Announcement

Collapse
No announcement yet.

Warning: How a scam works

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Warning: How a scam works

    I received a Paypal scam e-mail this morning and I thought I would show why you should never click on a link in an e-mail.

    First, this is how the e-mail appears:



    But, what you see is not what you get. Hidden in the e-mail and not shown to you by Outlook Express is some simple computer code like this:

    <font face="Verdana, Arial" size="2">
    &lt;a onmouseover="window.status='https://www.paypal.com/cgi-bin/webscr?cmd=_verification'; return true;" href="http://www.losases.com.uy/ssl/pp/" target="_blank" &gt;
    https://www.paypal.com/cgi-bin/websc...tion&lt;/a&gt;
    </font>
    Embedded in this invisible part of the e-mail is where you actually end up. I have inserted "(break link)" so it can't be clicked on here.

    Code:
    http://(break link)www.losases.com.uy/ssl/pp/(break link)
    This URL takes you to a perfect replica of what looks to be a Paypal page. It looks like this:



    I don't advise actually checking out that URL unless you use Firefox and know exactly how to set your security settings.

    When you enter your personal info on that page they then have all they need to screw you over.
    Free software for calculating bolt circles and similar: Click Here

  • #2
    That one and a very similar one from eBay are common. I get one every week or so. Forward them to [email protected]

    The thing that I do not understand is why they cannot be backtracked and prosecuted. Or, perhaps persecuted.
    Jim H.

    Comment


    • #3
      Evan,
      Haven't gotten this one yet but did get one simular to be "Verified" (that's what they called it.
      Have seen the verified sign on Ebay but Ebays address was not in the properties of the email. It also had the "Account Review" attached to it.

      Thanks for the heads up.

      Larry

      Comment


      • #4
        I think most of those places (Ebay, PayPal, etc.) tell you in their literature and emails and so forth not to use links in any unsolicited email (or any email?). Always type in the link use the URL that you have always used (in your favorites or whatever).

        That type of email is called phishing (sounds like fishing). There are many forms phishing can take. Sometimes looking for info for identity theft. Sometimes just looking for valid and active email addresses for the e-marketers.

        Comment


        • #5
          I have gotten just "that" link.

          No I didn't reply.
          There was sellers on there with the "check out now" on thier page that took you to "thier" site to enter in "your paypal account name and password" it kinda looked like paypal too, but no lock in the lower right corner.

          David.. thank for the heads up.

          Comment


          • #6
            I get those many times a month, I don't use eBay or PayPal, and don't have accounts with either of them any more, but these scam mails keep coming.

            Jerry

            Comment


            • #7
              Thanks Evan, I received an e-mail recently asking me to click on a link to verify my IP (MSN) account information to "prevent interruption of service". I checked on my account from the MSN homepage and found all was well, and then reported the e-mail address of the scammer to MSN.

              [This message has been edited by Carl (edited 12-08-2004).]
              THAT OLD GANG 'O MINE

              Comment


              • #8
                Thanks Evan, great writeup.

                These don't worry me too much. With 1 oz of thought I could spot 'em. What worries me is if a guy like Evan wanted to write a scam email. I'm willing to bet Evan could write one I wouldn't spot.

                Comment


                • #9
                  "The thing that I do not understand is why they cannot be backtracked and prosecuted. Or, perhaps persecuted. "


                  I would just shoot them, scams piss me off so much, especially when your dealing with real money and not computer game accounts

                  Comment


                  • #10
                    The domain that the scam URL points to is registered in Uruguay. I poked around the Uruguay registry and found out why. They do not provide WHOIS information on registrants. It is administered by Internic.uruguay. Smug little bastards, the registerd URL in the scam is www dot losases dot com dot uy. "Los Ases" translates to "The Aces". It would be possible to have the domain shut down, possibly, by contacting the country service provider which is Antel.
                    Free software for calculating bolt circles and similar: Click Here

                    Comment


                    • #11
                      Nice post Evan. I got so sick of getting the "Verify your info" emails, that a couple weeks ago I clicked on their button. I wanted to tell them to "kiss my a--", I couldn't do anything without logging in which I didn't. Figure out a way for us to get a message to them!
                      I am running Foxfire now
                      Michael

                      Comment


                      • #12
                        i thought "los ases" translated to "the asses"

                        Comment


                        • #13
                          Too bad no one here is low enough to run a DoS attack on the site.

                          Comment


                          • #14
                            I have e-mailed (in English and Spanish) the tech department of the domain registrar Antel and informed them that the domain they have regeistered is running an illegal scam. We'll see if the scam page keeps working.
                            Free software for calculating bolt circles and similar: Click Here

                            Comment


                            • #15
                              CCWKen:
                              Yeah, I forgot how to after my stroke - but I do know how to contact the FBI and CSIS when I get a live one.

                              Evan
                              I get those all the time. I always forward to [email protected] and mark as junkmail. Forwarding to [email protected] fails sometimes because the smartasses include a special .gif file that ebay.com does not have so it craps out - these I send to the internet spooks.

                              Comment

                              Working...
                              X