Com-Central.net

A reminder about Phishing for those that use PayPal :: Archived
This is a forum for Software related items such as OS', Virus notices, cool or free programs, etc. Gaming software should go in the gaming folder pertaining to the current info.

Forum Index › Software

Topic Archived

View previous topic :: View next topic

Author

Message

JG300-fr8ycat
Power User

Offline
Joined: Mar 13, 2005
Posts: 1528
Location: Los Angeles

Posted: Mon Jan 23, 2006 3:13 am
Post subject: A reminder about Phishing for those that use PayPal

Received an e-mail this morning from what looked like PayPal (service@PayPal.). Coloring, font, etc all looked exactly like the Paypal site. Below is what was said in it.

"Security Measures

Dear Paypal Member.

We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address and we have reasons to belive that your account was hijacked by a third party without your authorization. If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you.

If you are the rightful holder of the account you must click the link below and then complete all steps from the following page as we try to verify your identity.

Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause.

Thank you for your prompt attention to this matter."

Scary stuff for sure and I almost bit! luckily I decided to close out my e-mail and log onto the PayPal site. After loging in I noticed absolutely no notices to the above mentioned. Forwarded the email to PayPal and received the reply that it was indeed a fake.

Thought I would pass it along and remind PayPal users that they will always use your full name in any email they send you (not "dear member" like above). Also never click email links in any emails you may receive (real or fake) from business's you have accounts with. Always exit your email (especially if it's browser linked) open a new browser window and log on to your account like you normally would.

Just a friendly reminder and a heads-up to users of PayPal.

Shadow_Bshwackr
Janitor

Offline
Joined: Jan 21, 2005
Posts: 7019
Location: Central Illinois, USA

Posted: Mon Jan 23, 2006 12:07 pm Post subject: Re: A reminder about Phishing for those that use PayPal
Clever bastids they are! Yep, good advice fr8ycat and thanks for the heads up...

JG300-Ascout
Power User

Offline
Joined: Jan 05, 2005
Posts: 6257
Location: Cyberspace

Posted: Mon Jan 23, 2006 1:04 pm Post subject: Re: A reminder about Phishing for those that use PayPal
Yeah...they're so clever they keep asking me to update my PayPal account, and I don't even have one! _________________ "All facts go to clearly prove that Shades is a thrice-cursed traitor & mentally deranged person steeped in inveterate enmity toward mankind"

XcalibeR
Power User

Offline
Joined: Mar 11, 2005
Posts: 358

Posted: Mon Jan 23, 2006 4:47 pm
Post subject: Re: A reminder about Phishing for those that use PayPal

I've recieved something like that before. It was the same type of thing, except for Ebay. They had everything set up just like an ebail mail, including hijacking the pictures from ebay, all other links going direct to ebay, and even the fine print which stated that Ebay would never send unsolicited emails to users (perhaps TOO good? :mrgreen:). Anyways, the first thing that tipped me off about about it was the fact that I don't have an ebay account. The second thing that I noticed was that the link that took you away from the email to the "Ebay" login page. It was written out as the correct link, but using the bottom bar on the browser, I saw that it went to a completely different website. Being curious just to see how far they went with the charade, I followed the link.

It then took me to the "ebay" loging page, again, set up exactly as the one on ebay.com. I typed in random letters and stuff for the username and password (which means they steal your login info too, if you enter it right), and it took me to the "enter credit card information" page. All the while, I was watching the url, they didn't bother trying to hide the true url (the base site was for a flower shop in Japan). I guess they figured most people wouldn't see that after the original email. Anyways, I took out the file name form the url (***.html), and it took me to the site's file database. I could see every file they had. Using this info, I found pretty quickly that they also had another email going around, feigning to be the Red Cross (this was right after the tsunami).

That really pissed me off. I was mad, I was trying to get into their FTP to see what damage I could do (they had already let me in this far, someone with not too much hacking skill, maybe I could get further?). I couldn't, so I showed a friend of mine (a network tech) what I had found, and he was just as pissed off as I was. He did a few minutes of research, and told me how the whole site was set up, and that he could destroy the whole thing if he wanted. Probably for the better (legallity wise), we didn't do anything to it, but it just goes to show how far some people will go for money. They can put so much thought into tricking noob users, that they didnt' bother protecting themselves from college kids with a little knowledge of how the internet works Smile

_________________

[TSF]Lt. Col. XcalibeR{5thF}
PG_Raptor

Forum Index › Software
Page 1 of 1

All times are GMT - 6 Hours

Archive Revive
Username:
This is an archived topic - your reply will not be appended here. Instead, a new topic will be generated in the active forum. The new topic will provide a reference link to this archived topic.

Select Language

Login

`±`Recent Visitors

`±`User Info-big

Com-Central.net

Select Language

Login

±Recent Visitors

±User Info-big

`±`Recent Visitors

`±`User Info-big