Troubling email from "Paypal"...

Osiris_x11

Osiris_x11

Gold Member, Moderator: Marketplace
Joined
12 August 2003
Messages
4,971
Location
Austin, Republic of Texas
hmmm... I just got an email from "Paypal" that has me a bit concerned. It appeared to be authentic as I visually scanned it a few times and then clicked on the link provided. Also, my paypal is registered for USA but I am in the UK for the time being & using it here for online purchasing. So the email's context seemed credible, Well, it instantly started to redirect me to someother server (the url was an IP followed by some odd domain). I stopped that immediately, but I fear I may have downloaded some information 'stealing' keylogger or other malware... :confused:

From: [email protected]
Subject: Notification of Limited Account Access

Dear PayPal valued member,

PayPal is committed to maintaining a safe environment for
its community of buyers and sellers.

To protect the security of your account, PayPal employs
some of the most advanced security systems in the world
and our anti-fraud teams regularly screen the PayPal
system for unusual activity.


Recently, our Account Review Team identified some unusual
activity in your account.

In accordance with PayPal's User Agreement and to ensure
that your account has not been compromised, access to
your account was limited.

To restore your account please click on the link bellow:

http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
(NOTE: Do not click!!!)

If you fail to restore your account access by the date
shown below, your account will be closed.


This notification expires on the 31th of March, 2005.


About | Accounts | Fees | Privacy | Security Center | Contact Us | User Agreement | Developers | Buyer Credit | Referrals | Shops | Mass Pay

an eBay company

Copyright © 1999-2004 PayPal. All rights reserved.
Information about FDIC pass-through insurance

The HTML graphics in this message have been displayed. [Edit Preferences - What's This?]


Any insights you guys might have on this? This is a new notebook I am using, so new that I'm not even done setting up all the software and drivers.

:frown:
 
Last edited:
Definitely a scam. They call this fishing. Usually the scam is an attempt to get access to your account by having you enter your user name and password on a fake website. There may be some malware or spyware consequences as well, but usually it is just the fishing attempt.
 
I've gotten a few of these lately. I forwarded them to [email protected]. I think someone is sniffing the outgoing paypal email since I've gotten these messages on an email account that does not get spam. I received the first one just hours after a paypal exchange.
 
Educational Tutorial on how this scamming works

It's actually called "phishing" (fishing) and yeah, it's a scam. When you hover the www.paypal.com link it shows it's true destination www,vfmplast,go,ro/index.html (i've used commas instead of periods to prevent people from clicking).

<FONT SIZE=+2><B>DO <U>NOT</U> VISIT THAT LINK: It contains a trojan</B></FONT>

However for those of you curious what happens... here's what does! :D

You can actually go to this website, and it will load a webpage that looks exactly like paypal. (See screenshot 1) Even the help links take you to paypal's help. However, <B>as the page loads it tries to install a nasty <A HREF="http://securityresponse.symantec.com/avcenter/venc/data/js.trojan.blinder.html">JS.Trojan.Blinder</A> on your system</B> which is used to change the URL in the address bar to look like PayPal.com. Very smart.

If you try to log in, it will always work... no matter what you type in. AMAZING! :D Then it asks you to verify your credit details... which of course i did (see attached).

So there you have it.... the scammer then collects your information, and helps him or herself to your back account. They would also have access to your paypal account to make deposits into their own accounts. Plus you'd have a trojan on your computer and they'd have your IP address & some system details. If you had undertaken these steps, you would have been scammed. :(


These websites usually have a VERY short lifespan... they either go off-air to avoid detection or get shutdown quite quickly.

Hope this has been educational to help protect fellow NSX Primers from phishing.
 

Attachments

  • paypal-hoax.jpg
    paypal-hoax.jpg
    44 KB · Views: 198
  • paypal-hoax2.jpg
    paypal-hoax2.jpg
    23.5 KB · Views: 191
Talk about EVIL!?!

hmmm... Thanks everyone, very appreciative. I was very concerned that there was some bug/worm/whatever that may have installed itself into my system even though I closed the link after clicking it in no more than a fraction of a second. :eek:

i have also edited my original post. I changed the inserted link's hypertext to " , " where there were " . " as Neo did above. I don't want any hungover NSX'ers from the weekend of coping w/ 'Prime being offline, to click it in a Homer'esque moment, lol! :D

FYI: I'm considering removing my debit/checkcard linked to PayPal and simply use a credit card w/ an insignifcant credit limit and fraud-protection services. Am I overdoing it? I had been contemplating this for sometime... :frown:
 
<B>Osiris_x11</B> : Did the page display? If not, you should be fine. I noticed the link was VERY slow and the trojan tried to install itself towards the end of the page loading. If you have uptodate anti-virus software, you'll be fine.


Re/ your credit card and paypal, 99% of the time you'll be fine. But i can't say for sure you will because i dont want to be held liable. While the Internet is actually a very safe method to perform transactions, you can never be too careful. A limited credit account wouldn't hurt and it certainly wouldn't be over-reacting. that's my advice anyhow.


