** DELETE THIS E-MAIL IMMEDIATELY AND IGNORE IT **

This is nothing directly about PayPal's service... BUT I received an e-mail this morning that said:

From: service@paypal.com
Subject: Notification of PayPal Account Restriction

If you have questions concerning this restriction, please
contact us using the link below:

http://www.paypal.com/wf/f=ra


Thank you for your prompt attention to this matter.

Sincerely,

The PayPal Account Review Department

Note: When you login to your PayPal account, be sure that the website's URL always begins with "https://www.paypal.com/".
The "s" in "https" at the beginning of the URL means you are logging into a secure page. If the URL does not begin with
https, you are not on a PayPal page.

Umm I dont get it.. Paypal is always https .. If you type paypal.com, www.payapal.com, http:/www.paypal.com they all bring you to https://www.paypal.com ..

As long as you dont send any password or user information unsecure what is the problem?

I'm sorry - I was tired when I posted this but I knew I had to - That e-mail, if you received it... is *NOT* from paypal.

It "appears" to be from PayPal but it actually goes to:

<a href="http://www.paypal.com.wf:f=ra@216.147.65.206/login.html">http://www.paypal.com/wf/f=ra</a>

Which goes to http://216.147.65.206/login.html

216.147.65.206 is NOT PayPal

http://216.147.65.206 and you will see

---

This is called a "spoof" from people to make it look like official PayPal e-mail and get your password so they can start stealing funds from your account.

PayPal *DOES* know about this and is researching this.

I do very large transactions with PayPal and I know many people at PayPal.

If anyone has any questions, or might think they are in trouble - Login and change your password immediately especially if you think you might ahve fallen for this.

If anyone needs additional help, I can be reached at 732-333-1066 extention 2

PayPal got to them - No one will be "tricked" anymore - So it's all safe.

The 'trick' web site has been de activated - If anyone went to this and entered a password- Change your password.

Hey if you *know* people at paypal maybe you can get my $307 back hehe. :D

What happened to your $307? PM me?

Just a reminder to users of our service....If you are in doubt about the authenticity of an email, you should only log in at www.paypal.com.

Excuse me sir, but not to be rude - But you are saying something that doesn't matter?

People WERE logging on at <removed> it was buggy code on PAYPAL'S server that allowed it.

Originally posted by AcuNett
Hey if you *know* people at paypal maybe you can get my $307 back hehe. :D

Ya, or my $580 that I got taken for. :)

Originally posted by FocusOn718
People WERE logging on at <removed> it was buggy code on PAYPAL'S server that allowed it.

I don't think it was on Paypal's servers. It was on a totally different site paypal.com.wf (.wf = Wallis and Futuna Islands). Anyone can register a domain...

The possibility of this happening was known some time ago.

http://www.webhostingtalk.com/showthread.php?s=&postid=344508#post344508

be carefull.

Paypal's looking like the Outlook Express of Payment Services.

Ok, some explanation:

This 'security hole' is not something that paypal could have prevented in any way.
Even I can set up an url like http://www.webhostingtalk%40207.46.230.220/forum/

My example is even more 'dangerous'. The part of the url before the @ (or %40, which makes it even harder to distinguish it from a genuine url) is sent as username to the server after the @. So www.webhostingtalk.com is used as the username to visit http://207.46.230.220/forum/. Anyone can set up something like this and there's just no way to prevent them from doing that. The only action you can undertake is to contact the upstream provider and ask them to shut it down.


By the way, there is another evil way of getting people's account information. Here in Holland we have this bank which offers internet access to your bank account. The url they use(d) is https://bankieren.rabobank.nl/ and was supposed to be 100% secure. However, some writers for a computer magazine decided that they wanted to hack it somehow and write a nice article about it. So they started spreading a virus which put a line like this:
123.123.123.123 betalen.rabobank.nl
Of course, they had access to the webserver on this ip address and they put a copy of the real page on it, asking people to give their access code etcetera.
And even though people visited http://betalen.rabobank.nl/ instead of https://www.rabobank.nl/, they still gave all their account information.
(Visiting https://betalen.rabobank.nl/ would of course have given a security warning, because they didn't have the corresponding ssl certificate)
And as you see, the rabobank could do nothing to prevent this from happening.