Daggah

Reason I was asking about the source and whether paypal knows is that I just alerted someone I know about it, and she told me she received that email two weeks ago and tried to verify her information on the form, but Internet Explorer wouldn't let her submit the information.

DarkBronzePlant

This is a legitimate scam. Paypal is fully aware of it (other similar sites are spoofed too, not just PayPal). I received an email like that a couple of times. Unfortunately, it is extremely simple to pull off (provided you have a means of not being tracked down via your ISP). Essentially, "they" create an email with graphics and logos that makes it look like an official PayPal email (very easy to do.) They then have you click on a link that looks something like this:

http: //www.paypal.com/account.cgi?inactive=true@http: //154.32.198.16/account.cgi

So now, where does that link take you to? Paypal, of course, right? Wrong. Notice the "@" symbol in the URL. Everything before that symbol in a URL is treated as login information; that's where you'd enter a username and password if you were logging into a password-protected site. So in this case, it's essentially ignored. Instead, you are accessing this URL:

http: //154.32.198.16/account.cgi

and if you follow the instructions on that site by entering your credit card information, you're giving that info away to an untrusted third party who, undboubtedly, does not have innocent plans for it.

For those who require Snopes' stamp of authenticity... (note that the status is labelled is "false", but what is false is the claim made by the email that you receive, not that the scam is false.)

Aravnah Ornan

EBay users are experiencing the same problem, as explained here.