Paypal Accounts May Be Deleted If Inactive (Hoax?)


I received a message from It said that my PayPal account may be deleted if it is inactive for 3 months. It gave me boxes to type in my email address and PayPal password to log into my PayPal account. I didn't do this, suspecting this was a hoax.

I went to and logged into my account from there. The first thing I received was a message saying that PayPal will never ask for your PayPal password via email or phone.

I think this was an attempt to illegally obtain my PayPal password.


Any official information from paypal will come only from HTTPS:// The "s" means secure. Paypal has a warning posted on their site about fraudulent attempts.




It's not a hoax, it's a scam. A hoax is a not for profit prtactical joke. This sounds like it's for profit and therefor qualifies as a scam.


It's a scam. If you look closely at the URL where the account details are submitted, you'll find it doesn't go to Paypal at all, but goes to a different site. From memory, the URL is cunningly disguided - something along the lines of

In other words, it uses as the user ID - the real hostname is Devious.

There's a number of these things floating around, impersonating pages on the Paypal site, as well as regional bank web sites. I've received two of the Paypal scam emails, and I don't even have a Paypal account.


--- Les []


This definitely was a scam. If you still have the email, forward it to and they'll investigate it. eBay has a similar address,, to use for forwarding emails that try to obtain your eBay information.

Some of these scam emails don't ask directly for your id and password. They ask you to "update your account" by clicking a link that appears to take you to eBay or PayPal, but really goes to a fake web site. (It may even include text and images copied from the real site.) It looks just like you're entering information into the real site, but you're really giving the scammer any info that you enter. Never follow a link from one of these emails to eBay or PayPal, but rather go directly to them from your web browser.


The other option is for everyone to follow the link and to enter bogus data. Effectively, they will be spammed by a plethora of false leads. If a large fraction of would-be victims did this, the slimeballs would be inundated with gobs and gobs of useless data that would take them days or weeks to go through, in a (hopefully) vain attempt to find one that works.

Of course, you would also report them.


This may not be a good idea. Here is a copy of an e-mail someone sent me:

"Never and I mean never respond to any such email. Even responding with fake information can be dangerous. Some have code that will copy your personal information from you machine once you allow their program to execute by sending a response."


If this were true then it would have already happened. How many people have randomly surfed the internet and come across a less than reputable site, shall we say. If it were possible for a web site to get your personal information just by visiting the site, there would be no need for scams like the ones being talked about here. The information would be available for the taking.


I think your e-mail address is accessible to a website--because I have spam that comes now that never did before, until I visited a particular website. And, it is addressed to my e-mail!

What I do not like about the current online system is that you basically have to trust the microsoft/norton "wizards" that they have protected you. There is no way to understand what their code is doing, i.e. no one really understands Windows.


Hi, Bill, have a look at this:

How spammers harvest e-mail addresses

Paragraph 6.1 seems to me to be most likely applicable in your case. You'll be able to tell if other paragraphs do apply an take appropriate measures to prevent the harvesting.

Best regards from V.



TNX 4 the excellent link! Wow, that is the mother lode of Spam delineation. It is just what I was looking for!

BTW I hope U had a gr8 vacation ("holiday") --you lucky Euro Duck! (We only take 10 days here :-( but had a gr8 time in Canada anyway----saw seals, dolphins, Minke Whales, Basking Sharks (10 meters long!) all sorts of cool birds like Gannets and petrels and coots, eider ducks, Guillemots, ravens, osprey......and went musseling and clamming and caught wild mackerel, ate lobster, picked wild blueberries, swam in the (not so cold this year) cold water, went sailing, rowing, canoeing, double-paddling, reef-gunkhgoling by motorboat, bog trotting (finding carnivorous plants--bladderworts, sundews, pitcher plants, and also wild orchids, Labrador tea, stunted 100 year old larch only as thick as a broomstick--all to leave 4 future generations) and taught my 6 year old to steer a sailboat, made up family plays in the evenings, load 15 people in the old Dodge woody and off we go to the alley for candlepin bowling and soft ice cream....and on.... We work hard and play even harder! So, I hope you feel refreshed from your beach time......

