Jump to content


Photo

SCAM WARNING (URL spoofing, PayPal related)


  • Please log in to reply
16 replies to this topic

#1 WhatsNewInBaltimore

WhatsNewInBaltimore

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 17 July 2004 - 06:00 AM

This both scares me, and infuriates me....

Scares me, becuase computers are my life and my business, and I fell for it, and infuriates me becuase if *I* was almost duped, surely the likes of my wife, my parents, my inlaws, etc. who are not so computer savvy would never have wised up to it.

Before I explain the scam, a bit of background is required regarding URL Spoofing, see Google links here:
http://www.google.co...G=Google Search

IMPORTANT NOTE: THIS IS *NOT* limited to Internet Explorer... I just tried it in FireFox and got the same result!!! So if you think you are insulted from this type of scam because you don't use an IE based browser, you're wrong.

THE SCAM: By spoofing the URL of a PayPal website, you are sent to a site which mimics the PayPa login screen, and if you actually type in your username and password, you just handed your funds over to the scammers!!!! BASTARDS!!!!

Try it for yourself (WARNING: DO NOT LOGIN!):
http://www.vipphone....ame@SomeISP.com

Watch carefully what happens... you get a paypal address followed by a bunch of characters (too many to be visible in your address bar unless you run at a really high resolution like me, 1920 x 1200) then an "@" symbol (how the spoofing is done) then the scammers website - in this case vipphone !!!!

These feggers ought to be castrated and fed their own you-know-whats.

Ohhh dammit I am so irked over this!

#2 WhatsNewInBaltimore

WhatsNewInBaltimore

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 17 July 2004 - 07:49 AM

I've now tried this in FOUR different browsers, and they ALL took me to the spoofed page. IE, MyIE2 (IE core), Firefox .9, and Opera 7.5

Opera did give me a warning dialog, but clicking OK still took me to the spoofed page.

The message Opera gave me indicated www.vipphone.com.sg

That domain is in Singapore, which I'm guessing would make prosecuting them nearly impossible (I had forwarded the information to PayPal)

#3 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 17 July 2004 - 09:10 AM

Yes I know about the PayPal fraud.
Recently I received an email from "PayPal", that really looked like an email from PayPal.
They asked me to verify my account data and gave me a link to a website that looked like a PayPal, but the real PayPal url begins with "https://" and this link started with "http://" and that's why I got suspicious.
Besides the real PayPal never sends emails like that, they ask you to check your account data via their website not via email.
My advice : always use your OWN link to PayPäl, nothing else.

I consider the PayPal fraud as a very dangerous one, because they don't ask for money, only for information and that's why people aren't suspicious right away.
ErikAlbert
Simplicity is always brilliant.

#4 Freebird

Freebird

    Advanced Member

  • Full Member
  • PipPipPip
  • 196 posts

Posted 21 July 2004 - 02:24 PM

I am using Firefox 0.9.2. All I get is a "The Page cannot found"using the url you posted. The URL in the address bar at the bottom is exactly the same if I copy&paste it. Perhaps it has been taken down?

:wave:

Edited by Freebird, 21 July 2004 - 02:25 PM.

We know the speed of light......but, whats the speed of dark? Steven Wright - Scientist and Comedian

#5 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 21 July 2004 - 03:43 PM

I'm using IE6.0 SP1, and got the same as freebird...
Nucia Security Forums - Dutch Anti-Malware Support

#6 WhatsNewInBaltimore

WhatsNewInBaltimore

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 22 July 2004 - 03:33 AM

Ahhh the power of publicity! Yay! Win one for the good guys ~ I can no longer get to it either :)

I had reported them to PayPal, posted the link in a number of forums, and emailed all my friends and family... maybe somehow some authority was able to take it down.

I'd gotten a reply from a friend who unfortunately fell victim to this very scam and was hit up hard, she had to go through lots of hoops with credit cards, credit reporting agencies, etc., and her biggest worry is that "they" now have her SSN.

Fortunately we have places like SWI to spread the word about crap like this.

#7 roadrage

roadrage

    SWI Junkie

  • Helper Trainee
  • PipPipPipPip
  • 273 posts

Posted 22 July 2004 - 12:41 PM

try this when you get to page not found

Please try the following:

If you typed the page address in the Address bar, make sure that it is spelled correctly.
(below here) this might be the real page out of Singapore?
Open the www.vipphone.com.sg home page, and then look for links to the information you want.
Click the Back button to try another link.

#8 mrdeskart

mrdeskart

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 23 July 2004 - 09:07 PM

I had the same thing sent to me. I have been using Paypal for many years so I kinda knew that they wouldn't do this type of thing, but, I have to admit, it was tempting to hit the link :huh: .

I always, whether it's eBay, Paypal or bank, copy the email and send it to their security people for verification (however paypal is extremely slow in responding).

I HATE SCAMMERS!!!!!!!

#9 marcloage

marcloage

    Member

  • Full Member
  • Pip
  • 67 posts

Posted 28 July 2004 - 06:50 AM

Ive already had a few emails.

#10 roadrage

roadrage

    SWI Junkie

  • Helper Trainee
  • PipPipPipPip
  • 273 posts

Posted 28 July 2004 - 01:22 PM

Here is an attachement of a fake pay pal I recieved in my E-mail
I have to make Two replys the first is the fake Log In and the second reply attachement is the real Log In.
Notice the SSL (Secured Socket Layer) for both.

#11 roadrage

roadrage

    SWI Junkie

  • Helper Trainee
  • PipPipPipPip
  • 273 posts

Posted 28 July 2004 - 01:24 PM

Here is the real pay pal see attachement.

#12 WhatsNewInBaltimore

WhatsNewInBaltimore

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 28 July 2004 - 06:24 PM

Don't ever trust the padlock alone... it's terribly easy to set up a site that requires https logins, I did it in less than 5 minutes using just XP Pro and IIS. ANYBODY can fake that out, it was just an oversight on the scammers' part.

Best advice is NEVER, EVER click on links from emails, always use your bookmarks or type in the URL directly.

Any reputable site will NEVER solicit personal information via email.

#13 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 28 July 2004 - 07:05 PM

WhatsNewInBaltimore, I'm afraid that people will always open attachments, and send personal info over unsecure links.

But it's not always scammers. I know of a business that set up a website, quite legit business, and could only accept credit card orders by email, and they expected people to use it!
I believe that they had quite a few customers too.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,570 posts

Posted 28 July 2004 - 08:41 PM

.

>>> http://www.antiphishing.org/

.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#15 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 28 July 2004 - 10:18 PM

Take a look at: http://www.spywarein...showtopic=18295
Can you identify the phish from the legits?

#16 roadrage

roadrage

    SWI Junkie

  • Helper Trainee
  • PipPipPipPip
  • 273 posts

Posted 29 July 2004 - 11:37 AM

Hey:WhatsNewInBaltimore
quote:Don't ever trust the padlock alone...
Yes that too, but also I recieved Two US Bank E-Mail's asking for my account info username and password guess what I never have banked with them, as always I immediatley did a forward to MS Scam Alert, I have sent them a couple other's this month already.
I called US Bank and talked to them also, it is ongoing with them.
A tip your bank will never ask you for your account info and the like's just for this reason alone not to name a few others

#17 TootieKatz

TootieKatz

    Member

  • New Member
  • Pip
  • 1 posts

Posted 29 July 2004 - 06:27 PM

Hi there, would using Spoofstick have helped?
Its an extension you can add to Firefox and also there is a version for IE. I have used it ever since I heard about the EBay password scam.
-Tootie :D :




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button