Yet another Paypal/eBay scam..

[Redleg]

Just received an "interesting" e-mail today..
Looks like it's a new version of the famous paypal scam mails.
(I haven't received this version before....)

I've xxxx'ed out my personal info....

Header:

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Thu, 03 Feb 2005 10:31:20 -0800
Received: from xxxxxxx by xxxxxx.xxxxxxx.com with local-bsmtp (Exim 4.43)
id 1Cwll3-0002NA-7B
for [email protected]; Thu, 03 Feb 2005 10:31:20 -0800
Received: from [217.160.230.40] (helo=mout.perfora.net)
by xxxxx.xxxxxxxx.com with esmtp (Exim 4.43)
id 1Cwll2-0002Mb-OJ
for [email protected]; Thu, 03 Feb 2005 10:31:13 -0800
Received: from infong233.us.perfora.net[217.160.226.16] (helo=infong233)
by mrelay.perfora.net with ESMTP (Nemesis),
id 0MKz1m-1Cwlin2tFh-0001Q2; Thu, 03 Feb 2005 13:28:53 -0500
Received: from [82.135.132.88](IP may be forged by CGI script)
by infong233.perfora.net with HTTP; Thu, 3 Feb 2005 13:28:53 -0500
X-Sender-Info: 118769089@infong233
Date: Thu, 3 Feb 2005 13:28:53 -0500
Precedence: bulk
To: [email protected]
Subject: PayPal FRAUD AND SECURITY TEAM
From: <[email protected]>
Reply-To:
Message-ID: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on
xxxxx.xxxxxxx.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,HTML_20_30,
HTML_MESSAGE,MIME_HTML_ONLY,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET,
REPLY_TO_EMPTY autolearn=no version=3.0.1
X-Antivirus: AVG for E-mail 7.0.300 [265.8.5]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-42027FA04319======="

Mail:

Dear PayPal Member,

During our regular update and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete.
Please update and verify your information by signing in your account below :

http://www. paypal. com/cgi-bin/webscr?cmd=_login-run

If the account information is not updated to current information within 5 days then, your access to bid or buy on eBay will be restricted.

***Please Do Not Reply To This E-Mail As You Will Not Receive A Response***

Thank You!

Jason Micheals
Customer Support

But the link doesn't lead to paypal, it leads to:
http://papalis. e-odyssey. net/accounts/cgi-bin/webscr/index.htm

If the account information is not updated to current information within 5 days then, your access to bid or buy on eBay will be restricted.

I don't even have an eBay account..

I've reported it to Payapal now...

 

[PolurNET]

Whoa, they even try to put a layer that looks like an address bar with the paypal URL! That's really crazy! wonder what paypal has got to say?

 

[AdoptableDomains]

One of the quickest ways to tell a fake is that paypal or ebay never address you as "paypal member" or by your full email address. They use your real name.

However, even if they do get your real name,type the name in the address bar, because it can be faked in links and fairly well spoofed in other ways.

 

[Peter]

Whoa, they even try to put a layer that looks like an address bar with the paypal URL! That's really crazy! wonder what paypal has got to say?

They have been doing that for a while.

 

[IAmAllanShore]

The moral of this story...
Don't use PayPal and you can't be taken in by this trick
-Allan

 

[Redleg]

And yet another one now..

eBay Security Center: Urgent eBay Account Update Request.

Dear eBay member,

We recently noticed one or more attempts to log in to your eBay account from a foreign IP address and we have reasons to believe that your account was hacked by a third party without your authorization.

If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you.

The login attempt was made from:

IP address: 154.106.12.15

IS Host: cache-154.proxyes.aol.com.

If you choose to ignore our request, you leave us no choice but to temporally suspend your account.

We ask that you allow at least 72 hours for the case to be investigated and we strongly recommend not to make any changes to your account in that time.

However, if you are the rightful holder of the account, click on the link below, fill the form and then submit as we try to verify your identity:
http://signin.ebay.com/aw-cgi/eBayISAPI.dll?OneTimePayment&ssPageName=h:h:sin:US

eBay will request personal data (password, credit card/bank numbers, and so on) in this email.

Thank you for using eBay!
http://www.ebay.com/




--------------------------------------------------------------------------------


This eBay notice was sent to you based on your eBay account preferences. If you would like to review your notification preferences for other types of communications, click here. If you would like to receive this email in text only, click here.

As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.

The link leads to http://placebofan. 100free. com/login.html this time
(and I still don't have an eBay account.. )

 

[zaros64]

quite a few people got this email....
I don't check meh email much anymore(on namepros all the time..and runevillage:P)

 

[wisconsin]

I received a similar email last month, so I contacted paypal and asked them about it.
Not surprised, they said they had not sent it and asked me to forward the whole email to them for investigation, which I did.

 

[AdoptableDomains]

I read about an even more devious phishing trick going on. The email link (or virus) you click can cause a script to run entering a line in your hosts file on your local computer. The hosts file works to overide normal DNS that the domain such as paypal.com, (or yourbank.com or yourcreditcard.com) should not go to the real IP of paypal, but to another theif's IP number. Paypal.com would still be shown in the address window, and even typing it there would send you to the theif's fake website.

Moral of story....make you hosts file read only, and see if anyting is already entered there. It is a plain text file without an ending and normally in one of your system folders. the only entry normally there is:

127.0.0.1 localhost

entries preceded by # signs are only comments. An entry of some other IP number will send all traffic of the name following it to that IP instead of what the public DNS shows. If you entered a line with some IP number and one of your domains, then your browser would interpret that domain to to go the listed IP instead of the real registered one.

 

[dx3k]

Can i do this

x---- Deleted ---x

 

[Badger]

Not the brightest of paypal scams ive seen...

They leave a HUGE trail behind them....

http://centralops.net/co/

laughable really..

 

[jberryhill]

It is a plain text file without an ending and normally in one of your system folders. the only entry normally there is:

127.0.0.1 localhost

Yah, the hosts hi-jack, and the java address bar fake (although I understand that's been patched if you have the latest MS updates) are pretty good.

One note on the hosts file, though. If you run Spybot or other adaware/spyware software, such programs often have features with alias a variety of URL's to localhost. For example if you edit your hosts file to alias, say ads.doubleclick.net to 127.0.0.1, then you can get rid of a lot of banners and so forth. It's a great way to have a more clutter-free browsing experience, but if you find a lot of entries in your hosts file, that may be one reason why. However nothing should be aliased to anything other than localhost.

In general, though, phishing emails are as common as Nigerian 419 spam.

 

[zaros64]

they are a bit stupid lol....
I hate stupid nigerian crap

 

[smadison]

Wow. First time on the internet? It's called 'phishing', and it's endemic to more than just PayPal eBay.

The first Recieved: From gives you the originating IP. In this case, it's an Italian Telecom, definitely not eBay.

Clicking on the link then takes you to a cleverly disguised website that caches your username and passwords and any other information you enter to 'verify your account.'

This happens all the time on the internet. Banks are faked, auction sites are faked, amazon accounts are faked. Nothing new here, folks. Perhaps the more appropriate The moral of this story should be...
Don't use the internet and you can't be taken in by this trick

It's just CRAZY!

(Our next lesson will be on Urban Legends: children whose dying wish is to receive emails from everyone on the internet! lost children whose parents are pleaing for your help! chain letters promising bad luck if you don't spam everyone on your contact list! guaranteed ways to make money! and soppy endless crap poetry about what makes you a TRUE FRIEND)

 

[jopros]

Thanks. It will help us to avoid this scam.

 

[Mike_Wiseman]

there are so many paypal email scams, theres no point posting them here, you know its a fake, we know its a fake, everyone knows its a fake! Everyone knows every paypal, ebay emails asking u to update ur info or something like that are fake!

 

[mastodont]

I also received this scam.

After reporting them to their ISP I've never heard anything about them.

 

[kw31]

I got the email too
tried going to the link and it looked exactly like paypal... even with the paypal credit card ads

 

[mastodont]

Did you send a complaint to PayPal?