#1: A reminder about Phishing for those that use PayPal Author: JG300-fr8ycat, Location: Los AngelesPosted: Mon Jan 23, 2006 3:13 am ---- Received an e-mail this morning from what looked like PayPal (service@PayPal.). Coloring, font, etc all looked exactly like the Paypal site. Below is what was said in it.
"Security Measures
Dear Paypal Member.
We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address and we have reasons to belive that your account was hijacked by a third party without your authorization. If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you.
If you are the rightful holder of the account you must click the link below and then complete all steps from the following page as we try to verify your identity.
Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause.
Thank you for your prompt attention to this matter."
Scary stuff for sure and I almost bit! luckily I decided to close out my e-mail and log onto the PayPal site. After loging in I noticed absolutely no notices to the above mentioned. Forwarded the email to PayPal and received the reply that it was indeed a fake.
Thought I would pass it along and remind PayPal users that they will always use your full name in any email they send you (not "dear member" like above). Also never click email links in any emails you may receive (real or fake) from business's you have accounts with. Always exit your email (especially if it's browser linked) open a new browser window and log on to your account like you normally would.
Just a friendly reminder and a heads-up to users of PayPal.
#2: Re: A reminder about Phishing for those that use PayPal Author: Shadow_Bshwackr, Location: Central Illinois, USAPosted: Mon Jan 23, 2006 12:07 pm ---- Clever bastids they are!
Yep, good advice fr8ycat and thanks for the heads up...
#3: Re: A reminder about Phishing for those that use PayPal Author: JG300-Ascout, Location: CyberspacePosted: Mon Jan 23, 2006 1:04 pm ---- Yeah...they're so clever they keep asking me to update my PayPal account, and I don't even have one!
#4: Re: A reminder about Phishing for those that use PayPal Author: XcalibeR, Posted: Mon Jan 23, 2006 4:47 pm ---- I've recieved something like that before. It was the same type of thing, except for Ebay. They had everything set up just like an ebail mail, including hijacking the pictures from ebay, all other links going direct to ebay, and even the fine print which stated that Ebay would never send unsolicited emails to users (perhaps TOO good? :mrgreen:). Anyways, the first thing that tipped me off about about it was the fact that I don't have an ebay account. The second thing that I noticed was that the link that took you away from the email to the "Ebay" login page. It was written out as the correct link, but using the bottom bar on the browser, I saw that it went to a completely different website. Being curious just to see how far they went with the charade, I followed the link.
It then took me to the "ebay" loging page, again, set up exactly as the one on ebay.com. I typed in random letters and stuff for the username and password (which means they steal your login info too, if you enter it right), and it took me to the "enter credit card information" page. All the while, I was watching the url, they didn't bother trying to hide the true url (the base site was for a flower shop in Japan). I guess they figured most people wouldn't see that after the original email. Anyways, I took out the file name form the url (***.html), and it took me to the site's file database. I could see every file they had. Using this info, I found pretty quickly that they also had another email going around, feigning to be the Red Cross (this was right after the tsunami).
That really pissed me off. I was mad, I was trying to get into their FTP to see what damage I could do (they had already let me in this far, someone with not too much hacking skill, maybe I could get further?). I couldn't, so I showed a friend of mine (a network tech) what I had found, and he was just as pissed off as I was. He did a few minutes of research, and told me how the whole site was set up, and that he could destroy the whole thing if he wanted. Probably for the better (legallity wise), we didn't do anything to it, but it just goes to show how far some people will go for money. They can put so much thought into tricking noob users, that they didnt' bother protecting themselves from college kids with a little knowledge of how the internet works
