Very good phishing email

We may earn a small commission from affiliate links and paid advertisements. Terms

xj0hnx

I wanna be sedated
VIP
Date: Sat, 10 Sep 2005 15:05:46 +0000
To:
Subject: Unauthorized Access: (Routing Code: K2153-T005-K500)
From: "PayPal Inc." <service@paypal.com> Add to Address BookAdd to Address Book
You have added buy517car7@aol.com as a new email address for your
PayPal account.

If you did not authorize this change or if you need assistance with
your account, please contact PayPal customer service at:



Log in to your PayPal account


Thank you for using PayPal!
The PayPal Team


Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.

----------------------------------------------------------------
PROTECT YOUR PASSWORD

NEVER give your password to anyone and ONLY log in at
https://www.paypal.com/.Protect yourself against fraudulent websites
by opening a new web browser (e.g. Internet Explorer or Netscape) and typing
in the PayPal URL every time you log in to your account.


So, I get the above email, telling me that I have added a new email to my account, and I need to verify it. So I open a new tab and enter "paypal.com" and am directed to this address....

Send Money, Pay Online or Set Up a Merchant Account - PayPal/us/cgi-bin/webscr?cmd=_login-run

I right click the email anad open it in a new tab, and am sent to....

IES Los Cerros – Instituto de Educación Secundaria/home/imagenes/titulos/w/update.html

If you don't look at the address, this second site is an exact mirror of the Paypal site.

They don't ask for anything suspicious in the email, and even the link provided look like the Paypal login screen link, kind we do links here with the link tag

Becareful kids
 
The above links in the quoted email will take you to paypal site, since the original html tags are not present. If you want to see the phishing site, right click copy paste the second addy.
 
best way to find fake paypal emails is paypal always uses your real name the fake ones always say "dear paypal user"
 
oh god...i actually filled that out...

kinda, heres what i got


PayPal



PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.



We are contacting you to inform you that on 1st September 2005 our Account Review Team identified some unusual activity in your account. In accordance with PayPal's User Agreement and to ensure that your account has not been compromised, access to your account has been limited. Your account access will remain limited until this issue has been resolved.


Why has my account access become limited?

Your account access has become limited for the following reason(s):

# 1st September 2005: We believe your account was accessed by an unauthorized third party.

(Your case ID for this reason is PP-069-737-184.)

We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.



How can I restore my account access?
By logging into your PayPal account at https://www.paypal.com/us/cgi-bin/webscr and you will be directed to the verifying page.



Completing all the items will automatically restore your account access.
Please do not reply to this e-mail. Mail sent to this address cannot be answered.
Copyright© 2005 PayPal Inc. All rights reserved.
Designated trademarks and brands are the property of their respective owners.






........does that seem real? im worried...
 
My boss bought something off eBay last week. When she got the email telling her that she owed xxx amount of money, it gave a link. Apparently, if you click the link, the hacker or whoever has something piggybacked onto it that gets all your information as you go to pay through paypal. She still had her credit card, but someone had her card number and was making $4000 worth of withdrawals in Italy. The only reason she caught it, is because she went to the store to make a $12 purchase and her card was declined. It had exceeded her $1000 a day limit. $4000 later, she had to file with the POlice and the FBI.
 
I NEVER respond to any e-mail from any service I use. not ebay, paypal, or any of my creditcards, cable, power, water... you name it

they can either

A, call me.
B, send me a letter,
C, update me when I log in next time.

I've NEVER had any issues with anything and I pay 99% of my bills online.

If I do get an e-mail from any of the companies I deal with I delete them or if it for some reasons seems legit I DO NOT open any links from the e-mail, I open up firefox and go to www.capitalone.com or whatever the site may be and go from there.
 
I got one today saying somebody in UK sent me $960....I clicked open another window and went to [aypal directly and balance was $0.00,....and scrolled over the link in the email...and it was the same one as above....
 
if you use thunderbird for your email, mailscanner will detect fraudulent links.

ebay now has a control center-- all real emails are sent to you on the ebay website.

and for the 5th time, NEVER CLICK A LINK if you think its real.

log in all by yourself at the site, by openinging a new browser window, and mnually typing it in.

and if you use ie, you could be tripply fucked... but 85% of the world is stupid and still uses that worthless pos, so good luck.

here: enjoy this:

The URL in the address bar and even SSL certificate may be spoofed by
creating pseudo layers using "createpopup" method.

This method allows you to position a layer *anywhere on the screen*
(even outside the browsers viewport).

http://msdn.microsoft.com/library/default....createpopup.asp

This enables one to position a layer just on top of the addressbar and
make the URL *seem* as if it is from "amazon.com".

The article says that XP SP2 adds some restrictions to the method.

http://msdn.microsoft.com/library/default....dow_restric.asp

<quote>
Malicious coders have used these script-opened windows and the
script-driven window positioning to mislead and deceive users. The
Window Restrictions security feature in Internet Explorer 6 for
Microsoft Windows XP Service Pack 2 (SP2) now restricts the opening
and placement of windows by script to prevent malicious coders from
misleading users.
</quote>

This is a security vulnerability only for IE. And if you don't have
SP2, it applies to you as well.


then, http://www.getfirefox.com
 
so, basically, you could really and truely be on amazon.com but they made a layer OVER the content of amazon or whatever site, that you would enter your info into on their screen/system.
 
Yeah, I'm pretty sure that's what happened to her. She said that the investigation process could take between 2 weeks and 2 months, so it could be a while before she gets her money back.
 
I get this one every other day too:

Subject: Re: Message from eBay Member
Attachments:
View As Web Page
Message from eBay Member
Marketplace Safety Tips
Never respond to an unsolicited email that includes incentives to buy or sell an item off the eBay Marketplace. If you get such an email, please report it to eBay at http://www.ebay.com.my/helpTSForm.

Never pay for your eBay item through instant cash transfer services such as Western Union or MoneyGram - such services offer Internet shoppers no protection against fraud.



I sent you the goods , where's the money ? You promised that after i send the goods you send the money asap . is this a fraud? Please let me know! Should I contact the autorities ?

Rolland
Please respond to the question on eBay by clicking the button below.


This eBay notice was sent to based on your eBay account preferences. To unsubscribe from this eBay notice, click here.

As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.

Copyright 2005 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.

eBay and the eBay logo are trademarks of eBay Inc.
 
Originally posted by Callidus@Sep 11 2005, 10:22 PM
My boss bought something off eBay last week. When she got the email telling her that she owed xxx amount of money, it gave a link. Apparently, if you click the link, the hacker or whoever has something piggybacked onto it that gets all your information as you go to pay through paypal. She still had her credit card, but someone had her card number and was making $4000 worth of withdrawals in Italy. The only reason she caught it, is because she went to the store to make a $12 purchase and her card was declined. It had exceeded her $1000 a day limit. $4000 later, she had to file with the POlice and the FBI.
[post=552855]Quoted post[/post]​

thats why when ever i use my card it sends a text message to my phone. :worthy:
 
Back
Top