Entête


PayPal et les pirates

Si vous utilisez le service de paiement en ligne Paypal, soyez extrêmement vigilant si vous recevez un ou des courriels semblant provenir de cette compagnie : de faux messages circulent actuellement qui ont toutes les apparences d’un courriel officiel, avec le bon logo.

Dans certains cas, l'adresse de l'expéditeur est louche : ethelalbright_hk@charterone.com. Dans d’autres cas, elle peut apparaître plausible : ulyssessilvahk@paypal.com.

Le texte, en anglais, demande de se connecter à un compte pour le mettre à jour en urgence, ce que certaines personnes ont fait. Cependant, elles se sont aperçu qu’en entrant une fausse adresse de courriel et un faux mot de passe, elles ont tout de même réussi à se connecter. Après vérification, bien que l’adresse inscrite paraissait être celle de PayPal, le lien dirigeait plutôt vers un tout autre serveur et un faux site ressemblant à s’y méprendre à celui de PayPal. Il est probable que si vous suiviez ce lien et que vous entriez vos données, celles-ci seraient enregistrées par les pirates qui seraient alors en mesure d’accéder à votre véritable compte…

Voyez l’exemple d’un tel message plus bas.

Si vous recevez un courriel et que vous voulez vous assurer de sa validité, vous pouvez le rapporter à l’adresse suivante : spoof@paypal.com . C’est un service contre les messages frauduleux que PayPal a instauré pour protéger sa clientèle (pour plus de détails sur ce service, veuillez visiter https://www.paypal.com/cgi-bin/webscr?cmd=xpt/general/SecuritySpoof-outside).

Le message frauduleux transcrit ici en exemple a d’ailleurs été envoyé à PayPal pour vérification. Voyez la réponse que ces derniers nous ont fait à son sujet à sa suite.

Une mesure de protection très simple : pour accéder à votre compte Paypal, utilisez votre signet plutôt qu'un lien provenant d'un courriel…


Exemple de message frauduleux (voir la réponse de PayPal plus bas) :

[ Le véritable logo de PayPal était apposé ici ]


Dear valued PayPal member:

PayPal is committed to maintaining a safe environment for its community of
buyers and sellers. To protect the security of your account, PayPal employs
some of the most advanced security systems in the world and our anti-fraud
teams regularly screen the PayPal system for unusual activity.

Recently, our Account Review Team identified some unusual activity in your
account. In accordance with PayPal's User Agreement and to ensure that your
account has not been compromised, access to your account was limited. Your
account access will remain limited until this issue has been resolved. This
is a fraud prevention measure meant to ensure that your account is not
compromised.

In order to secure your account and quickly restore full access, we may
require some specific information from you for the following reason:

We would like to ensure that your account was not accessed by an
unauthorized third party. Because protecting the security of your account
is our primary concern, we have limited access to sensitive PayPal account
features. We understand that this may be an inconvenience but please
understand that this temporary limitation is for your protection.

Case ID Number: PP-040-187-541

We encourage you to log in and restore full access as soon as possible.
Should access to your account remain limited for an extended period of
time, it may result in further limitations on the use of your account.

However, failure to restore your records will result in account suspension.
Please update your records on or before May 25, 2005.

Once you have updated your account records, your PayPal session will not be
interrupted and will continue as normal.

To update your Paypal records click on the following link:
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Thank you for your prompt attention to this matter. Please understand that
this is a security measure meant to help protect you and your account. We
apologize for any inconvenience.

Sincerely,
PayPal Account Review Department

PayPal Email ID PP522

Accounts Management As outlined in our User Agreement, PayPal will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside




Réponse de PayPal (service contre les messages frauduleux) après leur avoir soumis le message transcrit ci-haut:

Dear (yyyyy),

Thank you for contacting PayPal.

We appreciate you bringing this suspicious email to our attention. We can confirm that the email you received was not sent to you by PayPal.
The website linked to this email is not a registered URL authorized or used by PayPal. We are currently investigating this incident fully.
Please do not enter any personal or financial information into this website.

If you have surrendered any personal or financial information to this fraudulent website, you should immediately log into your PayPal Account and change your password and secret question and answer information. Any compromised financial information should be reported to the appropriate parties.

If you notice any unauthorized activity associated with your PayPal transaction history, please immediately report this to PayPal by following the instructions below:

1. Log in to your account at https://www.paypal.com/ by entering your email address and password into the Member Log In box

2. Click on Security Center at the bottom of the page

3. Click on the 'Unauthorized Transaction' link under the Report a Problem column

4. Please follow the instructions in order to access the appropriate form

If you have any further questions, please feel free to contact us again.

Sincerely,
PayPal Account Review Department

****************************************************************
This
email is sent to you by the contracting entity to your User Agreement, either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe) Limited is authorized and regulated by the Financial Services Authority in the UK as an electronic money institution.

*****************************************************************
PayPal and its representatives will NEVER ask you to reveal your password. There are NO EXCEPTIONS to this policy. If anyone claiming to work for PayPal asks for your password under any circumstances, by email or by phone, please refuse and immediately contact us via webform at https://www.paypal.com/wf/f=sa_pass.

*****************************************************************

Copyright © 2008 Nmedia Solutions inc.courriel