Best regards,



I got several of these from "ebay". When I tried (several times) to contact the real Ebay about reporting them, I never got back any response. They did not seem to be interested in stopping the scam in any way.


I did report this to I got a response back saying that PayPal did not send the email and that the email linked back to a site not run by PayPal. They also said that they will investigate this fully.

Since eBay and PayPal are part of the same organization, hopefully eBay will be investigating this as well, even though they didn't send a response.


All the emails I've forwarded to have gotten a response from eBay. Usually there's an immediate response, then a follow-up message in a day or so.


Interestingly, a similar scheme was perpetrated on Earthlink. Emails containing false email links 'back' to Earthlink requested passwords and personal info. The linked pages looked quite legitimate. I believe even Bank of America has been through this scam.

But, just like virus protection, the general public is clueless about this scam technique, and despite repeated warnings, the spammers still score plenty of good info from well-meaning saps.

The cat-and-mouse game continues.


Just had what looks to be another spoof attempt show up in my inbox. Here's the URL of the (very-authentic looking) "Sign In" link that supposedly enters you into a contest to win a nice vehicle:

This URL actually goes to, not, if I understand URL-speak. When you go there, you get a eBay-like login box. I'm sure they'll catch a bunch of folks with this.


Definitely a spoof. Looks fucking real, though! All elements of the login form are actually ebay's, and all the links go to ebay, except of course the sign in button. It even says 'Thank you' and tells you it had you entered in the draw if you enter anything...

You're right, there'll be tons of people falling for this.


This Message was deleted. This empty message preserves the threading when a post with followup(s) is deleted.


I think you can relax, Bill... eBay is down at the moment.


Tnx Patrick---I was a bit hysterical there for a moment!

All OK now.


What's this thing look like?

I have a message in the bulk mail section (My Yahoo generally puts eBay stuff in the regular mail box.) about an "ebaY Draw". I have not opened it yet. I tried opening it but it stalled out. If eBay is down at the moment then maybe it was really from eBay.


eBay, and most other reputable web organizations, make it a point to emphasize that they will never ask you for your password as part of an email. This is exactly what this spoof is doing.

Ask yourself this: why would eBay need you to login to "confirm" your entry in this so-called "bonus draw"? Even if there was such a draw, why wouldn't they just tell you to log into your account in the usual way and then click on some special bonus link?

These slime moulds are preying on the vast hordes of people who are not intimately aware of all the idiosyncracies and vagaries of web technology. In fact, by default browsers should pop up a warning explaining what is happening whenever this special URL mechanism is used. The true domain that is being asked for should be part of the pop-up message. These days it is rare for anybody to want to send user name and passwords in the clear as part of a URL. Anonymous ftp might be the most common exception.


Hey guys,
I got this email too. It is deffinately not from ebay. I sent it to their fraud department. They assured me that they are not connected to this hoax in any way.

Possibly Related Threads...
Thread Author Replies Views Last Post
  (deleted post) deleted 2 923 11-03-2013, 06:24 AM
Last Post: deleted
  (deleted post) deleted 19 2,954 08-31-2013, 03:46 AM
Last Post: pascal_meheut
  (deleted post) deleted 2 903 03-25-2013, 06:41 PM
Last Post: Eric Smith
  (deleted post) deleted 15 2,715 03-09-2013, 01:35 PM
Last Post: Mark Hardman
  (deleted post) deleted 5 1,241 01-07-2013, 09:39 AM
Last Post: Frank Boehm (Germany)
  (deleted post) deleted 7 1,518 09-18-2012, 11:11 AM
Last Post: René Franquinet
  (deleted post) deleted 1 706 06-08-2012, 12:49 PM
Last Post: hpnut
  (deleted post) deleted 1 695 03-02-2012, 11:00 AM
Last Post: peacecalc
  (deleted post) deleted 0 529 01-30-2012, 04:14 AM
Last Post: deleted
  (deleted post) deleted 3 894 01-27-2012, 12:17 PM
Last Post: Monte Dalrymple

Forum Jump: