Credit Card Scam

Kone

From Service <service@paypal.com>
Date Thursday, September 18, 2003 4:07 pm
To <xxx@dol.ie>
Subject PayPal Account Security Measures



Please verify your information today!

Dear Paypal Member.
Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your paypal account and to ensure a safe Paypal experience. We require all flagged accounts to verify their information on file with us. To verify your information, Click Here and enter the details requested. After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account.

Thank you for using PayPal!



Please do not reply to this e-mail. Mail sent to this address cannot be answered.


=============================================

Almost Had me fooled!

Sleipnir

whoa! that's a sneaky one. The page itself look quite genuine. Even though the IP address throws up a Korean website.
I'd say a lot of people could fall for that.
Asking for the pin number is also a bit of a give away.
Well, I'll just fill in some false details, just to waster their time.

hedgetrimmer

Didn't a few bank in the UK get hit by this too, where the bank "sent" an email to customers using on-line banking. Liuckily, only a few of them got caught out - most people rang the bank first, which suggests a growning awareness of Internet scams.

However, I have an email for a trusting African who wants to give me $1,000,000 and all I have to do is give him my bank details...tempting....:D

Mac daddy

sneaky ****s

here there website http://211.113.186.42/

IP Tracker IP Tracker Checking IP: 211.113.186.42

OrgName:Asia Pacific Network Information Centre
OrgID: APNIC
Address:PO Box 2131
City:Milton
StateProv:QLD
PostalCode: 4064
Country:AU

ReferralServer: whois://whois.apnic.net

NetRange:210.0.0.0 - 211.255.255.255
CIDR:210.0.0.0/7
Netname:APNIC-CIDR-BLK2
NetHandle:NET-210-0-0-0-1
Parent:

:mad:

HarryD

ohhh very sly indeed...
All the links on the page are through to paypal..

schnnnakes...

One could be forgiven for falling for that...

TRIAX

here's a little infomationabout him.

[ ISP IP Admin Contact Information ]
Name : Sungin Kim
Phone : 82-31-738-6411
Fax : 82-31-738-6430
E-Mail : ipadm@mgate.shinbiro.com
[ ISP IP Tech Contact Information ]
Name : Sungin Kim
Phone : 82-31-738-6411
Fax : 82-31-738-6430
E-Mail : ipadm@mgate.shinbiro.com
[ ISP Network Abuse Contact Information ]
Name : Sungin Kim
Phone : 82-31-738-6411
Fax : 82-31-738-6430
E-Mail : abuse@shinbiro.com

Go to nic.com and place in his ip to get all information.

sionnach

lol that's well done

oneweb

Seems to be broken atm. It does load a "Processing..." page, but ends up giving the error below (regarding a craftily encoded url).

http://www.paypal.com/@211.113.186.42/pp/update.htm

Ok, just checked, IE happily lets the user connect to %32%31%31%2e%31%31%33%2e%31%38%36%2e%34%32/%70%70/%75%70%64%61%74%65%2E%68%74%6D which is the encoded version of 211.113.186.42/pp/update.htm with a username of http://www.paypal.com Mozilla seems to save the user from trouble, whether accidental or not

***, anyone willing to give away their complete details just like that without further enquiry deserves the problems they'll face!

Filled in a load of bowlocks and got:

Not Found
The requested URL /pp/thankyou.htm was not found on this server.

---

Apache/2.0.40 Server at webmail.cpe.kmutt.ac.th Port 80

Very clever trick ('cept the error), but very very nasty.

Samson

I got this just now, this a different layout:

Dear eBay User,

During our regular udpate and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete.

As a result, your access to bid or buy on Ebay has been restricted. To start using your eBay account fully, please update and verify your information by clicking below :

https://scgi.ebay.com/saw-cgi/eBayISAPI.dll?VerifyInformation

Regards,

eBay

**Please Do Not Reply To This E-Mail As You Will Not Receive A Responce**

Roller Toaster

That link doesn't seem to work but it looks like a genuine ebay page?

Sleipnir

I don't think ebay would be allowed to ask you for your email addy and password?
And most people use the same security questions and answers time and time again.
why would they need the PIN number for your CC?
It does look genuine but it sure ain't.

Roller Toaster

Ooooh the link is https/scgi.ebay.com/saw-cgi/eBayISAPI.dll?VerifyInformation
Thats pretty devious I have to say.

valor

newbie question ; what difference does the s make?

Winters

Originally posted by valor
newbie question ; what difference does the s make?

Tells you weather its a secure server or not.

If you are running on a secure server (Gives the padlock in the bottom right corner of IE) then the address will be HTTPS. For normal browsing it will be HTTP.

Roller Toaster

It makes it a totally different website too right? https://www.ebay.com doesn't exist....

oneweb

No, the s on http nearly always leads to the exact same page, just depends on whether encryption is enabled for certain pages.

the bit between the http and ebay.com bit is a different site.

How would they have managed that subdomain? An inside job or can users sign up for them?

Capt'n Midnight

Have a look at the source on the first page;

<!-- saved from url=(0059)https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run -->
Now have a look at the real page..
https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run

It's a little too easy to copy .. Yes someone could copy the look and feel - but handing out source code to script kiddies is negligant...

A truly evil person could write code to update your IP settings so that paypal.com would point where it is supposed to and paypal.C0M or (or .net or .co.uk or .ie) would point to the site..