I got one of the infamous e-mail scams this morning purporting to be from PayPal, saying that my account was being shut down because of suspicious activity unless I cleared up the issue by November 28 (I read this on the 29th.)
The message looked legitimate, with the same formatting and images that every other PayPal message has, and even gave a link to click that would get me to the login page. I'd heard of this before, so I was a little cautious and used Safari to go to www.paypal.com and logged in as usual. Everything seemed fine with my account.
So I went back to the message and checked the links that were there; looked legitimate enough. The helpful link to get me to the login page read thusly in the body of the message:
To update your Paypal records click on the following link:
But if I control-clicked on the link and copied it instead, I got
http:// 2 2 2 . 2 3 5 . 6 8 . 3 3 /paypal/index.htm (I've inserted spaces to make the link unusable.)
So, one question and one warning. First the warning: Beware of ANYTHING that comes unrequested from PayPal -- or any other online service -- that wants you to click a link to login and make changes to your account. If you do need to make changes to your account, use your normal procedures to get there and avoid using any provided links in messages.
Now the question: Using the e-mail message and the IP address in the link, how do I track down this scumbag? Not that I can or will or even want to do anything to avenge this transgression, but I'd just like to know.