Results 1 to 9 of 9

Thread: Paypal Phishing

  1. #1

    Paypal Phishing

    For the past few months my personal emails and work emails have been bombard with PayPal phishing emails.

    Any one else had the same?

    I noticed paypal set up a nice little test for customers, can you pass the test and spot phishing emails?

    https://www.paypal.com/webapps/mpp/s...ouspotphishing

    I have also went to the extreme of just blocking any mention of paypal in the title of my work email as well as personal emails that are not attached to my account.

  2. #2
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992
    I took the PayPal Phishing Challenge and all I got was this lousy 404
    Attached Thumbnails Attached Thumbnails oop.jpg  

  3. #3
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992
    In all seriousness ... this subject hits home.

    Last time one of the people hit with it was an elderly woman I knew through family. Almost $1000. And I got a phone call. The after-effects of defrauding the elderly break my heart so much that it becomes personal and I get pissed. Big time. Huge. Now normally I would have just reported it. This time I used some nerd power against their moron power, and I had their pot of gold- 45 minutes, 2 cups of coffee and a decent amount of path traversal later, (TBH it was really a shoddy attempt on their part) everything was zipped up, down to the dots on the freaking I's. Was a hell of a mirror too. Weird banking crap all over the place that was almost certainly not PayPal related. It was hard not to send a few choice nuggets to those emails, but I didn't want to scare anybody off. Notice some of the spelling errors in the file names. Yeah, don't think that part's gonna be in the PayPal challenge.

    Way I see it, maybe I saved another elderly person from having to decide on food or medication that month
    Attached Thumbnails Attached Thumbnails oops-2.jpg  
    Last edited by Johnny Cache; 12-06-2013 at 08:48 AM.

  4. #4
    Join Date
    Dec 2011
    Location
    Montreal
    Posts
    431
    Quote Originally Posted by jfnllc View Post
    In all seriousness ... this subject hits home.

    Last time one of the people hit with it was an elderly woman I knew through family. Almost $1000. And I got a phone call.
    No disrespect, but really people are not really well educated regarding those things and they are losing it when it is about free money or discounts.

    Somebody said that to live in this world you need 3 elements:

    - air;
    - water;
    - naive people (i won't say the bad word);

    Being serious, I think they have to work more on people's education about those things. But many times when I made a complain there is no answers.

    Think about this:

    1. there is such a thing as an Internet safety;
    2. take care and keep safe and strong your passwords
    3. learn how to email forensics (reading full headers will keep you safe);
    4. remove your tracks (too many advertising those days);
    5. never, but never, and again never, put sensitive information trough HTTP protocol;
    6. It is extremely easy to detect if a website is cloned just looking at SSL certificate (and other clues);
    7. keep your computer secure (do updates,install antivirus etc);


    and more...

    Regards
    George B. | ROWEBCA
    Web Hosting Services & Server Management
    Skype : rowebca

  5. #5
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992
    1. there is such a thing as an Internet safety;
    2. take care and keep safe and strong your passwords
    3. learn how to email forensics (reading full headers will keep you safe);
    4. remove your tracks (too many advertising those days);
    5. never, but never, and again never, put sensitive information trough HTTP protocol;
    6. It is extremely easy to detect if a website is cloned just looking at SSL certificate (and other clues);
    7. keep your computer secure (do updates,install antivirus etc);
    None taken but we'll probably agree to disagree (at least in some areas) on this one. I would never, but never, and again never, tell a lady of 70+ years that she lost a grand because she didn't know how to check the SSL certificate issuer and to read email headers more closely. Not in that way.

    I understand where you're coming from, but at what point do we finally draw the line, then? There will always be people in this world who just. Don't. Know. We can't fault every single victim because they were human. After all, the point of a scam is to take advantage of someone. Advantage. Otherwise nobody would have ever fallen victim to them in the first place.

    I'm perfectly content having collected and reported the information. After all, they should have been smart enough to check through their passwords, and their headers. Or someone might find it and do it for them.
    Last edited by Johnny Cache; 12-06-2013 at 10:56 AM.

