No announcement yet.

Another PayPal phishing expedition


300x250 Mobile

  • Filter
  • Time
  • Show
Clear All
new posts

  • Another PayPal phishing expedition

    We all get these stupid "please verify your account" spams, I rarely get junk mail though due to the methods I have used for the last 17 years with my domains and emails, but this one proves someone has hacked something somewhere, for one thing Paypal always states they always address customers by name in emails, something scammers don't usually do as they will use "Dear customer" or similar due to lacking the name associated with the account.

    In this email not only is my name correct (and spelled correctly too) but the email associated exclusively with ebay is also included in the phishing message body. Since I only use that email with ebay/paypal payments on ebay then the best I can figure out is ebay or paypal has been hacked or a client of mine has been and the hacker probably accessed their paypal acct in which case they would see a purchase from me, and gain my name and the paypal email from it to try to scam me.

    Here's the message in part, with some munging for privacy and also to stop hyperlinks:

    We noticed unusual activity in your account (Ref #PP-459-927-672-988)
    Date: Mon, 2 Feb 2015 10:28:24 +0000
    From: [email protected] <[email protected]paypall.com>

    (Notice the actual address has two L's in "paypal" a dead giveaway)

    To: (my actual full name @ my email forwarder on my domain)

    We regularly screen activity in the PayPal system and contacted you after noticing an issue on your account.

    We contacted you for the following reason:

    We recently received a report of unauthorized credit card use associated with this account (MY EMAIL @ com).
    As a precaution, we have limited access to your PayPal account in order to protect against future unauthorized transactions.

    A recent review of your account determined that we require some additional
    information from you in order to provide you with secure services.

    Case Number: PP-459-927-672-988

    This is a second reminder tolog in to PayPal

    (munging address with red, so it doesn't link)

    webscr/?_dispatch=67942aacdf74c0f7384c4b12a0cea13158166be 3&emaddr=
    MY EMAIL @ MY.com&referer=2f&login-processing=ok
    as soon as possible.

    (MY NAME) (MY EMAIL @MY DOMAINcom), be sure to log in securely by using the following link:
    Click here to login and restore your account access
    webscr/?_dispatch=67942aacdf74c0f7384c4b12a0cea13158166be 3&emaddr=
    MY EMAIL @ MY.com&referer=2f&login-processing=ok

    (MY NAME AGAIN) once you log in, you will be provided with steps to restore youraccount access.
    We appreciate your understanding as we work to ensure account safety.

    In accordance with PayPal's User Agreement, your account access will remain
    limited until the issue has been resolved. Unfortunately, if access to your
    account remains limited for an extended period of time, it may result in further
    limitations or eventual account closure. We encourage you to log in to your
    PayPal account as soon as possible to help avoid this.


    Obviously they set up what appears to be a subdomain on bczlzsxsh0urf4ll.ufkqyfqsp DOT com to fool people who see "paypal.com" in the subdomain url.

    I changed my log in on ebay just to be safe, this is phishing for paypal so obviously they don't have that. I fwd it to paypal's security.
    Normally I just delete this garbage, but this one has my actual registered name and the only primary email associated with ebay sales pages
    which none of these spams ever had before, so it suggests something with ebay or a clients' acct has been hacked.
    Last edited by Sculptor; 02-03-2015, 11:01 PM.

  • #2
    It's getting ridiculous how much spam phishing and more is going on, just a couple of weeks ago one of my blogs was reporting numerous attempts to log in as "Admin" but there is no account with the user name of "Admin"

    I wound up seeing hundreds in my security log, all coming from 2-3 IPs in the Russian Federation, since I do not sell my work outside of the USA and foreign traffic does nothing but waste my bandwidth- I added the entire Russian Federations' block of ips to my .htaccess file to completely block access to my web site at the server level to them. The attempts to log in as Admin immediately dropped to zero.

    I say screw em! block China, Russia, Nigeria, Russian Federation, Ukraine, and all the rest of them over there!


    • #3
      Don't forget High Prince Nimbambu of Kenya.
      I yell "PIKACHU" before I tase someone.


      • #4
        Add COSTCO to that list! When you open it, it crashes your entire e-mail system, and it's a b---h to recover it. You'll get an e-mail that is supposedly from COSTCO saying "please confirm your order", and when you OPEN THE E-MAIL, the virus is activated and your account is locked. FYI


        • #5
          I get emails from various banks I don't have accounts with for info with threats of termination! Garsh! If people didn't go for it they wouldn't bother so somebody is suckered in. I'm on Linux so I don't have the virus issues, no protection, but I feel for those that open the emails, just don't. Banks don't make those kinds of requests. I also get hammered, being a contractor, to pay to keep accounts going from google, yp, etc. but they don't do business that way either.


