Internet : Things related to the internet

Updated: 1/26/04; 9:06:20 PM.

 

Looking for a Story? Check:
 
 


 
Work:
 

Archives:
 
 
 
 
 
 
 
 
 
 
 
 

Great Sites:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


Subscribe to "Internet" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

Comments by: YACCS

« chicago blogs »

 

 

Monday, January 26, 2004



PayPal Spoofing

<Jacob Palme <jpalme@dsv.su.se>>
Sat, 10 Jan 2004 13:58:53 +0100


I received a message which is abbreviated below [and even more by PGN]:

> Received: from unknown (HELO reva) (81.196.161.141)
>    by 0 with SMTP; 6 Jan 2004 01:55:14 -0000
> Reply-To: "service@paypal.com" <spooff@paypal.com>
> From: "service@paypal.com" <service@paypal.com>
> To: <jpalme@dsv.su.se>
> Subject: Account issue
> Date: Tue, 6 Jan 2004 03:51:33 +0200
>
> Due to concerns, for the safety and integrity of the PayPal community we have issued this warning message.
>
> It has come to our attention that your account information needs to be renew due to inactive members and non-functioning >mailboxes.  If you could please take 5-10 minutes out of your online experience and renew your records you will not run into
> any future problems with the online service.
>
> However, failure to update your records will result in account deletation [sic].  This notification expires on January 10, 2004.
>
> Once you have updated your account records your PayPal will not be interrupted and will continue as normal.
>
> Please follow the link below and renew your account information.
>   http://https-ebay.com   PayPal Service Department

When I clicked on the link, I got to a form which requested a number of personal data, including my credit card number, its security code and its PIN code! I have put up a copy of the form they asked me to fill in at
  http://dsv.su.se/jpalme/temp/domain-name-spam-2c.pdf

I got suspicious for several reasons:

(a) No company has ever before asked me for my credit card PIN code.

(b) This information was requested by http, not https. But with a domain name, http://https-ebay.com which might make some people believe it was actually using https.

(c) Looking up in whois indicates that the owner of the domain name https-ebay.com is a private person, not a company.

To be on the safe side, I immediately blocked my credit card, since I had entered some information before I understood this was a spoof. I also wrote to PayPal, who confirmed that the mail was not from them!

I have learnt to be more careful and suspicious in the future!

Jacob Palme <jpalme@dsv.su.se> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/

  [This is increasingly becoming a problem!  We desperately need some greater authentication and accountability.  PGN]

[Via Risks Digest

 



categories: Internet
Other Stories according to Google: scams, spoofing , phishing, ebay, paypal , update credit card | New site spoofs PayPal to get billing information | PCWorld.com - PayPal Users Warned of Spoof Site | PCWorld.com at Yahoo - PayPal Users Warned of Spoof Site | Symantec Enterprise Solutions | New site spoofs PayPal to get billing information - Computerworld | New site spoofs PayPal to get billing information - Computerworld | New site spoofs PayPal to get billing information - Computerworld | InfoWorld: New site spoofs PayPal to get billing information: July | New site spoofs PayPal to get billing information


8:16:44 PM    


© Copyright 2004 Earl Bockenfeld.



Click here to visit the Radio UserLand website.

 



January 2004
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Dec   Feb

Story Categories:

Blogging

Body

Digital Media

Heart

Humor

Internet

Microsoft

Mind

Miscelleous

Politics

Outrages

Security

Software

Soul

Userland

Top 10 hits for spyware adware on..
Google
1.Spychecker - download anti- spyware and privacy related freeware ...
2.PC Hell: Spyware and Adware Removal Help
3.Adware , Spyware and Advertising Trojans - Info & Removal ...
4.Ad-aware - Software - Lavasoft
5.BulletProofSoft Home Page - MP3 to WAV converter, MP3 converter ...
6.Spyware Watch (UK) - spyware , adware , stealware - stay aware!
7.Tweak3D.Net - Your Freakin' Tweakin' Source!
8.spyware - Webopedia.com
9.spyware - Webopedia.com
10.SimplytheBest Spyware

Help link 1/26/04; 8:17:24 PM.