Joined: Apr 18, 2004 Posts: 5303 Location: Greensburg PA
Posted: Thu Nov 25, 2004 6:50 pm Post subject: PayPal users, Phishers on the loose!
Hey all, I never thought I would see the day that a phisher threw me some bait, but yesterday it happened.
When I woke up and checked my email, I had an email from confirm@paypal.com
The email went on about Security and the fact that they have noticed some over seas login attempts on my account. It further explained that I needed to reverify my account within 72 hours otherwise they would have no choice but to suspend my account.
The email was so legit looking, but still, nowhere in the email was my name or business name mentioned. The link in text form was an actual PayPal link, if I were to type it in the address bar, it took me to a legit paypal login screen. I knew it was legit because my cookie settings put my username in the form field. However, when I clicked their link I was taken to a http://123.456.789./.verification/log.yada yada site.
Immediately when I saw that address I knew it wasn't a true PayPal site. Even though it was Identical!! Very authentic down to the images and fonts. It requested that I login, so for shits and giggles I put a bogus account name and bogus password. It proceded to log me into a fake account where it told me due to the verification process most of my account features have been disabled, but once I verify my information, I will then be asked to login again and my account will then be restored. It had all of the PayPal forms like bank account info, ss info, d.o.b., CC info, everything to give the phishers all they needed to steal my identity, and better yet, login to my real paypal account and start bilking my accounts.
Natually, I input false names and information like for my name, f#&@'O You'O (if I took the extensions away from the URL it was a Japanese Firms website). My guess is a programmer for this company was hiding behind this site and using it to steal identities. Of course I couldn't also refrain from my bank being name, Bank of Remember Nagasaki. No offense to anyone though, it was all aimed at the phisher, nobody else. I was just very pissed that someone was doing this. If my wife would have gotten the same email, she would have refilled all of her info in, she didn't know. I showed it to her and she even admitted, she would have fallen for it.
Remember, if you EVER get any emails telling you to verify an account DONT. Not until you personally forward the email to the company and have them verify it came from their server. BTW, paypal will check any emails, all you have to do is forward to spoof@paypal.com .
I tried to check the page today and the whole site has been taken down. I guess PayPal already found their phisher. I would love to know what happened to them!
If anyone wants to see the email, let me know. PM me or list your address and I will forward it to you. This way, you will get an idea of how legit it looked!
later all
realmccloy
-----------------------------
http://www.xbox-hq.com http://www.themodgod.com _________________ Good Deals: Death@Hand, funkydopenloven, StaticMind, Slamscaper, PorscheXboxter
Bad Deals: None Yet
Pending Deals: Vanguard
jundox Xbox-HQ Member Xbox Version: Xbox V1.0 Modded: SmartXX V2 LE
Joined: Nov 03, 2004 Posts: 58 Location: NY
Posted: Fri Nov 26, 2004 3:48 am Post subject:
$hit man i did a verification for paypal about a month ago...i didnt see any strange activity on my account, but i hope it was legit...i keep an eye out for phishers to begin with, but when links send you to official looking sites its hard to tell...thanks for the info rm
forahobby Administrator
Joined: May 22, 2003 Posts: 23944 Location: NSW, Australia
Posted: Fri Nov 26, 2004 5:01 am Post subject: I know exactly what you mean! :(
HI RM,
I receive atleast one of those emails every week from a phisher..
They are getting quite good at tricking the average user into thinking they are on the legitimate paypal site. They always hack servers and take over webspace.. Thats how its done.. The CitiBank emails are very similar.. They hack a server and then upload the citibank html code and get all the info they need.. I get CitiBank emails all the time and dont even live in the USA!
The best thing you can ever remember with pAYPAL is:
They always address you by your FIRST & LAST NAME (surname) OR business name.. They never send out a email without your full details. REMEMBER THAT! (thats how rm picked up on it i think)..
I have actually gone one step further and install a freeware program called 'SpookStick'. It shows you in IE / FIREFOX toolbar the real URL no matter what.. Ill add a screenshot of this page and show you..
TheModGod Xbox-Hq Legendary Xbox Version: Xbox V1.0 Modded: SmartXX V2 LE
Joined: Apr 18, 2004 Posts: 5303 Location: Greensburg PA
Posted: Sun Nov 28, 2004 5:49 am Post subject:
Thanks for the info forahobby!
Jundox! You need to change your PayPal account password and run a throrough online credit report and see if there are any inquiries in your name. If you still have the PayPal verification email, you need to forward it to spoof@paypal.com
From what I was told by PayPal they do not send those types of emails. I don't blame you for falling for it man, they are incredibly good.
PayPal will also always send you an email and address you by your name and business. This email was not addressed to anyone. It was down within 24 hours of me notifying PayPal.
I used to work in a Credit Office, so if someone has been trying to open accounts in your name you will see it in your "inquiry history" It usually stores six months worth depending on the credit reporting agency. You want a report that showcases all three major credit reporting agencies.
They will also try to open checking accounts and also phoney businesses in your name. Also, contact your bank and get a new account number. Seriously, I would do that if you want to protect your identity. Unless of course you have the email and PayPal can verify it.
Good luck bud.
realmccloy
------------------------
http://www.xbox-hq.com http://www.themodgod.com _________________ Good Deals: Death@Hand, funkydopenloven, StaticMind, Slamscaper, PorscheXboxter
Bad Deals: None Yet
Pending Deals: Vanguard
slick_j_2002 V.I.P. Lifetime Xbox Version: Xbox V1.0 Modded: SmartXX V2 LE
Joined: Oct 29, 2004 Posts: 273
Posted: Fri Dec 10, 2004 6:52 am Post subject:
Scary stuff... Good thing I never respond to e-mails... Even from my mother!
Anyway, I doubt anyone would want to steal my identity. My credit is so poor, the post office won't even hand me a stamp without seeing the money up front.
Always best to be safe, though.
|
All times are GMT |Page 1 of 1
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
HQ Network: 8,778 | 
Guests: 1212 | 
Members: 1 
Forums 
(thats how rm picked up on it i think)..