EDIT: the scammer appears to be related to a company in Amsterdam. :rolleyes:
 
SNDSOUL said:
paypal will always use your name in any correspondence also. It says this on their site
Click to expand...

That is exactly right. You will notice that if you forward the email to the [email protected], when it comes back to you they will greet you by your first and last name. Then you know it came from them.
BTW, ebay does the same thing. So be careful.
 
when it comes to ebay and paypal.. I always logon to the site directly. .

I get ebay and paypal trouble email 3-4 times a week. It is all bull.

I use a paypal primary email address that is totally different than my normal ebay one. So any email from paypal I know it is bogus.....
 
I got a similar email from "ebay" about two weeks ago. I immediately reported it to them and they confirmed it was a scam.
 
I get these emails all the time from spoof eBay and Paypal. If I have extra time, I type in F..KYOU as my username and the password and I get a "thank you" from that. Sort of like a stress reduction. :biggrin:
Steve
 
Hi

I also got that email from "Paypal".

Usually I use my main computer to download mails in the morning. Then read and or reply to mails during the day and then send it when I get home.

What is good is that my main computer is a Hp200LX Dos Palmtop. So when I have the mails on that little thing I can not click on every link that is in the email.

What is also good is that this mail was sitting in my inbox on my palmtop for some days. Then with my "surf computer" I went to Paypal.com and happen to read the info about "Fraudulent email".

So this little palmtop of mine is helping me deal with every aspect of my life and also protects me against these kinds of spoofs.

Neo thanks for the write up on how they do it.

Regards
 
Re: Educational Tutorial on how this scamming works

NeoNSX said:
If you try to log in, it will always work... no matter what you type in. AMAZING! :D Then it asks you to verify your credit details... which of course i did (see attached).
Click to expand...
I take offense to that, Neo. Are you implying that there is a "noobville" in AZ? Or that the police in AZ are "noobs"? :mad:

Okay, now back to helping my users.

Dear Fix-it-fairy,

I have a problem with Kazaa. I have been having a problem getting it to sign on. I checked with the website and they said to ask you to help me with port 1214.It say to do the following: You should open up port 1214 on this firewall, or configure SOCKS5 on both the firewall and Kazaa Media Desktop. You will most likely need your network administrator to assist with this. What do I do?

Dear What do I do?

Many people that use Kazaa mistakenly contact the Fix-it-Fairy at the Network Administrator.com to help with their problems. As do AOL Users and any other program that has a popup box the says, "Contact Your Network Administrator" The network administrator at thenetworkadministrator.com is not your network administrator. If the Network Administrator had to support AOL and Kazaa users, The Network Administrator would give up computers all together move to Queensland Australia and get a job at the Australian Zoo cleaning out the Dingo's cages.
Click to expand...
 
Re: Educational Tutorial on how this scamming works

PHOEN$X said:
I take offense to that, Neo. Are you implying that there is a "noobville" in AZ? Or that the police in AZ are "noobs"? :mad:

Okay, now back to helping my users.
Click to expand...

Ah... no comment. If i say AZ you hate me. if i say it was a typo on 'AU' the aussie boyz will hate me.

so.................. still no comment. :D but no offense was intended.


ps. how can AZ be noobville when you're hosting NSXPO'05? Impossible. ;)
 
Re: Educational Tutorial on how this scamming works

NeoNSX said:
no offense was intended.

ps. how can AZ be noobville when you're hosting NSXPO'05? Impossible. ;)
Click to expand...
Okay, you are forgiven. What are you doing up this time of day (or night, for you)? Can't sleep? What's troubling you?
 
Re: Educational Tutorial on how this scamming works

PHOEN$X said:
Okay, you are forgiven. What are you doing up this time of day (or night, for you)? Can't sleep? What's troubling you?
Click to expand...

He is probably up watching Carguy's garage too.

Just like Big Brother..nothing happening, but when something happens it is good. Carguy drove out a while ago. I almost dropped my laptop when he started it up :)

Regards
 
LOL... it's 4:50am. Can't sleep. Crap I've been up for hours. :( (all that talk about being "the one" really weighs on your mind i tell u :rolleyes: :D )


ROFL @ <B>martin</B>... it's not there at the moment, so i am worried. :p
 

Similar threads

Hugh
Memorabilia NSXtravaganza Diecast Mega Drop 3 of 3 Small Scale
Replies
11
Views
1K
Hugh
Hugh
neuronbob
Head’s up to 2017 owners about demise of Acuralink for your cars
Replies
10
Views
2K
Bram
Bram
VANSXTC
  • Sticky
Thoughts from a 20+ year NSX Owner to new NSX Owners (and maybe some not so new)
2
Replies
43
Views
23K
C2 Turbo
C2 Turbo
stuntman
  • Sticky
***STICKY*** - Design and Make your own NSX 3D Printed Parts! - Tutorial
Replies
22
Views
8K
Soulpoison
S
jeffreygebhart
Identity theft
Replies
0
Views
831
jeffreygebhart
jeffreygebhart
Back
Top