Options
Paypal Phishing scam
So, my wife received a suspicious e-mail from "email@paypal.com", saying that she had "donated" $90 to some guy. Naturally, she thought "wtf?", and called me over to check it out. Upon looking at the e-mail, there was a link that most people would click.."If you want to dispute or cancel this transaction, click here". If you click the link, you're taken to a long @$$ url on some sketchy site that is a total mirror of the real paypal site. You log in to check your account out..sends your stuff to the bad guys. The next page is even better..asks for SSN, drivers license number, home address, birth dates, personal questions..to verify your identity.
I reported it to Paypal, then decided to take a more active approach and prevent people from getting ripped off, and having their identities stolen. I did a lookup on the IP, got the registrar, called the NOC of the host, and 20 minutes later, site was offline. Feels great to help but...this thing was really convincing. I would expect 80-90% of users would fall for it..scary..
Anyone else receive anything similar?
I reported it to Paypal, then decided to take a more active approach and prevent people from getting ripped off, and having their identities stolen. I did a lookup on the IP, got the registrar, called the NOC of the host, and 20 minutes later, site was offline. Feels great to help but...this thing was really convincing. I would expect 80-90% of users would fall for it..scary..
Anyone else receive anything similar?
Comments
-
Options
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Yep. That's a great way to go about it (both them
and you 
).
We do similar stuff with our social engineering engagements. Our email scams aren't quite that devious (yet), but I'm hoping those will get a little more fleshed out in the near future.
I'd have just asked for the email address and password then thrown up an error page telling the user to try later. Asking for all that stuff would probably tip people off since they haven't had to do that before (although I'm sure some will get caught in it). -
Options
TheShadow
Member Posts: 1,057 ■■■■■■□□□□
which is why as standard procedure you should never click any bank direct links in any email!! It only takes a second to use your standard link. I don't even use the links in a purchase email from a ebay seller since an ebay logon has a link for me already.Who knows what evil lurks in the heart of technology?... The Shadow DO -
OptionsMrock4
Banned Posts: 2,359 ■■■■■■■■□□
which is why as standard procedure you should never click any bank direct links in any email!! It only takes a second to use your standard link. I don't even use the links in a purchase email from a ebay seller since an ebay logon has a link for me already.
You're completely right. Out of habit, when I read the e-mail, I opened up a new browser window and went to paypal. She did good..she never clicked the link
That being said, a lot of users as you know, don't know any better. I would be curious to know how many actually look at the link in their browser to see if they're actually at the legit site.
dynamik- my initial reaction was the same...why ask for all that stuff? But, it looks pretty legit..even went through the "logging on now.." progress bar thing that paypal has when you log in. I wouldn't have second guessed it if it hadn't been for the SSN, drivers license nonsense. It definitely was aimed at stealing identities, not just passwords. Pretty devious. -
Options
coffeeking
Member Posts: 305 ■■■■□□□□□□
So, my wife received a suspicious e-mail from "email@paypal.com", saying that she had "donated" $90 to some guy. Naturally, she thought "wtf?", and called me over to check it out. Upon looking at the e-mail, there was a link that most people would click.."If you want to dispute or cancel this transaction, click here". If you click the link, you're taken to a long @$$ url on some sketchy site that is a total mirror of the real paypal site. You log in to check your account out..sends your stuff to the bad guys. The next page is even better..asks for SSN, drivers license number, home address, birth dates, personal questions..to verify your identity.
I reported it to Paypal, then decided to take a more active approach and prevent people from getting ripped off, and having their identities stolen. I did a lookup on the IP, got the registrar, called the NOC of the host, and 20 minutes later, site was offline. Feels great to help but...this thing was really convincing. I would expect 80-90% of users would fall for it..scary..
Anyone else receive anything similar?
Being a Bank, we deal with this on regular basis, and sadly a lot of people still fall for it. We do send out and publish security related warnings on our pages, but they don't call it Phishing for no reason, someone somewhere falls for the bait.
Personally, I think you did an excellent job by reporting this site that ended up being down so quick, they some times stay up and running for days.
Worse part is that there is no stop to such think, as long as there is online banking, and there are online banking users, this thing is going to keep happening; in one shape or another.
Some company recently conducted a survey where they introduced phishing sites of the companies to the respective companies regular online users, and sadly a lot of them fell for it; pretty sad han! -
Options
Forsaken_GA
Member Posts: 4,024
Being a provider, we also deal with this on a regular basis. Our abuse department opens tickets for the support department for paypal/bank phising sites several times a week. It's a pain in the ass, but we're educating our customers to make sure they're not running exploitable code on a case by case basis.