  6. #6
    Join Date
    Dec 2011
    Location
    Montreal
    Posts
    431
    Quote Originally Posted by jfnllc View Post
    I understand where you're coming from, but at what point do we finally draw the line, then? There will always be people in this world who just. Don't. Know. We can't fault every single victim because they were human. After all, the point of a scam is to take advantage of someone. Advantage. Otherwise nobody would have ever fallen victim to them in the first place.
    You're right, but my question for you is this:

    Why people will click and put a username password on a link telling them that they won a million dollar (or they can work from home making 5000$ / week) and all they have to do is to claim those money? (if you know what I mean) Is this related with "We can't fault every single victim because they were human." or is simple human nature basic instinct called "greedy", the desire to get money without working?

    Maybe I am wrong, I just wait for your answer.

    Regards
    George B. | ROWEBCA
    Web Hosting Services & Server Management
    Skype : rowebca

  7. #7
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992
    Quote Originally Posted by Rowebca View Post
    You're right, but my question for you is this:
    Why people will click and put a username password on a link telling them that they won a million dollar (or they can work from home making 5000$ / week) and all they have to do is to claim those money?
    I completely agree with you. No doubt about that at all and believe me, I feel the same way sometimes. You watch it on TV, people like us -- we hear it about it from someone just about every day, and I'm sure we've both helped our clients get out of a hole like this, or something close to it. And you're right, most of the time, we can't believe someone actually clicked into something like this when we know the potential damage.

    I was just discussing the two recent privilege escalations uncovered in WinXP and Server 2k3 this week after getting a look at one of the PoC's.
    First thing that struck me is the fact that one of the methods of being compromised involves the end-user having to open an attached email with malicious code injected in the body of the email, or attached separately. First thought was "STILL?!?!" So you've got me there. Perhaps both sides' ignorance are to blame a little for things like this, although I still consider knowingly defrauding someone of their livelihood, however much the amount, is a bit more serious than a bunch of kids trying to crash a computer. I think the difference in the two situations, is that this lady was trying to avoid getting her account compromised. She has a PayPal, and she's used it twice to order some sort of antique, and when she read the message about an unauthorized transaction, she hit the "Click here to reverse this transaction", because she was afraid she'd get in trouble with her bank. Otherwise, she's never near the computer for anything but solitaire. She's not going to know that PayPal would never have such an option, especially in an email. I wish I could have gotten to her in time to help but I had no ida until after the fact. I probably feel that way because she truly didn't know. This email attachment thing has been going on for what, 15 years now? And the same person probably has done it multiple times (thank the preview pane and POP3 for some of that). If my friend's grandmother had been scammed 3 times for the same thing, then maybe I would start to wonder, but her only crime was trying to do what she thought was right- and that, I simply cannot fault her for.

  8. #8
    Join Date
    Mar 2013
    Posts
    1,328
    Quote Originally Posted by Rowebca View Post
    You're right, but my question for you is this:

    Why people will click and put a username password on a link telling them that they won a million dollar (or they can work from home making 5000$ / week) and all they have to do is to claim those money? (if you know what I mean) Is this related with "We can't fault every single victim because they were human." or is simple human nature basic instinct called "greedy", the desire to get money without working?

    Maybe I am wrong, I just wait for your answer.

    Regards
    I agree.

    The best example of this is the Nigerian scam http://en.wikipedia.org/wiki/Nigeria...Implementation

    I can't feel any sympathy for such greediness.

  9. #9
    I keep getting those stupid, "Your account has been disabled" paypal phishing emails. At first I thought it was legitimate, but I think it's very important to go to the official paypal site, rather than clicking the link to redirect you. Turns out it was a scam and that not clicking the link was a great idea.
    Faust Internet Services - Shared Web Hosting Solutions
    -Relaxed and reliable web hosting services with an emphasis on freedom of expression
    -Small and effective support team with a small-host atmosphere

Similar Threads

  1. Do you get loads of PayPal Phishing?
    By Atlanical-Mike in forum WHT Hosting Geeks
    Replies: 25
    Last Post: 12-05-2013, 05:30 AM
  2. Phishing scam paypal
    By nicklfire in forum Web Hosting Lounge
    Replies: 10
    Last Post: 11-29-2012, 11:53 AM
  3. Paypal Phishing gets good!
    By whmcsguru in forum Web Hosting Lounge
    Replies: 18
    Last Post: 06-04-2010, 07:14 AM
  4. paypal phishing issue
    By zetaf in forum Web Hosting Lounge
    Replies: 4
    Last Post: 02-14-2008, 04:34 AM
  5. FRAUD and Paypal Phishing
    By Slicie_Rick in forum Web Hosting
    Replies: 16
    Last Post: 07-16-2006, 09:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •