Got a phishing scam from "Paypal" this morning

Omega Man

Flashlight Enthusiast
Joined
Nov 15, 2005
Messages
1,378
Location
East Coast
And almost fell for it too, by clicking the "If you haven't authorized this charge ,click the link below to dispute transaction and get full refund" link.
Thank God I came to my senses and logged in to check my activity, and of coarse, no payments like that made.
The claim:
Payment Details
Transaction ID:
pixel.gif
6VA12510HB8662004
Total:
pixel.gif
$39.00 USD
Item/Product Name:
pixel.gif
6 months- Unlimited access to the memberportal Astalavista.net:
Item/Product Number:
pixel.gif
cc6m
The subject was "Receipt for your payment" and the sender was "[email protected]".
It addressed me as "Dear myemailaddress" instead of "Dear MyRealName", so that was the clue it was fake.
Just a heads up.
 

savumaki

Enlightened
Joined
Jan 27, 2005
Messages
674
Location
Temagami, ON
I get on a regular basis;

-ebay look a like communication from someone ready to complete a transaction by paying.

-PP like communication saying my account has been;- accessed,
- has false charges
- is being checked
by foreign sources

I have a 'carved in stone rule'-- 'If I didn't contact them, it must be junk' and is dealt with accordingly. I figure if it is legitamate they will address me by name and will ask me to contact them thru regular channels. Can't be too carefull :thumbsdow

Karl
 

Donovan

Enlightened
Joined
Jan 6, 2005
Messages
420
Location
North Metro Atlanta, Georgia
I get those all the time! If you inspect (do not click!) the "paypal" link in the email you will see that it is in fact not going to paypal at all but a completely different address!
 

Omega Man

Flashlight Enthusiast
Joined
Nov 15, 2005
Messages
1,378
Location
East Coast
s.duff said:
yeah, i got one of those too. really makes you wonder how they got your info so specific doesn't it? did you forward it to [email protected]?
Yes, also gave my bro(who is tech support for my ISP)the complete header, and he tracked it to a website that seems to be some sort of template for spoof email. His reply to me:
"Wow this is a good one, they forged the HELO to be
paypal.com when it was sent.

It was originally sent from:
Name: lookintoureyes.com
Address: 161.58.35.169

and was relayed through Yahoo's email server:(which is
a HUGE security no-no)
Name: smtp104.biz.mail.re2.yahoo.com
Address: 206.190.52.173
If you go to the originating IP, the site looks like
it's a template for sending out email"


Pretty damned shaddy.
 

greenLED

Flashaholic
Joined
Mar 26, 2004
Messages
13,263
Location
La Tiquicia
The funny thing is I get these to accounts that are not registered with PP, Bank of America, Citi, your local Credit Union, etc.
 

Coop

Flashlight Enthusiast
Joined
Jan 6, 2006
Messages
2,199
Location
Tilburg, the Netherlands (perfectly reachable by U
Domain Name.......... lookintoureyes.com
Creation Date........ 2006-05-06
Registration Date.... 2006-05-06
Expiry Date.......... 2007-05-06
Organisation Name.... ***-***** ***
Organisation Address. **** Johnson Ave
Organisation Address.
Organisation Address. San Jose
Organisation Address. 95129
Organisation Address. CA
Organisation Address. UNITED STATES

Admin Name........... ***-***** ***
Admin Address........ **** Johnson Ave
Admin Address........
Admin Address........ San Jose
Admin Address........ 95129
Admin Address........ CA
Admin Address........ UNITED STATES
Admin Email.......... *****************@yahoo.com
Admin Phone.......... *******
Admin Fax............

Tech Name............ Verio Hostmaster
Tech Address......... 5050 Blue Lake Dr.
Tech Address.........
Tech Address......... Boca Raton
Tech Address......... 33431
Tech Address......... FL
Tech Address......... UNITED STATES
Tech Email........... [email protected]
Tech Phone........... 888-663-6648
Tech Fax............. 888-663-6655
Name Server.......... ns19a.nameservers.net
Name Server.......... ns19b.nameservers.net


***-ed the personal bits... Maybe you want to report this to Verio Hosting too??
 

Brighteyez

Flashlight Enthusiast
Joined
Apr 5, 2005
Messages
3,963
Location
San Jose, CA
Not sure why you found the need to edit out that information, it's publically available from any of the look-up sites.

MayCooper said:
***-ed the personal bits... Maybe you want to report this to Verio Hosting too??
 

Coop

Flashlight Enthusiast
Joined
Jan 6, 2006
Messages
2,199
Location
Tilburg, the Netherlands (perfectly reachable by U
Brighteyez said:
Not sure why you found the need to edit out that information, it's publically available from any of the look-up sites.

Because it is the decent thing to do... You can never be sure that the person that registered the domain name is actually the one that is behind the phishing scam. If anyone feels the need to get this persons personal info, they can use one of the many look-up sites.

Don't get me wrong, I think the guilotine would be a suiting punishment for spammers, phishers, 419-scammers and other POS that waste my bandwith. But I also believe that people are innocent until proven guilty...
 
Top