Warning - PayPal Phishers Hitting CPF Member

lambda

Flashlight Enthusiast
Joined
Jan 6, 2002
Messages
1,795
Location
Iowa
I probably don't have to really post this WARNING do I? Nobody here would fall for such a scam, would they? /ubbthreads/images/graemlins/grin.gif

But anyway, here it is. This is a very poor scam job, probably a very young child or mentally retarded adult. Here's what the email looks like:

bogus.jpg


Yea, right, all I have to do is type in my account info to claim the $1142.00 from [email protected].

Note the ridiculasly poor text over phake webpage; not even 3rd grade level work here. This criminal needs a lot of schooling.

What's this crook's trail? Well here's the path the email from "PayPal" came from:

Received: from mta205-rme.xtra.co.nz ([210.86.15.187])
by sccqmxc95.asp.att.net (sccqmxc95) with ESMTP
id <20041227224032q95002en3se>; Mon, 27 Dec 2004 22:40:33 +0000
X-Originating-IP: [210.86.15.187]
Received: from mta1-rme.xtra.co.nz ([210.86.15.240])
by mta205-rme.xtra.co.nz with ESMTP
id <20041227224027.XMZF18126.mta205-rme.xtra.co.nz@mta1-rme.xtra.co.nz>
for <[email protected]>; Tue, 28 Dec 2004 11:40:27 +1300
Received: from smtp.xtra.co.nz ([210.55.80.74]) by mta1-rme.xtra.co.nz
with SMTP
id <[email protected]>
for <[email protected]>; Tue, 28 Dec 2004 11:40:25 +1300
To: "" <[email protected]>
From: "" <[email protected]>
Subject: [email protected] has just sent you $1142.00 USD
X-Mailer: Ghost Mail 5.1 http://ay.home.ml.org/
X-Priority: 1 (Highest)
Content-type: text/html
Message-Id: <[email protected]>
Date: Tue, 28 Dec 2004 11:40:27 +1300

Yep, that sure looks like a normal route an email from PayPal to me would take; NOT!

This poor dimwit needs to get busted if for nothing else, just for bogging down the internet with this feces. What a Lamo. /ubbthreads/images/graemlins/thumbsdown.gif

So you've been warned. Do not feed this idiot; beware of the evil PayPal Phisher.
 

Turd_Ferguson

Enlightened
Joined
Jan 15, 2004
Messages
458
That particular entity also sent out fake eBay updates just a few days ago. What most people should know by now is that no company will have you update information from anything other than logging in at their website. If they ever do send an email, it would never have a link for logging on.
 

Chris M.

Flashlight Enthusiast
Joined
Jan 17, 2001
Messages
2,564
Location
South Wales, UK
I got deluged with fake Ebay mails the other week. Sent every last one on to spoof-at-ebay-dot-com for them to deal with. Some clever social engineering at play, and a new trick of using a form button instead of a text link to get around the fact that the address of the forged page is usually displayed at the bottom of the screen when you hover over text links. Wasn`t fooled though, and I almost laughed at the "become a power seller" ones, since I have never sold anything and am not set up to do so. Ebay doesn`t even have my credit card number, I registered before it became necessary. Well, since they bought out Paypal they probably do now, but not directly linked to my account.

But what I don`t understand is how the scum got a hold of my address since it is relatively new, doesn`t yet get spammed and has never been posted out on the internet anywhere. It`s only used for private communication, Ebay and Paypal. As far as I know, you can`t get hold of Ebay users direct mail addresses any more, member or not. So part of me suspects an inside job, some newcomer stole a load of addresses to sell on, and part can`t help but wonder if their user database got hacked or is otherwise accessible somehow. Whatever happened they need to stop it immediately.


I don`t believe in an afterlife but am very willing to entertain the notion of Hell so these criminals can burn there long and hard, even if the authorities can`t catch them when they`re alive......

/ubbthreads/images/graemlins/mad.gif
 

K-T

*Moderator*
Joined
Mar 7, 2002
Messages
3,537
Location
Germany
The only thing I noticed since mid December is a new wave of spam hitting email addresses I hardly ever used. They are trying to sell me tons of fake watches for cheap, guess they figured out they won't earn a dime on me trying to sell me their little blue pills. /ubbthreads/images/graemlins/icon3.gif /ubbthreads/images/graemlins/ohgeez.gif /ubbthreads/images/graemlins/icon15.gif
 

The_LED_Museum

*Retired*
Joined
Aug 12, 2000
Messages
19,414
Location
Federal Way WA. USA
One way to test if the douchebag is for real is to create a phoney Paypal account (using a disposable email address that gets used for nothing else), and then use another Paypal account to transfer 1¢ or 2¢ to it; wait to verify the money is actually in there, and then "log in" to your new Paypal account via the phoney email and see what happens. Might get a web URL that can be traced, with only a penny or two at risk.

Just my 2¢ here; individual results may vary.
 

KevinL

Flashlight Enthusiast
Joined
Jun 10, 2004
Messages
5,866
Location
At World's End
Don't follow links or fill out information into emails. Always go to the website itself by keying in the name.

More importantly, you can do this to a website - in Internet Explorer, watch for the little yellow padlock that shows up on your bottom right. Double click it to read the certificate details. Certs do two things: they enable encryption (defeats people snooping on your traffic) AND it affirms that the site is who they claim to be. For example, https://www.paypal.com 's certificate says Issued To: www.paypal.com and Issued By: Verisign.

