Payment to Matamu.club

This morning I received an email from ‘PayPal’ (I think it was not from PayPal and this is what I did to find out if the email was legit). I did buy some things with my PayPal account a couple of days ago, so I guessed it was a shipment confirmation. At first I didn’t open the email but after a few minutes I decided to read it.

The email title: “You’ve just sent payment to Matamu.club”, I don’t know what company is that or what they sell. I did buy something from eBay so I guessed that was the name of the seller, but I started reading the email. After reading the email I doubt this is a real email from PayPal, so what to do?

I got nervous, I don’t know if someone hacked my PayPal account or if this is just a phishing scam (an email from a malicious origin that try to convince people that they are indeed from PayPal so people share login, password, personal and credit information. I took a deep breath and re-read the email, her it is:

Matamu.club phishing scam

I’m reading this in my phone, usually I read my emails on my computer, yes I’m old fashion and only use my phone when my computer is not available. I’m not used to that small screen and the email app is different than the full browser version, I can see more detail or at least I can find it faster. The first thing I noticed is that the From: field it say auto.payment-reports@ and PayPal only use one word there, like ‘service’ or ‘support’, so now I’m inclined to believe this email is fraud.

The email say that I paid $34.88 to Matamu.club but if I did not authorize this payment follow the link and login into my PayPal account. It is a bad idea to follow a link inside an email that you doubt it is real, but I chose to follow the link to see what will happen. After opening the link I knew the page was not from PayPal, the URL (web address) was not the normal paypal.com address but a more complex one, it was mobile.support-paypal.com.cgisup… and something else. Here you can see the screen:

PayPal login falso

Now I’m 100% sure that this page is not from PayPal, but I’m ready for a last test, instead of putting my information I put a random email/password into the form. I know that if it is a PayPal form it will show an error, if it is someone trying to get user information it will no report an error. Of course it is impossible to put a random email/password and find a correct account, so I tried that.

After I put the wrong information I got another screen that said: “PayPal – To help protect your account we regularly look for early signs of potentially fraudulent activity”, then they ask to confirm all personal information. I had to turn my cell phone to see the screen better, this is the screen I got:
Robando información

Now I can see the whole domain, mobile.support-paypal.com.cgisupport.info, the form say that the account login information is verified (check mark with green circle) even when I put wrong information. Now they ask to update address and the next steps are to update credit card information and update bank/identity. In this step they not only ask for address, but for phone number, Mother’s maiden name, SSN and DOB. There are some sites that need that information when you first register and all say that the information will never be requested again (you can change address but SSN/DOB is not an online process).

If someone is not aware that this is a fake site and put all the information then it will be easy to steal the identity and use the PayPal account as they were the owner. Identity theft is a mayor problem in the USA and a lot of people are affected by that. As technology advance also ways to get information from others. Many identity theft victims incur in many problems, it is a nightmare and a lot of work to solve that problem.

I stopped right here, didn’t fill the form, but with what I saw was enough to know what information they wanted and, I guess, that some people provide such information not aware it is fraud.

I want to compare a real PayPal receipt with this fake receipt. I used the computer this time, that way I’m able to see extra things that I can’t see on my phone. I check my email at Hotmail.com

First I opened a real PayPal email:

PayPal real

I found a few things that helps when you try to see if the email is real or not:
1.- The email address is from @paypal.com and time I received it.
2.- Hotmail report that ‘this message is from a trusted sender’.
3.- The transaction time is 14:51:55 and the email arrived at 14:52 (2:52 PM)
4.- Every valid PayPal email has my name in it, not only my email

 

Now we take a look at the fake email:

PayPal Falso

1.- The email address is not from @paypal.com and it doesn’t say it is from a trusted sender.
2.- Time mismatch. Received the email at 6:16 Central and the transaction is from the same day but 7:34 Pacific, so the transaction is in the future because 6:16 Central is 4:16 Pacific.
3.- My name is nowhere to be found.
4.- If I put the mouse over the link it reports a bit.ly address. The bit.ly is usually used to create short URLs instead of showing a long one, but also used to hide the real URL address. It is better not to follow bit.ly links if we thing the email may be fraud.

Caution rules:

– If in doubt do not follow any link within the email
– In this case, open a new tab or window and visit PayPal.com directly
– If you visit a secure site, it will show a lock, maybe a green one, to let you know the information from/to the site is secure. Make sure every time you visit a site with personal information or money, you see the secure lock
– If you don’t see the transaction on your PayPal account, then you are sure that it is ‘only’ a phishing email, you can delete it
– If you put your information think it was from PayPal then you need to contact them and change your password. Also if you put your SSN, credit card and bank info, contact the credit bureaus and your bank to inform them about it. You can put a fraude alert on your reports and even freeze them

It is better safe than sorry, if in doubt, don’t follow any link, visit the site directly or call the company. Every year this type of scams look more real. Have you received an email like this?