Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Paypal scam. Don't fall for it.

Author
Message
hyrichter
20
Years of Service
User Offline
Joined: 15th Feb 2004
Location: Arizona
Posted: 30th Aug 2004 15:05
Link
I just got this email in my inbox saying it's from PayPal, and it's very convincing. I just wanted to warn others, as I haven't seen this exact scam before.

Quote: "


Dear (my email address),

We recently reviewed your account, and suspect that your PayPal account may
have been accessed by an unauthorized third party. Protecting the security
of your account and of the PayPal network is our primary concern.
Therefore, as a prevention measure, we have temporarely limited access to
sensitive PayPal account features.
Please click on the link below to confirm your information:

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

For more information about how to protect your account, please visit
PayPal's Security Center, accessible via the "Security Center" link located
at the bottom of each page of the PayPal website.

We apologize for any inconvenience this may cause, and appreciate your
assistance in helping us maintain the integrity of the entire PayPal
system. Thank you for your prompt attention to this matter.



Sincerely,

The PayPal Fraud Management Team




Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the header of any page.
Copyright© 2004 PayPal, Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners.

"


The link doesn't lead to PayPal, but to a site that looks exactly like PayPal. It opens a new window, disables the status bar, and somehow makes that address look like it's in the address bar . However, if you right click the page and click on "properties" you'll find that you are actually at http://www.lawncom.co.kr/.update/log1.htm. I filled out all their information with a bunch of crap and the site accepted every bit of it and said that my account information was verified.

As I said, I just wanted to make this warning here. I'm off to PayPal to report this.



Do not click the red button
Back to top
Profile PM Email
Sir Spaghetti Code
20
Years of Service
User Offline
Joined: 12th Jul 2004
Location: Just left of Hell
Posted: 30th Aug 2004 15:12
Link
Thanks for the info! I'll keep an eye out for it. Have you tried actually going to that domain and seeing what is says?

Back to top
Profile PM Email
hyrichter
20
Years of Service
User Offline
Joined: 15th Feb 2004
Location: Arizona
Posted: 30th Aug 2004 15:19
Link
I went to the domain, but it's in Korean (I think) and I can't understand a bit of it. I got the HTML source for the email and uploaded it to my site so you can see exactly what the email looks like and what it does.
http://www.hytekproductions.com/spoof.html



Do not click the red button
Back to top
Profile PM Email
Jimmy
21
Years of Service
User Offline
Joined: 20th Aug 2003
Location: Back in the USA
Posted: 30th Aug 2004 15:43
Link
You fell for it

Oh well, I once made a spoof Novell Netware login screen, it worked


http://www.dbspot.com/ - Free website hosting. Fast and reliable... probably.
Back to top
Profile PM Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 30th Aug 2004 23:07
Link
Thanks for the info, did you notify PayPal?


DBP_NETLIB_v1.4.3 DarkTOPIA - September 2004
Back to top
Profile PM
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 30th Aug 2004 23:44
Link
you should forward these details to paypal

Registrant:
Hyrum Richter

Registered through: GoDaddy.com
Domain Name: HYTEKPRODUCTIONS.COM

Domain servers in listed order:
NS1.MIDEEM.COM
NS2.MIDEEM.COM

For complete domain details go to:
http://whois.godaddy.com

If no-one gives your an answer to a question you have asked, consider:- Is your question clear.- Did you ask nicely.- Are you showing any effort to solve the problem yourself
Back to top
Profile PM Email
hyrichter
20
Years of Service
User Offline
Joined: 15th Feb 2004
Location: Arizona
Posted: 30th Aug 2004 23:54
Link
Uhh, Indi, hytekproductions is my website.(One of these days I'll get around to finishing it) Why does PayPal need my website registration info? I'm sure these guys got my email from eBay as I'm listing several items there. The funny thing is, the email address they sent it to has never been registered with PayPal.

I have forwarded the email to PayPal, and got an autoresponder saying that they'll be looking into it.



