|
SCAMPATROL Working to protect
|
View previous topic :: View next topic |
Author |
Message |
Q Guest
|
Posted: Wed 10 Nov 2004 02:48 Post subject: PAYPAL SCAMS |
|
|
[content to be put here] |
|
Back to top |
|
|
garde NEW Forum Member
Joined: 21 Jun 2005, 12:59 Posts: 2 Location: Planet Earth
|
Posted: Tue 21 Jun 2005 17:32 Post subject: |
|
|
I did receive this PayPal scam earlier this week:
Quote: | Security Measures
We are currently performing regular maintenance of our security measures. Your account has been randomly selected for this maintenance, and you will now be taken through a series of identity verification pages.
Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause.
For your security, PayPal will never ask you to re-enter your full bank account, credit, or debit card number without providing you at least the LAST TWO DIGITS of the number. These digits let you know that we already know the full number and are asking you for the rest of it. Beware of any website or email asking for these numbers for "verification" that does not PROVE that it knows the number by providing at least the last two digits.
Please click the link below and fill in the correct information for the following category to verify your identity.
https://www.paypal.com/cgi-bin/webscr?cmd=login-run
Ignoring our request, for an extended period of time, may result in account limitations or may result in eventual account closure.
Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account.
We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department
|
While the email itself does look quite legitimate, the underlying HTML was quite notorious. The link that was under the login for the PayPal login was not what it seemed - it went to another site completely - a site that, after some investigation and IP checking, I found was registered through MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE and hosted on Yahoo. The page itself was an exact duplicate of PayPal's login page.
The phishing site is http://SECURE-PAYPAL-ASPI-DLL.COM, and it's whois is as follows:
Domain Name.......... secure-paypal-aspi-dll.com
Creation Date........ 2005-06-19
Registration Date.... 2005-06-19
Expiry Date.......... 2006-06-19
Organisation Name.... Ashley Nyberg
Organisation Address. 116 St. Clair Drive
Organisation Address.
Organisation Address. Marquette Heights
Organisation Address. 61554
Organisation Address. IL
Organisation Address. UNITED STATES
Admin Name........... Ashley Nyberg
Admin Address........ 116 St. Clair Drive
Admin Address........
Admin Address........ Marquette Heights
Admin Address........ 61554
Admin Address........ IL
Admin Address........ UNITED STATES
Admin Email..........
Admin Phone.......... +1.8776567778
Admin Fax............
Tech Name............ YahooDomains TechContact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email...........
Tech Phone........... +1.6198813096
Tech Fax............. +1.6198813010
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com
I have reported the site to PayPal twice now, but as of this morning, the site is still up, and I would imagine still being used to cheat people.
WARNING:
PAYPAL DOES NOT ASK YOU TO UPDATE INFORMATION FROM EMAIL, NOR DOES IT EVER UTILIZE A LOGIN PAGE THAT IS NOT SECURE.
ALWAYS check when logging into PayPal to make sure that the URL starts with https:// if you are on the PayPal login page. I have been a PayPal customer for over 3 years now and they have sent me email asking me to update my information exactly 0 times - they simply do not do this. The whole thing about entering the two digits is a farce - the con artist don't care about those digits and it is there to throw you off - by the time you reach that page, you have already entered your PayPal login and password into their database for their use.
If you ever feel that your PayPal has become compromised, it is important that you immediately log into PayPal and change your passwords to a very secure password and notify PayPal of the problem so they can be watching for any unusual transactions.
To file a claim of unauthorized access to your PayPal account, use this link:
https://www.paypal.com/wf/f=sa_unauth
If you can no longer access your PayPal account, use this link: (try the below first!)
https://www.paypal.com/ewf/f=sa_unauth
If you cannot access your account - PayPal offers these instructions to try FIRST!
*We have developed a process by which you can regain access to your
PayPal Account by confirming some of the information you gave when
registering for your account. Please follow the instructions below,
which will guide you through the rest of the process.
1. Visit https://www.paypal.com/ and click the 'Forget Your Password?'
link located under the box provided (you may have to first click a 'Log
In' button if our system does not recognize the computer you are using)
2. On the page that appears, enter your email address in the box
provided and click 'Submit'. The email address entered must be an email
address you have added to your PayPal Account
3. An email containing a hypertext link along with additional
instructions will be automatically sent to the email address you entered
in Step 2. Click the link
4. You will be asked to verify your identity by answering questions
based on your account information
* Please note that if you are requested to answer your Security
Questions to verify your identity, both questions must be answered
5. Click 'Submit'
Once you have successfully verified your identity, you can change your
password and access your account immediately. We suggest that you also
review your Profile information and make any necessary updates.
If you cannot verify your identity, click the 'fax information' link on
the 'Verify Your Identity' page for further instructions to recover your
password.
Your best bet is to always be observant when you are loggin into Paypal to make sure you are actually logging into PayPal. But just in case something has gone wrong, I hope that something on this page has been able to help you regain, or at least secure your PayPal page so your financial information, while it might not be accessable to you for a while, will be safe from the prying eyes of a common theif.
