PDA

View Full Version : New Paypal Scam


Ryan
02-16-2006, 12:30 PM
I got an email the other day from Paypal saying I just sent payment for a $400 watch. I never did such a thing. So I clicked on the link to contend the purchase. It took me to a site that looked like Paypal where I was to enter/give away my info. Just as I clicked on the link I noticed the address on the bottom of internet explorer said nothing about Paypal. They ghost an image over useable input fields.
this is the site address it aims for http://www.maennerontour.de/albums/deny.php

Long story short, if the email says "Dear Paypal customer" rather than your First and Last Name it's bogus.

Sodar
02-16-2006, 12:39 PM
I got something similar to this a while back, but they asked me to "update" my credit card... even though mine i updated on PayPal through 2007. You have really got to watch out now, it is getting to be pretty scary!

Hoosier Bob
02-16-2006, 12:40 PM
Nice to know! I use PayPal often. I am sure I would have caught it but then again I have done worse!

Dan K
02-16-2006, 12:41 PM
I always test these types of links by first entering invalid information, Paypal or whoever the legitimate source knows I am wrong and tells me so.. The phishing sites take my input verbatum since they are trying to capture id's and passwords. My original input is something like Userid: Bogus Password : you r n *sshole

So state of humanity when we have to dela with this stuff all the time.
I also notice that they are pretty clever since I only see this type of info shortly after I used the legitimate source. "we need better incryption"

mgurley
02-16-2006, 12:42 PM
I got a bogus email similar to that the other day so you guys watch out.

I don't trust any links so I just backed out and went to paypals website myself and checked it out. Email was definitely bogus it said they thought that there had been fraudulent purchases mad on my account and asked for passwords and personal info.

Ryan
02-16-2006, 12:57 PM
I got something similar to this a while back, but they asked me to "update" my credit card... even though mine i updated on PayPal through 2007. You have really got to watch out now, it is getting to be pretty scary!

I was getting that one off and on for about a year. It looked bogus - at least to me - there were a couple of typos.

They are certainly getting better at fishing.

etduc
02-16-2006, 01:03 PM
Here's tip, the none computer geeks.

Never use links, via email. Go directly to the site, especially concerning
security or money.

I learned, the hard way.
ET

bcampbe7
02-16-2006, 01:11 PM
Good catch Ryan. These scams can be tricker and will only get trickier.

This is what shows up for www.maennerontour.de

% Information related to '213.203.204.0 - 213.203.204.127'

inetnum: 213.203.204.0 - 213.203.204.127
netname: DE-WEBMASTER-SOLUTIONS
descr: Webmaster Solutions
descr: Customer PA Space
country: DE
admin-c: HZ164-RIPE
tech-c: BONE-RIPE
status: ASSIGNED PA
remarks: Send abuse reports to abuse@inetbone.net
notify: hostmaster@inetbone.net
mnt-by: INET-PEOPLE-MNT
mnt-lower: INET-PEOPLE-MNT
mnt-routes: INET-PEOPLE-MNT
changed: plieven@inetbone.net 20030617
source: RIPE

person: Hagen Zillmer
address: Webmaster Solutions
address: Grenzweg 2
address: 30165 Hannover
address: DE
phone: +49 511 3574085
fax-no: +49 511 3574084
e-mail: webmaster@webmaster-solutions.net
nic-hdl: HZ164-RIPE
notify: hostmaster@inetbone.net
mnt-by: INET-PEOPLE-MNT
changed: plieven@inetbone.net 20030617
source: RIPE

person: INET-People Hostmaster
address: In der Steele 37a
address: 40599 Duesseldorf
address: Germany
phone: +49 (0) 211 749699910
e-mail: hostmaster@inetbone.net
mnt-by: INET-PEOPLE-MNT
nic-hdl: BONE-RIPE
remarks:
remarks: +--------------------------------------------------------------+
remarks: | in case of abuse please contact: abuse@inetbone.net |
remarks: | for operational issues please contact: noc@inetbone.net |
remarks: | please direct peering requests to: peering@inetbone.net |
remarks: +--------------------------------------------------------------+
remarks:
notify: hostmaster@inetbone.net
changed: pkambach@inetbone.net 20050411
source: RIPE

% Information related to '213.203.192.0/19AS25074'

route: 213.203.192.0/19
descr: INET-People
descr: Providerservices
origin: AS25074
notify: hostmaster@inetbone.net
mnt-by: INET-PEOPLE-MNT
changed: plieven@inetbone.net 20021030
source: RIPE

JEREMY79
02-16-2006, 01:29 PM
It really looks like a pay-pal page. Dam they are getting good.

jbfootin
02-16-2006, 01:38 PM
I get 2 or 3 fake e-mails from "pay-pal" a day. Always check the link. It is getting to the point that I ignore all Pay-Pal emails! :(

east tx skier
02-16-2006, 01:39 PM
As was mentioned, two things to always do/look for.

