page of some financial institution. In this case, that would be PayPal. They then proceed to gather private info from you such as: SS#, Password, credit card#, birth date, address, etc..... ANYTHING that can either a) help them steal your identity or b) help them ROB YOU BLIND. They accomplish this by sending you a bogus email. Usually, it says something like, "Account Deactivation Notice" or "Unauthorized Account Access". They get you to log in. (now they have your name and password), and fill out your private info to "confirm" your "status". (now they have EVERYTHING THEY NEED!!!!!)

The other bad things about this are:

The institution WILL NOT RECOGNIZE that it is someone other than you. Why? Because the phisher used all of YOUR information. So nobody from the institution knew anything different from the normal.

Also, they routinely use legitimate links to connect you back into the real page (i.e. PayPal) so that you enter and exit these places as you would normally expect.

But, never fear! There are several things you can do to keep yourself protected...... and THEY WORK.

1. The first and MOST IMPORTANT thing to know is that, with PayPal, they will ONLY USE YOUR NAME in their emails. There will be no "Dear Sir" or "Dear Valued Customer". If you see ANYTHING other than your name, IT IS BOGUS, period.

2. Hover your mouse over any links in the email. LOOK at the Internet Explorer status bar (at the very bottom) and SEE if the written link matches the status bar address. If they match AND it is a valid PayPal address, that is good. Else, it is a fraud.

3. If you decide to check the link out, do this. LOOK at the address bar of Internet Explorer. If the address does not start with www.paypal.com, it is probably a fraud.

4. One of the coolest things I have noticed in fraud detection is that usually (but not always) you can log in with a completely bogus email address and password. If you think you are being defrauded and you want to have a little fun, log in with a bogus account like "uracriminal456@yahoo.com" with the password of "CopsOnWay99". This will help to fill their databases with useless info that they will have to weed through in order to actually get to legitimate personal details.

5. Last but not least, if you think that something could be a fraud, forward it to scam@paypal.com. You will get a prompt reply AND an answer as to whether your hunch was right.

Included in the table just beneath this one is a typical case for your study.

(Read the comments and click on the thumbnail for a larger picture. Make sure to enlarge them for detail.)

However, when we hover the mouse over the 1. link in the email, a DIFFERENT address appears in the 2. "status bar". Notice how the two DO NOT MATCH. Also, notice how the one on the status bar IS NOT a PayPal link. It is actually an IP address!

Firstly, notice how we are in a directory. PayPal will NEVER EVER let you into ANY directory. Also, notice the name "paul". This even LOOKS "phishy". This address was attained by simply taking the original address "www.203.85.107.4/~paul/.www.paypal.com/webscr.php?cmd=LogIn" and removing the last part of it back to ~paul/..

This is an example of how the phisher includes legitimate links along with the bogus page.

This is what I got when I took the end of the address "www.203.85.107.4/~paul/.www.paypal.com/webscr.php?cmd=LogIn"