Thought the scams were over, but...PayPal scam is back

  • vetofunk
  • A SEO GUY
  • Mastermind
  • User avatar
  • Posts: 2245
  • Loc: Chicago

Post 3+ Months Ago

A person in our office recieved this today. I thought these were long gone.

The actual email takes you to this page:

http://216.55.164.23/

:!: DO NOT ENTER YOUR INFORMATION :!:

You can see that this is very clever. All links lead to Paypal, even the jpeg is off of Paypal's server. If you look in the source, the only thing not leading to Paypal is the form submit. This is where their software gathers the email address and password. Very sneaky to untrained eye.

I wonder how many people were taken by this one.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Great advice vetofunk... PayPal makes it very clear to members that if the address does not start with http://www.paypal.com it is not them. This is often included in legit PayPal emails:

Quote:
NEVER give your password to anyone and ONLY log in at https://www.paypal.com. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

lmao, how stupid can they be?

The img tags are all pulling straight from http://www.paypal.com - a surefire way to get your site spotted in an instant i the URL becomes spread around.

I'm sure PayPal checks referrer logs extremely often for those linking inline images but without sending any actual linkage - especially when they're calling images like "Welcome", "Send Money", "Request Money", and "an eBay company" lmao.
  • Cool#9
  • Graduate
  • Graduate
  • User avatar
  • Posts: 102
  • Loc: Québec

Post 3+ Months Ago

Great that you report this vetofunk, I know a person that got wedged with one of those things. I’ll give this link to him to remind him…and to expose this scam to more people. Thx again :wink:
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

Okies, here's a screeny of what comes up after you enter a username & password (No, I didn't enter my real one, lol)...

(Sorry, it's slightly over the 600 wide limit)...

Image

If you click on "Leave", it takes you to the REAL PayPal site. If you click on "Continue", you are confronted with a form (on the scam site), asking you for all the usual details..

Full Name
Complete Address Details
Complete Credit Card Details (number/expiry/cvv code/name on card)
Complete Bank Acc. Details (name of account owner, country, bank name, routing #, checking acc #, and even a confirmation box to enter your acc # in again)
Personal Information (Social Security #, ATM Card Pin Number, Mother's Maiden Name, DOB, Driver's License Number, State of Issue)
E-Mail (with extra confirmation box)
Password (with extra confirmation box)

Then it has the regular PayPal User Agreement & Privacy Policy, and checkboxes to say you've read all the stuff...

Then if you submit (I left the whole form blank, and just clicked the agree checkboxes), and it comes up with a page saying...

"Your PayPal account information was unavailable to verify or missing."

Looks like they went the whole hog in writing up this site...

Btw, a quick search of Arin.net shows that the IP address from which the site is hosted is located in California... Looks like somebody's gonna get FBI Fraud guys knocking on their door...

Arin.net wrote:
Search results for: 216.55.164.23


OrgName: Abacus America Inc.
OrgID: ABAC
Address: 5276 Eastgate Mall
City: San Diego
StateProv: CA
PostalCode: 92121
Country: US

NetRange: 216.55.128.0 - 216.55.191.255
CIDR: 216.55.128.0/18
NetName: ABAC1999A
NetHandle: NET-216-55-128-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.ABAC.COM
NameServer: NS2.ABAC.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1999-05-28
Updated: 2000-11-02

TechHandle: AD384-ORG-ARIN
TechName: A Net DNS Administrator
TechPhone: +1-858-410-6900
TechEmail: dns@aplus.net

OrgTechHandle: ANETS-ARIN
OrgTechName: A Net Support
OrgTechPhone: +1-858-410-6900
OrgTechEmail: support@aplus.net

# ARIN WHOIS database, last updated 2004-03-22 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Anyone wishing to alert PayPal of the fake site can do so here:

https://www.paypal.com/ewf/f=sa_fake
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

I'll just forward them to this URL, save me from having to type out all the info again :D
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

That's what I did, basically. I reported it as well.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

hee-hee..that's too funny, Axe ... your screen cap shows a copyright of 1999-2003, but PayPal's current copyright on their website is through 2004 as should be. That setup was done last year sometime.
  • IH8Purple
  • Guru
  • Guru
  • User avatar
  • Posts: 1215
  • Loc: Somewhere on Google Earth

Post 3+ Months Ago

he he he now to have some fun

removed

auto submit 1000 times should do it :D

//Edit -- as funny as that was please don't include stuff like that in the future. I'm sure there's a few who'd like to join you in the fun -- but that's not our way. Let's do it legit. -- Atno
  • IH8Purple
  • Guru
  • Guru
  • User avatar
  • Posts: 1215
  • Loc: Somewhere on Google Earth

Post 3+ Months Ago

AH HA, another thing I noticed that would give the site away is that it is not secure. no little lock
  • IH8Purple
  • Guru
  • Guru
  • User avatar
  • Posts: 1215
  • Loc: Somewhere on Google Earth

Post 3+ Months Ago

ANTO: I would still do it the legit way... but it would be nice to clog up the logs of this person by getting the same info popped in there every 10 seconds.

after all I am assuming that this person would take the logs and run off with them somewhere. since that means that he most likely will not get caught, I think that he should atleast have to have a annoying log to sort through before he can start stealing people's money. And perhaps the extra added time would give some poor soul the time needed to change his/her address.

after all if there is one thing I'm good at, it's being annoying :)
  • vetofunk
  • A SEO GUY
  • Mastermind
  • User avatar
  • Posts: 2245
  • Loc: Chicago

Post 3+ Months Ago

The problem is all of us are more inclined to be suspicious and see these things. Its the average Paypal user I fear for.
  • bluedragon
  • Proficient
  • Proficient
  • bluedragon
  • Posts: 452

Post 3+ Months Ago

Funny just submitted using my own points program and it crashed their server lol but its back up I should "hack" them (hacking not meaning hacking but could mean hacking)
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

ATNO/TW wrote:
hee-hee..that's too funny, Axe ... your screen cap shows a copyright of 1999-2003, but PayPal's current copyright on their website is through 2004 as should be. That setup was done last year sometime.


You know, I noticed that one too :)
  • CazpianXI
  • Proficient
  • Proficient
  • User avatar
  • Posts: 285

Post 3+ Months Ago

I need to be so careful when making purchases or giving out personl info.

This is a good wake-up call.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

I just checked this out and got a white screen with this
Quote:
We are sorry for the security problem. please stop reporting this server to our isp.
I have stoped the bad person from scamming paypal customers. Please excuse me. It was my fault. i gave access to the wrong person.
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

lmao, that isn't going to stand up in court :D
  • Nucleo
  • SausagePorkPie
  • Mastermind
  • User avatar
  • Posts: 2297
  • Loc: UK - England

Post 3+ Months Ago

tell me about it...
thats no way to say sorry :D
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

"Anything you say can and will be used against you in a court of law."
Even if they had no idea that it was happening the poor shmuck would have been better off deleting the thing and saying nothing at all :lol:

Post Information

  • Total Posts in this topic: 20 posts
  • Users browsing this forum: No registered users and 38 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.