I have a PayPal account which I use quite regularly for buying from the States, and they have my credit card number and expiry date on file. If I only need to use my password on a secure link to make a payment, why on earth would they need to ask for the card details again just to "verify" your status?
And there's no reason whatsoever why PayPal or anyone else would need to know my ATM PIN.
Have you had a look at the message headers to see where it might have come from?
Re: **** Dear PayPal Customer ****#26517 06/14/0308:40 AM06/14/0308:40 AM
I'm not too adept at gleaning pertinent info from these things, but both 'from' addresses seemed to be from PayPal (Update0zfs4e02x@paypal.com was one) and they seemed to have come through compuserve somehow.
My brother got some last week with a link that took him to a form. Mine had the form built right into the Email text and included PayPal Logos
The form seemed to execute something at: paypal.com-(some zillion digit # here 0100101011100 etc)-@gratelol.port5.com/(0100101011100 ...).php
Bill, while those email addresses MAY look legit, the actual path often traces back through several 'mirror' domains, sites and servers. With a little more time (like most hackers, whackers and thieves seem to have because they're out making OFF with our money instead of out making their own danged money....), just about anyone can set up a convoluted maze for distribution of pure junk and make it pop out the other end looking every bit like the real thing.
[This message has been edited by BuggabooBren (edited 06-14-2003).]
Bill, Have you e-mailed the REAL pay pal about this e-mail? I would suggest logging onto the real pay pal and e-mail them this form. See what they say. If it is a scam they should know about and warn all of their accounts. Scott