PDA

View Full Version : Scam alert guys



Forrest Addy
12-04-2003, 03:02 AM
Scam Alert guys.

Do NOT click on this link [http://haligalippl.port5.com/.../paypal-secure.com/login/webscr_track/login-run/gen_login_login_submit/rtof344nrut53nau45346ireo] do NOT click on this link

I've been getting one or more notices "...to check and re-enter secure data" a few days after I make a PayPal transaction. The PayPal graphics and logos in the email are all very convincing and the link appears to be a plausible sounding PayPal address. When I hovered my cursor over the link the above email address came up. Note the first part of the URL: pure fraud on the hoof.

I almost fell for it. The only thing they they missed is the little encryption "lock" graphic in the lower right corner of the screen. I typed in a phoney email address and password and the next screen opened right up. Had it been real PayPal I would have got a "Bad password" or some other intercept.

In it they requested my password and cradit card number and other personal data.

I reported it to PayPal via their security center suggesting they may have a leak in in their transaction software alerting the bad guys to email addresses when ever a transaction is posted with PayPal. More likely the evil ones are harvesting them from the bid list.

Evan
12-04-2003, 04:19 AM
Forest,

First check your machine to see if you have the Mimail virus.

Second, never visit a transactional website by clicking on a link on another web page. Go directly to the site in question from your address bar, such as www.paypal.com (http://www.paypal.com)

Forrest Addy
12-04-2003, 04:39 AM
Thanks Evan. I did and I don't.

I sent this to my extended email list. I received a couple of emails that wearily imformed me that I'm concerned about old stuff. No harm done. Some of my friends and relatives are too trusting.

Evan
12-04-2003, 04:50 AM
Good. I would recommend using some other browser for anything relating to money. Currently, there are about 18 unpatched vulnerabilities in IE, some which can allow any arbitrary code to be run on your machine merely by visiting a web page or hovering the cursor over a link. I recommend using Mozilla Firebird 0.7 from www.mozilla.org (http://www.mozilla.org)


It has none of the vulns that IE has. There is absolutely no reason you can't have more than one web browser on your computer. Firebird also has the capability to control pop-ups.

JCHannum
12-04-2003, 10:38 AM
The little padlock indicates a secure site. Also shttp:. If these are not present, dump it.
I occasionally get very real looking PayPAl, AOL and eBay correspondence asking for information including SS No. and credit card numbers to confirm account etc. DO NOT RESPOND, and do report them to the service, they all have fraud alerts to send them to.
The Nigerian thing has also appeard on the old engine site among others.
If someone scams you on eBay, post negative feedback, do not be afraid to receive negative yourself, you can respond to feedback to explain. Do it professionally, and be factual. If they beat you out of payment, report as non-paying bidder. If you let a hairball get away with a bad deal, you are not only hurting yourself, you are allowing him to continue doing business.
If someone scams me, I post negative and report.