          • #6
            Originally posted by JasperST View Post
            I get emails from various banks I don't have accounts with for info with threats of termination! Garsh! If people didn't go for it they wouldn't bother so somebody is suckered in. I'm on Linux so I don't have the virus issues, no protection, but I feel for those that open the emails, just don't. Banks don't make those kinds of requests. I also get hammered, being a contractor, to pay to keep accounts going from google, yp, etc. but they don't do business that way either.
            I don't get much spam or scam mail, maybe a couple to three a month at most and usually when they do come it's all around the same timeframe.
            I know I read in the local paper a while back about a grandma who was phoned scammed and lost thousands of dollars when a woman called claiming to be her grand daughter in a dire situation after a car accident she caused, and needing cash for bail...
            And then around then the one who was told she had a large sum of money due her but she needed to send a cashiers' or Western Union check for the taxes on it...

            Old scams everyone and their brother you'd figure would know by heart inside and out by now, but some still live in a cave and have no idea.

            What's different about the phishing email I received was that it addressed me by name instead of the usual "Dear customer" or "Dear account holder" etc.

            I had already changed my pass on ebay as well as my email on it and Paypal, and deleted that particular email forwarder from my server so it's gone, just to be safe
            Of course doing so meant having to manually change the payment email address on 19 ebay pages, pain in the arse! I'm just glad I don't have hundreds of pages there to have to change manually!

            Last night I received a message on facebook from a woman in China, she is on a sculpture group there too, she started off with a greeting of: "Happy New Year to you!"
            Happy New Years... on Feb 3rd?? LOL!

            Ok, so her first and only question was: "do you use silicone for your molds?"

            And then our dialogue if you can call it that follows:

            "Yes, I do"

            "How much do you use in a month?"

            "not very much" (Already know where she is going with this- SPAMMER for sure)

            "like 20kg? 200kg?"

            That's when I banned her from my group she joined and blocked her, she was trying to sell Chinese silicone mold rubber to me from China, like I'd buy from her anything made there!
            She isn't the first silicone mold rubber spammer who has done this form of push-selling by joining art forums and blogs to spam members either.

            I'm really thinking people, businesses and webmasters can save a whole lot of annoyance, scams, spams and more by banning and blocking the entire country of China! add to that the Russian Federation, Ukraine, Nigeria and a bunch of others.
            Last edited by Sculptor; 02-04-2015, 09:32 PM.


            • #7
              Originally posted by JasperST View Post
              I'm on Linux so I don't have the virus issues,
              I'm on OSX, have been for 17 years
              I also have Linux on my home server, after trying several flavors I settled on Linux Mint. I wanted to use that for my daily user machine to replace the Mac but I became acutely aware of a few very important to me issues with how OSX works for me and how Linux will not do those things.

              I came up with a list of about 10 issues, I was able to find workarounds for about half with difficulty, but one really important one was the "finder" as it's called in OSX and the way it indexes and searches files and contents, I am always using file creation dates for searching, Linux amazingly does not have that function.

              One of the things I like about OSX "Finder" is it has file CREATION dates in one column, modified dates etc in other columns, the columns also stay the width they are initially set to, I noticed in Linux Nemo and others- the column widths change to very wide every time I open it, and there is no column or choice in it to show any file creation dates- something very handy when you have 20 years worth of archives.
              The OSX finder is also much faster than Nemo or any of the Linux file managers I tried.

              Another big issue was file creation dates are completely lost when transferring files over my LAN from OSX to my machine running Mint, every file shows the date of the transferred copy, in OSX if you copy a file to another drive it retains it's original creation date and is indexed that way too.

              A real puzzler with I think it was Linux openSUSE, it allowed me to drag and drop files onto a USB thumb, external or another drive and instead of automatically copying it over as OSX does, it actually moved the original file over!
              I quickly saw that this was a serious flaw where it was be very easy to lose the original file like that.

              When I mentioned this on a Linux forum people were surprised by what I said, and they asked why would I think this was a problem!
              Let's see, you plug a thumb drive in to put some old photos or files on it for a friend or something, and you put the only original copy you have on that with no warning you just moved not copied your only original file to some external and gave it out, and it's now gone, but that's not a problem and no one sees that as one?
              Out of 1,500,000 files on your computer you are going to figure out right away this one file is now gone?

              It's a serious "Gotcha" accident waiting to happen with just a click of the mouse in a hurry one day doing it the OSX way from habit.

              So that all is a big reason why I'm still with OSX for my daily user.


              MR300x250 Tablet


              What's Going On


              There are currently 5264 users online. 353 members and 4911 guests.

              Most users ever online was 158,966 at 04:57 AM on 01-16-2021.

              Welcome Ad