NOTE: after contacting the FBI about this site, they called me back and told me that they had been aware of this site for a couple of days now and that I needed to contact the IFCC division because they didn't have the resources to manage this type of crime there. (They are on the ball since the registry only shows it to be a couple of days old!) I filed my complaint with the IFCC as insructed. |
|
Back to top |
|
|
jez Victim Support
Joined: 10 Nov 2004, 15:39 Posts: 201 Location: UK
|
Posted: Tue 21 Jun 2005 18:38 Post subject: |
|
|
There's a lot around at the moment - I still have this from a few weeks ago:
Quote: | X-Apparently-To: xxx@yahoo.com via 66.218.94.89; Fri, 03 Jun 2005 07:52:37 -0700
X-YahooFilteredBulk: 216.66.18.78
Authentication-Results: mta218.mail.mud.yahoo.com
from=email.paypal.com; domainkeys=neutral (no sig)
X-Originating-IP: [216.66.18.78]
Return-Path: <root@superspudsfun.com>
Received: from 216.66.18.78 (HELO superspudsfun.com) (216.66.18.78)
by mta218.mail.mud.yahoo.com with SMTP; Fri, 03 Jun 2005 07:52:37 -0700
Received: (qmail 17031 invoked by uid 0); 3 Jun 2005 13:48:57 -0000
Date: 3 Jun 2005 13:48:57 -0000
Message-ID: <20050603134857.17030.qmail@superspudsfun.com>
To: xxx@yahoo.com
Subject: News: Update Your Account !
From: PayPal <news@email.paypal.com>
Content-Type: text/html
Content-Length: 1209
Dear valued PayPalŪ member:
It has come to our attention that your PayPalŪ account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.
However, failure to update your records will result in account suspension.
Please update your records on or before Jun 6th, 2005.
Once you have updated your account records, your PayPalŪ session will not be
interrupted and will continue as normal.
To update your PayPalŪ records click on the following link:
http:// www.paypal.com/ cgi-bin/webscr?cmd=_login-run (put your cursor over this and it shows: .canalpymes.com/.bashrc/login/html)
Thank You.
PayPalŪ UPDATE TEAM
Accounts Management As outlined in our User Agreement, PayPalŪ will
periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside
|
|
|
Back to top |
|
|
jez Victim Support
Joined: 10 Nov 2004, 15:39 Posts: 201 Location: UK
|
Posted: Sat 25 Jun 2005 12:03 Post subject: |
|
|
Got this one today:
Quote: | Return-Path: <service@paypal.com>
Received: from mx3.messagingengine.com (mx3.internal [10.202.2.202])
by server3.messagingengine.com (Cyrus v2.3-alpha) with LMTPA;
Fri, 24 Jun 2005 18:43:30 -0400
X-Sieve: CMU Sieve 2.3
X-Resolved-to: xxx@fastmail.fm
X-Delivered-to: xxx@fastmail.fm
X-Mail-from: service@paypal.com
Received: from 66.111.4.72 (unknown [209.200.117.122])
by mx3.messagingengine.com (Postfix) with SMTP id 97FA994426D
for <xxx@fastmail.fm>; Fri, 24 Jun 2005 18:43:30 -0400 (EDT)
Received: from 8at.zs54o3t.org [30.99.45.129] by 66.111.4.72 with ESMTP id 416E343363A; Fri, 24 Jun 2005 20:41:30 -0200
Message-ID: <v1-q527bz-44p--0-3kn$23c@m6pp.ws25x>
From: "service" <service@paypal.com>
To: <xxx@fastmail.fm>
Subject: PayPal Flagged Account
X-Orig-Date: Fri, 24 Jun 05 20:41:30 GMT
Date: Fri, 24 Jun 2005 16:41:30 +0000
X-Mailer: AOL 7.0 for Windows US sub 118
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="9_DE9.4D4.A47B"
X-Priority: 3
X-MSMail-Priority: Normal
We recently noticed an attempt to log in to your PayPal account from a foreign IP address and we have reason to belive that your account was used by a third party without your authorization.
If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. Therefore, if you are the rightful account holder, click on the link below to log into your account and follow the instructions.
(Useful phishing alert from Fastmail!
WARNING: URL text and host don't match, possible phishing attempt. URL disabled. Original URL='"http://www.idhp.com.br/modules/FCKeditor/upload/Media/abuse/"'. Original text='https://www.paypal.com/cgi-bin/webscr?cmd=_login-run'. For more information on phishing click here.)
If you choose to ignore our request, you leave us no choice but to temporarily suspend your account.
If you received this notice and you are not the authorized account holder, please be aware that it is in violation of PayPal policy to represent oneself as another PayPal user. Such action may also be in violation of local, national, and/or international law. PayPal is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that impersonators are prosecuted to the fullest extent of the law.
Thank you for your patience as we work together to protect your account.
Sincerely,
PayPal Account Review Department
PayPal, an eBay Company
|
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|