Question:
A recent PayPal e-mail fraud scam was recently dismantled tonight ****** BEGINNING OF FRAUDULENT E-MAIL ****** Dear User, We have resonantly updated our servers …
So, were they singing or playing an instrument when they updated their servers? Kathryn
Response:
- Hide quoted text — Show quoted text – [snip] asking that you click here (http://www.paypalupdate.da.ru) and login on our new servers by 07/01/02 to ensure that your account stays active. [/snip] Quite lucky – pehaps they were hoping the Russian da.ru service was less likely to pull the redirect. They should have used the untouchable www.havenco.com offshore hosting. Not as good as the www.paypaI.com scam a couple of years back – sadly not much good now since Microsoft uses the Tahoma font newer browsers (MSIE6 for sure). The first www.paypal.com in this paragraph has a capital i instead of a lower case L – depending on what font you are viewing this with both URLs may look identical. Agent is using MS Sans Serif and they do. The scammer could potentially set up a replica site with login boxes to reecord information from victims and possibly even get an SSL certificate if the issuer is too lax checking credentials – this would make it quite difficult for many people to detect that something is wrong. Certainaly many UK banks could be susceptible to this scam – "barciays.co.uk" "iioydstsb.co.uk" "abbeynationai.co.uk" – I could go on! None of these are registered but that might be tactical more than anything, – if you registered one it’s likely that your door would be busted in early one morning by "The Feds" (or their UK equivalent, obviously) Gareth PS. I just left my prints all over Nominet’s whois lookup.
Well, for all the hoopla over it having been being dealt with, I just received the very same thing in my in-box today, from the same Russian addy and with the same misspellings. Didn’t bother to click on the site so don’t know if it is shut down or not. Where to report it know if Winston’s reported blitz didn’t work is beyond me. alanama — Alana "Success is going from one failure to the next without a loss of enthusiasm." —Winston Churchill
Response:
[snip] asking that you click here (http://www.paypalupdate.da.ru) and login on our new servers by 07/01/02 to ensure that your account stays active.
[/snip] Quite lucky – pehaps they were hoping the Russian da.ru service was less likely to pull the redirect. They should have used the untouchable www.havenco.com offshore hosting. Not as good as the www.paypaI.com scam a couple of years back – sadly not much good now since Microsoft uses the Tahoma font newer browsers (MSIE6 for sure). The first www.paypal.com in this paragraph has a capital i instead of a lower case L – depending on what font you are viewing this with both URLs may look identical. Agent is using MS Sans Serif and they do. The scammer could potentially set up a replica site with login boxes to reecord information from victims and possibly even get an SSL certificate if the issuer is too lax checking credentials – this would make it quite difficult for many people to detect that something is wrong. Certainaly many UK banks could be susceptible to this scam – "barciays.co.uk" "iioydstsb.co.uk" "abbeynationai.co.uk" – I could go on! None of these are registered but that might be tactical more than anything, – if you registered one it’s likely that your door would be busted in early one morning by "The Feds" (or their UK equivalent, obviously) Gareth PS. I just left my prints all over Nominet’s whois lookup.
Response:
Well, for all the hoopla over it having been being dealt with, I just received the very same thing in my in-box today, from the same Russian addy and with the same misspellings. Didn’t bother to click on the site so don’t know if it is shut down or not. Where to report it know if Winston’s reported blitz didn’t work is beyond me. alanama
bounce BTW). I clicked through to the site mess with them, but twas already gon. — Bill Shaw Email is munged with an obviously invalid domain. See http://www.ietf.org/rfc/rfc2606.txt para. 3 if you need help figuring it out. alt.marketing.online.ebay FAQ can be found at http:/www.banneditems.com/amoefaq.html
Response:
A recent PayPal e-mail fraud scam was recently dismantled tonight ****** BEGINNING OF FRAUDULENT E-MAIL ****** Dear User, We have resonantly updated our servers … So, were they singing or playing an instrument when they updated their servers? Kathryn
Sounded like a digeridoo from here. — Frank S
Response:
A recent PayPal e-mail fraud scam was recently dismantled tonight after a number of Internet users tracked down the offending individual and reported him to PayPal and the various Internet hosting companies he was using to perpetrate his scam. It was easy enough to identify as a scam, although newer PayPal users (as well as inexperienced Internet users) *could* have been suckered by the e-mail he sent out. A copy of the e-mail is listed below, including the offending URL. (The URL has since been deactivated following reports made to the hosting site that owns the domain.) Please pass this information along to any family members or friends you have who use PayPal and whom you feel are easy marks for being scammed. If they *have* submitted information to this fake PayPal page, urge them to log into PayPal *immediately* and change their login info. ****** BEGINNING OF FRAUDULENT E-MAIL ****** Dear User, We have resonantly updated our servers to provide you with a faster and more secure connection to your PayPal account. In doing so we had to edit some data. To ensure that you account doesn’t become deleted we are asking that you click here (http://www.paypalupdate.da.ru) and login on our new servers by 07/01/02 to ensure that your account stays active. We are very sorry for the inconvenience, Nancy Literut Server Manager 05/10/02 ****** END OF FRAUDULENT E-MAIL *****
If you like this post and would like to receive updates from this blog, please subscribe our feed.