Do not click the red button
Back to top
Profile PM Email
Ian T
22
Years of Service
User Offline
Joined: 12th Sep 2002
Location: Around
Posted: 31st Aug 2004 00:06
Link
They've already known about this for a few weeks actually. My dad mentioned that someone at his workplace had almost fell for it ten or so days ago, and that Paypal was warning people somewhere on their site. Frauds just keep getting better and better...


http://forum.thegamecreators.com/?m=forum_view&b=1&t=10920&p=1
Back to top
Profile PM
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 31st Aug 2004 00:17
Link
The moral of the story being, whenever a system asks you for your password in an out-of-the-ordinary situation, make sure it's legit.

Back to top
Profile PM
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 31st Aug 2004 01:43 Edited at: 31st Aug 2004 01:43
Link
moral of the story dont follow links that are emailed to you from paypal, have a link to their official site stored in your favorites and make sure it points to httpS://www.paypal.com/


DBP_NETLIB_v1.4.3 DarkTOPIA - September 2004
Back to top
Profile PM
Ian T
22
Years of Service
User Offline
Joined: 12th Sep 2002
Location: Around
Posted: 31st Aug 2004 02:15
Link
Ah, quite true .


http://forum.thegamecreators.com/?m=forum_view&b=1&t=10920
Back to top
Profile PM
Northern Lights
21
Years of Service
User Offline
Joined: 12th Oct 2003
Location: Minnesota, USA
Posted: 31st Aug 2004 02:24
Link
Not sure, but I think the site hosting the scam was hacked...thats the way it looks anyway...

"Watson you idiot! Someone stole our tent!"
Back to top
Profile PM Email
the_winch
21
Years of Service
User Offline
Joined: 1st Feb 2003
Location: Oxford, UK
Posted: 31st Aug 2004 03:52 Edited at: 15th Sep 2006 17:01
Link
Works well in firefox

By way of demonstration, he emitted a batlike squeak that was indeed bothersome.
Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 31st Aug 2004 03:56
Link
I've had that kind of email many times. Usually it's a Bank, but I've had them for my paypal account too.

There are two basic rules I follow when dealing with an email of a financial nature:
- never follow any link already provided in the email. With HTML messages they can send you somewhere else. Always connect to their homepage yourself.
- ignore it if it is not addressed specifically to you. The Bank/Paypal knows your name and would use it.

*** Coming soon - Network Plug-in - Check my site for info ***
For free Plug-ins, source and the Interface library for Visual C++ 6, .NET and now for Dev-C++ http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 31st Aug 2004 13:00
Link
thats weird, i did a whois on the site and it returned those results.

If no-one gives your an answer to a question you have asked, consider:- Is your question clear.- Did you ask nicely.- Are you showing any effort to solve the problem yourself
Back to top
Profile PM Email
David T
Retired Moderator
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: England
Posted: 31st Aug 2004 19:00
Link
Quote: "thats weird, i did a whois on the site and it returned those results."


Because you whois'd his version that he uploaded for us to see

You want real results try whois'ing http://www.lawncom.co.kr/.update/log1.htm

Get 15 new commands, all the date / time commands left out of DBPro for free!
DOWNLOAD PLUGINS HERE: http://www.davidtattersall.me.uk/ and select "DarkBasic"
Back to top
Profile PM Email Website
jasuk70
21
Years of Service
User Offline
Joined: 3rd Dec 2002
Location: Hemel Hempstead
Posted: 1st Sep 2004 07:53
Link
I've reported a similar one to paypal but they never responded, part of their web site for reporting fraud did say that if pay pal ever contacted you they would always use your full name, not an email address etc.

Jas

----
"What is this talk of 'release'? Klingons do not'release' software. It escapes leaving a bloody trail of developers and quality assurance people in its wake!"
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-11-26 00:50:39
Your offset time is: 2024-11-26 00:50:39