Reader Phil sells on eBay, and has a specific e-mail address that’s only for use with PayPal. The only people he has given this address to are eBay/PayPal itself, and to his customers. That’s why he was surprised to receive a phishing e-mail specifically addressed to his business name and his PayPal address, and wondered where the baddies got it.
Phil hypothesized that this may have something to do with the eBay data breach, since both his PayPal address and company name are on file with his account information. “Phishing mails always start with a generic ‘Dear customer’ or ‘Dear Client,’ but this one not only addresses me by my full name,” he wrote to Consumerist. “It was also sent to an email address that I use EXCLUSIVELY for my Paypal account.” Another likely explanation is that one of his customers fell for a similar phishing scheme and had the contents of their inbox harvested, including Phil’s company name and that limited-access PayPal address.
We’ve blocked out the return address above, but the message did not originate from PayPal. The idea is to entice the recipient to click on the link in order to set things right with PayPal, which will lead him to a PayPal-like site that asks for his username and password.
Have you received any highly personalized scam e-mails like this? If so, let us know at firstname.lastname@example.org. Also be sure to forward them along to email@example.com or firstname.lastname@example.org.