So far, I haven't seen any phisher use a site with a legitimate SSL cert, since to obtain one, they have to go through a verification process which involves background checks, possibly a visit from the certificate authority, and such.

Stay safe.

[ QUOTE ]
K-T said:
The only thing I noticed since mid December is a new wave of spam hitting email addresses I hardly ever used. They are trying to sell me tons of fake watches for cheap, guess they figured out they won't earn a dime on me trying to sell me their little blue pills. /ubbthreads/images/graemlins/icon3.gif /ubbthreads/images/graemlins/ohgeez.gif /ubbthreads/images/graemlins/icon15.gif

[/ QUOTE ]

Better than the ones telling me I can get a bigger bust.. /ubbthreads/images/graemlins/crackup.gif
 

Jack_Crow

Enlightened
Joined
Feb 9, 2004
Messages
417
Location
West Palm Beach FLA (for a while anyway)
Hi guys,
I had one guy try and get me to pay on a program I diden't order. It diden't show up on the Pay Pal due list. I got e mails about it for four days. It seemed to have stoped. I found it odd that I would buy a copy of Myst for 380 bucks. It seemed safe to ignore.

Later kids
Jack Crow
 

K-T

*Moderator*
Joined
Mar 7, 2002
Messages
3,537
Location
Germany
[ QUOTE ]
Surefiregeek said:
Some spamers are such idiots!

[/ QUOTE ]

All spammers are idiots. /ubbthreads/images/graemlins/icon3.gif /ubbthreads/images/graemlins/wink.gif
 

junior

Enlightened
Joined
Jul 9, 2004
Messages
480
i have an ebaystore that takes paypal and i get those all the time.

Always remember that ebay or paypal will NEVER send an email for payment or for personal information.
 

PEU

Flashlight Enthusiast
Joined
Feb 26, 2004
Messages
3,600
Location
Buenos Aires / Argentina (I like ribs)
I use the same mail account since 1997 (when I registered the domain peu.net). Today I receive around 200+ spams a day with days that double or triple that amount.

The phishing mails I receive the most are fake logins for: Washington Mutual, Citibank, Suntrust, Paypal, Ebay, and many others but less frequently.

About 1 1/2 years ago I installed POPFile because the problem was getting worse by the day.

It works like a charm, from the statistics:

Classification Accuracy
Messages classified: 9,932
Classification errors: 44
Accuracy: 99.55%
(Last Reset: Tue Oct 26 12:09:40 2004 )

That gives you a media of around 165 mails a day the last 2 months /ubbthreads/images/graemlins/icon15.gif 80.13% of this amount is SPAM

My advice for not receive more spam: use a disposable email service for registrating at online services that will be used one time only. My preferred are www.mailinator.com (disabled until the end of the year) and www.jetable.org


Pablo
 

Greta

Flashaholic
Joined
Apr 8, 2002
Messages
15,999
Location
Arizona
[ QUOTE ]
KevinL said:


Better than the ones telling me I can get a bigger bust.. /ubbthreads/images/graemlins/crackup.gif

[/ QUOTE ]

Um... er... psssst... can you forward that one to me, please?... /ubbthreads/images/graemlins/rolleye11.gif
 

eluminator

Flashlight Enthusiast
Joined
Mar 7, 2002
Messages
1,750
Location
New Jersey
I can't help you there. If you want \/IAAGRA, \/AL1UM or CIAL11S, I can help you out.

What I don't understand is the list of words that always appears with the ad. What's that all about. For instance in an ad for the world's finest H_G_H, I get this list:

ouagadougou midsection drive alkaloid seance loquacious nucleotide emirate betrothal serviette craftspeople apostrophe allay lithology nash john biennial chart wildcat
 

geepondy

Flashlight Enthusiast
Joined
Apr 15, 2001
Messages
4,896
Location
Massachusetts
Sasha, you realize you are opening yourself up with that statment. Anyhow from pictures you have posted in the past, I think you're all set in that department.

[ QUOTE ]
Sasha said:
[ QUOTE ]
KevinL said:


Better than the ones telling me I can get a bigger bust.. /ubbthreads/images/graemlins/crackup.gif

[/ QUOTE ]

Um... er... psssst... can you forward that one to me, please?... /ubbthreads/images/graemlins/rolleye11.gif

[/ QUOTE ]
 

Empath

Flashaholic
Joined
Nov 11, 2001
Messages
8,508
Location
Oregon
Some of the most effective filtering is by context filtering, like Bayesian filtering, or at least it would be if spammers spelled correctly, and only included words relative to the subject of their spam message. Such filters give certain points to words and phrases, with some words and phrases counting as more likely spam, and some counted as less likely spam.

The spammer writes his spam, and then feeds it into a filter that tells him what kind of score it makes. If it's too high, the spammer knows it will never make it past people's filters. So, they start altering the spelling on words that count against them, or they start adding irrelevant words that will likely be scored as less likely spam. Sometimes they combine the method of misspelling the spam words and adding a bunch of nonsense words that aren't likely to be in spam. Then, when they get it to pass the filter without being rejected, they send out a few copies to every man, women, child, their pets, and livestock.
 
Top