datsunlover Posted February 23, 2005 Share Posted February 23, 2005 Man I was almost another statistic this afternoon.. Got an email from a "service@paypal.com" telling me my paypal acount had 'had unusual activity recently' and therefor had been 'limited'. (???) So I clicked the link, and went to a page that looked like a legit paypal page. It said my acount had been limited, and I would need to log in to 'rectify any issues'. By limited, it explained I could not; send money, put mony on, or even close my acount. Ok.. so I loged in (after having to reset my pasword cause I forgot it..) and get to a page that wants me to give all kinds of info so they can 'Better serve and protect me from fraud'. Here's a few bits I was asked to type in: -my full name and address -my MOTHERS maiden name -my BANK account number as it apears on my cheques -my credit card number (must be the card atached to the listed bank acount) At that point, I got a little freaked out.. so I closed the window. I opened a new one, went directly to the paypal web site, and changed my pasword and security Q's. Funny.. one of the security questions is "mothers maiden name"... hmmm.... Quote Link to comment Share on other sites More sharing options...
Pop N Wood Posted February 23, 2005 Share Posted February 23, 2005 If you right mouse click on the link included in the email, it will give you the true URL you are logging into. Know that no legitimate company will do what that one asked, but also a good habit is to never click on the link in the email. Type the link in manually or cut and paste it into the address bar. Quote Link to comment Share on other sites More sharing options...
datsunlover Posted February 23, 2005 Author Share Posted February 23, 2005 oh yes, it get better.. I just realised that it's not only one theifing page, but a whole 'spoofed' paypal site! Heres the link I got in my email btw; https://www.paypal.com/security/ Nothing malicious when you click the link or anything, but I found this funny; The page that promps you to type your email and pasword.. well, It doesnt matter what email address you put in, OR what you type for a pasword, it just goes to the next page asking for ALL your banking info, social security #, ect. I 'loged in' as someguy@hotmail.com and password 'someguy' I then filled out all the fields.. here's a few I liked.. First Name; F*!k initial; u last name; Theives SIN; 123456789101112 (remember sesame street?) bank institution; Ricochet savings and loan bank acount # 666 666 66 I did forward the email to paypal with a description of what hapened and just got one back from them confirming it is NOT a paypal site, and it in fact a scam site. Kinda scarry how easy it is though... Quote Link to comment Share on other sites More sharing options...
randy 77zt Posted February 23, 2005 Share Posted February 23, 2005 i got one of those emails from a site claiming to be ebay worded like that .some body should get some kind of virus to email them back with that makes their computor lock up and say f^&k you on the screen.its called phishing. Quote Link to comment Share on other sites More sharing options...
sjhafa Posted February 24, 2005 Share Posted February 24, 2005 I also received one of those, they usually come only after you sell something and someone sends money. I was on my way to being a victim untill a pop up appeared and said the page I was looking at was associated with a scam. So I never made it to filling in the blanks. Buy you are right, everything down to the correct logos and colors are correct. Quote Link to comment Share on other sites More sharing options...
Tim240z Posted February 24, 2005 Share Posted February 24, 2005 If someone called you on the phone and asked you for that info, would you give it out? I find it quite baffling how secure folks feel on the 'net. Not 'digging' at you DL.....there has been so much in the media lately about phishing....watchout!! I am still very uncomfortable putting in my CC info into a secure ordering site.....I pucker something fierce! glad you didn't go all the way through!! Quote Link to comment Share on other sites More sharing options...
JMortensen Posted February 24, 2005 Share Posted February 24, 2005 If someone called you on the phone and asked you for that info' date=' would you give it out? I find it quite baffling how secure folks feel on the 'net. Not 'digging' at you DL.....there has been so much in the media lately about phishing....watchout!!I am still very uncomfortable putting in my CC info into a secure ordering site.....I pucker something fierce! glad you didn't go all the way through!![/quote'] Really no need to fear the secured server Tim. If something happens you alert the credit card company and they take care of the fraudulent charges for you. And you don't need "credit protector" or any of that BS they try to sell you for protection either. Visa/MC/Amex/Discover all have it built into the MERCHANT agreements. Merchants get the shaft if someone steals your card and uses it fraudulently. Phishing is so commonplace now that I've had several legit emails from my bank that I threw straight in the trash before I even read them assuming they were BS. It's getting harder to see through the crap, but just remember that your bank, Paypal, whoever ALREADY KNOWS your bank info, and wouldn't EVER ask you for that info to verify who you are. More info: http://www.antiphishing.org/consumer_recs.html Quote Link to comment Share on other sites More sharing options...
datsunlover Posted February 24, 2005 Author Share Posted February 24, 2005 If someone called you on the phone and asked you for that info, would you give it out? I find it quite baffling how secure folks feel on the 'net. Not 'digging' at you DL.....there has been so much in the media lately about phishing....watchout!! Oh yah, I understand, I was just amazed the work someone put into this fake site.. I was foolish to click the link int he first place (there was no line at the top addressing me by my first and last name) but didn't think much of it at first. Even typing in my emeil and pasword seamed ok, as the place looked legit. Of course once the next page poped up asking for all my info (oh yah, they want to know your credit card PIN # and social insurance # too.. ) well, then I got wise to it. I was a little worked up after realizing I was into a scam, and even typing in my card # to the REAL paypal site (to verify my identity, allowing me to change my pasword) was making me nervous.. Even though all apears ok, I'm keeping an eye on my bank and credit card's a little closer for the next while.. Quote Link to comment Share on other sites More sharing options...
auxilary Posted February 24, 2005 Share Posted February 24, 2005 you guys want to be really freaked out? I mean, REALLY freaked out? Those of you using mozilla/firefox: http://www.shmoo.com/idn/ mouse over on paypal.com link. Then CLICK paypal.com link. Look at the URL at the top. Do math, and read the link about IDN info below. This was unveiled 2 weeks ago, and would be an excellent tool for phishing scams. Quote Link to comment Share on other sites More sharing options...
Pop N Wood Posted February 24, 2005 Share Posted February 24, 2005 I read about that. Guess the firefox people were trying to allow alternate characters to be used for URL's to support Chinese characters. What were they thinking? For once Microsoft has the supperior product. Quote Link to comment Share on other sites More sharing options...
Wagz Posted February 25, 2005 Share Posted February 25, 2005 you guys want to be really freaked out? I mean' date=' REALLY freaked out? Those of you using mozilla/firefox: http://www.shmoo.com/idn/ mouse over on paypal.com link. Then CLICK paypal.com link. Look at the URL at the top. Do math, and read the link about IDN info below. This was unveiled 2 weeks ago, and would be an excellent tool for phishing scams. Mozilla just released a fix for this: The Mozilla Foundation released an update on Thursday to the Firefox Web browser to fix several vulnerabilities. One of the bugs that Firefox 1.0.1 fixes is a vulnerability in the Internationalized Domain Names (IDN), which allowed an attacker to create a fake Web site on a non-Microsoft browser in order to pull off a phishing scam. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.