Monday, January 26, 2004 PayPal Spoofing <Jacob Palme <jpalme@dsv.su.se>> Sat, 10 Jan 2004 13:58:53 +0100 I received a message which is abbreviated below [and even more by PGN]: > Received: from unknown (HELO reva) (81.196.161.141) >    by 0 with SMTP; 6 Jan 2004 01:55:14 -0000 > Reply-To: "service@paypal.com" <spooff@paypal.com> > From: "service@paypal.com" <service@paypal.com> > To: <jpalme@dsv.su.se> > Subject: Account issue > Date: Tue, 6 Jan 2004 03:51:33 +0200 > > Due to concerns, for the safety and integrity of the PayPal community we have issued this warning message. > > It has come to our attention that your account information needs to be renew due to inactive members and non-functioning >mailboxes.  If you could please take 5-10 minutes out of your online experience and renew your records you will not run into > any future problems with the online service. > > However, failure to update your records will result in account deletation [sic].  This notification expires on January 10, 2004. > > Once you have updated your account records your PayPal will not be interrupted and will continue as normal. > > Please follow the link below and renew your account information. >   http://https-ebay.com   PayPal Service Department When I clicked on the link, I got to a form which requested a number of personal data, including my credit card number, its security code and its PIN code! I have put up a copy of the form they asked me to fill in at   http://dsv.su.se/jpalme/temp/domain-name-spam-2c.pdf I got suspicious for several reasons: (a) No company has ever before asked me for my credit card PIN code. (b) This information was requested by http, not https. But with a domain name, http://https-ebay.com which might make some people believe it was actually using https. (c) Looking up in whois indicates that the owner of the domain name https-ebay.com is a private person, not a company. To be on the safe side, I immediately blocked my credit card, since I had entered some information before I understood this was a spoof. I also wrote to PayPal, who confirmed that the mail was not from them! I have learnt to be more careful and suspicious in the future! Jacob Palme <jpalme@dsv.su.se> (Stockholm University and KTH) for more info see URL: http://www.dsv.su.se/jpalme/   [This is increasingly becoming a problem!  We desperately need some greater authentication and accountability.  PGN] [Via Risks Digest]    categories: Internet Other Stories according to Google: scams, spoofing , phishing, ebay, paypal , update credit card | New site spoofs PayPal to get billing information | PCWorld.com - PayPal Users Warned of Spoof Site | PCWorld.com at Yahoo - PayPal Users Warned of Spoof Site | Symantec Enterprise Solutions | New site spoofs PayPal to get billing information - Computerworld | New site spoofs PayPal to get billing information - Computerworld | New site spoofs PayPal to get billing information - Computerworld | InfoWorld: New site spoofs PayPal to get billing information: July | New site spoofs PayPal to get billing information 8:16:44 PM     © Copyright 2004 Earl Bockenfeld.

January 2004 Sun Mon Tue Wed Thu Fri Sat         1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Dec   Feb Story Categories: Blogging Body Digital Media Heart Humor Internet Microsoft Mind Miscelleous Politics Outrages Security Software Soul Userland Top 10 hits for spyware adware on.. 1. Spychecker - download anti- spyware and privacy related freeware ... 2. PC Hell: Spyware and Adware Removal Help 3. Adware , Spyware and Advertising Trojans - Info & Removal ... 4. Ad-aware - Software - Lavasoft 5. BulletProofSoft Home Page - MP3 to WAV converter, MP3 converter ... 6. Spyware Watch (UK) - spyware , adware , stealware - stay aware! 7. Tweak3D.Net - Your Freakin' Tweakin' Source! 8. spyware - Webopedia.com 9. spyware - Webopedia.com 10. SimplytheBest Spyware  1/26/04; 8:17:24 PM.