Having your PayPal information stolen, even if you don't have an account, is easier than you might think. Despite this paradox and efforts made by Library and Technology Services to filter junk mail, Brandeis students have fallen prey to online scam artists.One scam that has found its way to Brandeis looks similar to e-mails that come from eBay: It asks users to input financial data to verify account information from the online auction site, and according to internetnews.com has been showing up all across the country.

One student who wished to remain anonymous fell for such a scam. He said he received an e-mail that appeared to come from PayPal, company which enables users with an e-mail address to make and receive online payments for sites such as eBay. The e-mail said that PayPal had lost his information. After giving them a slew of information the student realized that the company's website was not PayPal.com. It was at this point, he said, that he realized he had fallen for a scam.

"I used to think that this could never happen to me as I am always extremely careful with my personal information," the student said. "It's a horrible experience which leaves you shocked and befuddled as to how you could have fallen for it."

A number of other Brandeis students said they received such e-mails, but they avoided falling victim.

Jon Pearlson '08 came just moments from giving away his personal information, including his Social Security number.

"I got this e-mail and my first response was, 'oh man, oh man, somebody's got my PayPal account.' So I clicked on the link and I put in my log-in [information] and put in what I figured my code would have been," Pearlson said.

Then it dawned on him. "A few minutes later I realized that I don't have a PayPal account, and that it must have been some kind of trick."

Chief Information Officer Perry Hanson said he hopes that Brandeis e-mail users will learn to recognize a scam when they see one.

"It's amazing how people do get suckered and it's a shame," he said. "I virtually never ever open an e-mail if I don't know the sender. But you can't not open everything. It's a challenge."

Josh Robinson '08 almost gave away his information to a seemingly real e-mail from eBay asking for all of his personal information. This time it almost worked because

Robinson in fact has an active eBay account and was concerned that

there might be problems with it. The e-mail told Robinson that his account and credit card information and user name and password had been compromised, and asked him to sign in immediately with this information so that they could keep his account secure.

"You click on a link and it takes you to a Web site that looks just like eBay," Robinson said. From there, Robinson said he was asked to put in his user name and password, followed by a page asking for his credit card information.

He became wary at that point and, remembering that he had bought something off eBay recently and everything had seemed to be fine, called eBay's customer service.

"They told me it was a fraud e-mail and to change my password immediately, so I did and my account was fine," Robinson said.

The challenge of helping students know what is real and what is a scam has become a central concern for LTS.

"We're pretty obsessed with trying to help people understand that it is very easy to get sucked into these scams and that it's a big problem," Hanson said.

The large amount of similar junk mail making way through the filters was part of the reason that Pearlson thought the PayPal scam was authentic.

"The only reason I thought it was real was because on the same day I got all these e-mails saying that my PayPal was gone and my eBay was gone, so I figured somebody was targeting me specifically and stealing my information," he said.

Brandeis uses software called SpamAssassin, which detects and blocks obvious spam, Hanson said.

"It essentially allows us to identify things that we know need to be filtered out," Hanson explained. "There are thousands and thousands [of e-mails] a day and we block hundreds of thousands of them because we know that they're spam. But one of the challenges is what we call a false positive; if we get too tight a filter, then we'd block mail you should get, and that would annoy you a lot, so we try to find a balance."

Pearlson said he understands this dilemma.

"I don't blame Brandeis because they can't filter that much," he said. "How does Brandeis know that it's not real, and if Brandeis doesn't let in something from PayPal then they can get screwed, because what if it is real?"

Hanson said precautions like calling customer service are a very wise move. He also recommended being cautious when typing e-mail addresses into online forms.

"Say that you go off to a Web site and you provide them some information. That could trigger 10, 20, 30 e--mails, because they're making money by providing your e-mail address to a bunch of folks out there."

Even Hanson himself almost fell for a particularly sneaky swindle.

"There's another scam which I missed," he recalled with a chuckle, "when you get an e-mail that you don't want and at the bottom it says, if you don't want to get this e-mail, reply. So as soon as you reply, they gotcha. I felt stupid. It's very easy to succumb to these scams."

Hanson warns students never to click on actual links in e-mails as Robinson did. These links can carry malicious codes and give computers viruses, let alone fool users into giving out sensitive information he said.

Hanson instead reccomended typing in the URLs to go to the Web sites.

Hanson also advises students to be careful. If an LTS whiz almost falls for online scams, anyone can. Quoting P.T. Barnum, Hanson said, "There's a sucker born every minute.