I just received a very realistic Paypal Sphishing attempt saying that my account had been Limited. This included my name, and the correct email address that I'm using for my paypal account. I've uploaded the spam to my server for your reference, after editing out the real address of the spam site. You can see it here. Please beware of any paypal emails you receive, especially ones that say that your account has been limited. The spam site used www.paypal.com as the beginning of the URL, so make sure that you don't just glance at the beginning of the URL and believe that you are actually going to Paypal..
Beware of Realistic Paypal Sphishing attempt
- Thread starter gregw
- Start date
Help Support Candle Power Flashlight Forum
chesterqw
Flashlight Enthusiast
WOAH! super realistic indeed.
better get some anti phishing tools...
or just boycott the internet...
why aren't there death ,DEATH!!!! penalty for hackers and scammers?
better get some anti phishing tools...
or just boycott the internet...
why aren't there death ,DEATH!!!! penalty for hackers and scammers?
greenLED
Flashaholic
Greg, the bogus links on your updated copy of the e-mail seem to be "live" (meaning, they may be pointing to the phisher's malicious destination).
This probably goes without saying, but... Folks, DO NOT click on any links in suspicious e-mails!
This probably goes without saying, but... Folks, DO NOT click on any links in suspicious e-mails!
LifeNRA
Flashaholic*
- Joined
- Jan 29, 2004
- Messages
- 1,453
Forward any of these emails to [email protected] so Paypal will know. I have no idea if Paypal actually looks into these or not but they say they do.
turbodog
Flashaholic
I keep waiting for one of these things to come along as a 2 part attack.
1. modify the windows hosts file
2. send a paypal email with actual paypal.com/chase manhattan/etc links
The hosts file modification will redirect the www.paypal.com links to wherever they want you to go. And there's no way to catch it.
I discussed this type of attack at length with a friend in the security field. He says banks are watching for it; it's only a matter of time.
1. modify the windows hosts file
2. send a paypal email with actual paypal.com/chase manhattan/etc links
The hosts file modification will redirect the www.paypal.com links to wherever they want you to go. And there's no way to catch it.
I discussed this type of attack at length with a friend in the security field. He says banks are watching for it; it's only a matter of time.
Greg,
Did you report it to PayPal??
If you suspect fraud, foward the entire email to [email protected]
I got a very similar email about 3 months back saying that my account
was on hold due to suspicious activity. I found it very odd, so I opened up
a new window and logged into PayPal directly, my account was fine.
PayPal had this fake site shut down within 15 minutes.
Kid9P
Did you report it to PayPal??
If you suspect fraud, foward the entire email to [email protected]
I got a very similar email about 3 months back saying that my account
was on hold due to suspicious activity. I found it very odd, so I opened up
a new window and logged into PayPal directly, my account was fine.
PayPal had this fake site shut down within 15 minutes.
Kid9P
RCatR
Enlightened
paypal acts fast on these, i got a well done fake email with my full name, email, and address saying i had bought $2,000 worth of xbox360's......the site was shut down when i clicked on cancel order (yes i was stupid enough to click the link at that time)
greenLED said:
The links are NOT "live" as I've changed it... If you look clearly at the link, you will see that it is pointing to http://www.paypal.com.fakeaddress/, which is NOT a real URL. Miguel, I appreciate your caution, but you should really look properly before crying "wolf"...
Yes, the first thing I did on receiving this email was to report it to Paypal... Hopefully, they can shut it down ASAP before anyone actually falls for it.
Concept
Flashlight Enthusiast
Good to hear about it for a heads up/reminder anyway.
James S
Flashlight Enthusiast
But it would all go away and not be dangerous at all if we just remembered to type p a y p a l . c o m into our browser to signon instead of clicking a link.
If you do that to verify any email you get from "paypal" there is no way they can fish you. I know it takes an extra 7 seconds or so
But you just have to assume that every email you get that has a login link in it is a scam.
Paypal themselves should make it a policy to tell you that with every email they sent. No login links allowed for anybody.
If you do that to verify any email you get from "paypal" there is no way they can fish you. I know it takes an extra 7 seconds or so
But you just have to assume that every email you get that has a login link in it is a scam.Paypal themselves should make it a policy to tell you that with every email they sent. No login links allowed for anybody.
greenLED
Flashaholic
Fake links can be made to look like whatever, and with people with varying degrees of computer expertise, it's better to be safe than sorry. In any case, thanks for sharin'.
An additional level of security in regard to phishing site identification is to make use of the OpenDNS servers instead of the dns servers provided by your ISP. It takes a smidgen of configuration ability, but not too extreme.
They identify phishing sites pretty fast, and intercept calls to them reliably.
Still, remembering to access Paypal accounts directly at the secure server instead of a link is one of the best protections against Paypal phishing schemes.
They identify phishing sites pretty fast, and intercept calls to them reliably.
Still, remembering to access Paypal accounts directly at the secure server instead of a link is one of the best protections against Paypal phishing schemes.
Latest posts
-
-
sofirn 3000mah 18650's - Good or bad?- Latest: knucklegary
-
-
-
-
-
-
-
-