1. Do they refer to you as "customer." Paypal uses your name (as do most businesses it seems).
2. Never click the link. Go to the main website by typing it into your browser and get into your account to make changes or update.

Workin' 4 Toys
02-16-2006, 02:59 PM
That is just downright nasty. Thanks for pointing this out. Not that I use it much, but that suks!!!

AirJunky
02-16-2006, 03:06 PM
I get these scams daily too. The bottom line is Paypal will NOT send you emails, period. They choose to intercept your login process when you hit their site & send you a msg that way.

Kevin 89MC
02-16-2006, 04:03 PM
I get fake PayPal e-mails a few times a month. When you click on the link, the pages are amazingly close to the real deal. About a year ago, I got an e-mail from the real PayPal, that said they suspected someone had been attempting to access my account. I think even that e-mail had me open my own browser, it did not offer a link to click on. Sure enough, when I tried to log on, my name & password had been changed. The "hints" had also been changed somehow. I called PayPal, and they had stopped access before any damage was done. Seeing as I didn't need the account right away, they deactivated it, so I need to call back in to get it re-activated when I need it. One less thing to worry about for now.

Ryan
02-16-2006, 05:11 PM
I get these scams daily too. The bottom line is Paypal will NOT send you emails, period. They choose to intercept your login process when you hit their site & send you a msg that way.

If Paypal doesn't send any emails, how do you get your notices of instant payment? I get real emails from Paypal.

east tx skier
02-16-2006, 05:22 PM
I get real ones, too.

AirJunky
02-16-2006, 05:25 PM
If Paypal doesn't send any emails, how do you get your notices of instant payment? I get real emails from Paypal.
I'm sorry, your right. They do send an email notifying you of payments made or recieved. I should have clarified that they will not send you an email telling you to make account changes, or that someone has hacked your account, or any of the other scams made.
So maybe there is a new way to scam people...... send out notification that you just made a payment. Then sit back & watch them freak out.

AirJunky
02-16-2006, 09:55 PM
This is one of several typical Paypal scams..... an email I recieved just now.
Notice the Paypal link..... hover over it with your mouse. See the bogus address appear in the bottom left corner of your browser. This is a dead giveaway of a scam.
Interesting thing is they actually warn you about these scams & tell you how to avoid them at the bottom of the email!! :uglyhamme
-Bill
____________________________________________
You have added laptopseller@yahoo.com as a new email address for your
PayPal account.

If you did not authorize this change or if you need assistance with
your account, please contact PayPal customer service at:

https://www.paypal.com/ (http://pcp0012181375pcs.albqrq01.nm.comcast.net:82/login/fakeindex.php)



Thank you for using PayPal!
The PayPal Team


Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.

----------------------------------------------------------------
PROTECT YOUR PASSWORD

NEVER give your password to anyone and ONLY log in at https://www.paypal.com/
Protect yourself against fraudulent websites
by opening a new web browser (e.g. Internet Explorer or Netscape) and typing
in the PayPal URL every time you log in to your account.

----------------------------------------------------------------


PayPal Email ID PP007

Ryan
02-17-2006, 01:55 AM
I love that the link has the words "fakeindex"!!! :uglyhamme

Sodar
02-28-2006, 08:51 PM
I got this email from PayPal today. At least they are acknowledging what is going on!

MarkP
02-28-2006, 09:20 PM
Here's tip, the none computer geeks.

Never use links, via email. Go directly to the site, especially concerning
security or money.


ETYep! Thats what to do.. Then, Just delete the mail..

Ryan
03-02-2006, 09:14 PM
I got this email from PayPal today. At least they are acknowledging what is going on!

Funny, I didn't get that email from Paypal with tips. However, I did get a new scam email...this time it didn't just say, "Dear Paypal Member,". This time it had my name on it. :mad: They are getting better...

roddydog
03-02-2006, 10:24 PM
Good catch Ryan. These scams can be tricker and will only get trickier.

This is what shows up for www.maennerontour.de

route: 213.203.192.0/19
descr: INET-People
descr: Providerservices
origin: AS25074
notify: hostmaster@inetbone.net
mnt-by: INET-PEOPLE-MNT
changed: plieven@inetbone.net 20021030
source: RIPE
You are obviously an I-net GOD.
Thanks for the info, and never,ever,ever OFFER information--PERIOD!!!
Not to the Police, anyone on the phone EVER!!!