Live from Austin!

Presumably at that point he’d wire himself $600 or so, which is the maximum possible with my PayPal account since I haven’t verified. He’d then disappear before the charge appeared on my credit card.

I saw through it immediately, but I can’t help wondering how many average AOL users would be fooled into thinking that it’s a new feature to save you time when the seller requests money. If you fell for it and had verified at PayPal, you could concievably be hit for a few thousand dollars in no time at all.

I’ve reported the incident to PayPal’s security staff. I also phoned the ISP and had them yank the web account, and filed a complete copy of the e-mail in case law enforcement want to talk to me. I plan to write up the incident for comp.risks. If anyone has any other suggestions for who I should talk to, let me know.

Oh yeah, and a message for anyone else out there looking for marks to defraud: I am not the person you want to target.

Tagged: CGI, eBay, HTML, ISP, PayPal, phishing, security, web account