Comments on: Anatomy of a Paypal Phishing Scam http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/ Parand Tony Darugar: A Cruel and Petty Dictator Thu, 10 May 2012 16:52:02 -0700 http://wordpress.org/?v=2.8.4 hourly 1 By: N.E.Y.O http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-284237 N.E.Y.O Thu, 17 Jun 2010 17:07:57 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-284237 Hi, Please can someone tell me how to get a scam page receipt that i can edit for ioffer for willing to pay...... Hi,
Please can someone tell me how to get a scam page receipt that i can edit for ioffer for willing to pay……

]]> By: Jason Bourn http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-211015 Jason Bourn Sun, 04 Jan 2009 13:40:43 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-211015 Bottom line is simple. If you ever receive such a notice, close the email (You really shouldn't have opened it in the first place.) and manually type in and visit the service requesting the information. If the information is true you would be prompted once logged in, if false you would not see any such notifications. Furthermore official links are always displayed as they are. Examples: Hover your mouse over the link to see the differences, this is always a good practice. (HTML Will most likely be disabled. in which case this example wont work so well, but you can still note the changes.) Official Link; <a href="http://www.paypal.com/us/cgi-bin/webscr?cmd=_login" rel="nofollow">http://www.paypal.com/us/cgi-bin/webscr?cmd=_login</a> Fake Link; <a href="http://www.fakesitethatwantsyourmoney.com/blah/blah/blah.php" rel="nofollow">http://www.paypal.com/us/cgi-bin/webscr?cmd=_login</a> Bottom line is simple.
If you ever receive such a notice, close the email (You really shouldn’t have opened it in the first place.) and manually type in and visit the service requesting the information. If the information is true you would be prompted once logged in, if false you would not see any such notifications.

Furthermore official links are always displayed as they are.

Examples:
Hover your mouse over the link to see the differences, this is always a good practice. (HTML Will most likely be disabled. in which case this example wont work so well, but you can still note the changes.)

Official Link;
http://www.paypal.com/us/cgi-bin/webscr?cmd=_login

Fake Link;
http://www.paypal.com/us/cgi-bin/webscr?cmd=_login

]]> By: ¿Porqué mi dominio IDN se ve tan raro en Firefox? | Sociedad de la Información http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-136269 ¿Porqué mi dominio IDN se ve tan raro en Firefox? | Sociedad de la Información Wed, 30 Apr 2008 18:31:26 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-136269 [...] Standard Deviations. Parand Tony Darugar’s Babblings. Anatomy of a Paypal Phishing Scamhttp://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/ [...] [...] Standard Deviations. Parand Tony Darugar’s Babblings. Anatomy of a Paypal Phishing Scamhttp://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/ [...]

]]> By: The China Tattler http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-84636 The China Tattler Fri, 14 Sep 2007 06:12:46 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-84636 Why would anyone trust Paypal? A phishing scam can be uncovered here, but the good folks at Paypal don't seem to actively do anything to find them and stop them. A guy sitting at home using his laptop can uncover all this information, but the corporate folks at Paypal do nothing. Shame. Why would anyone trust Paypal?

A phishing scam can be uncovered here, but the good folks at Paypal don’t seem to actively do anything to find them and stop them.

A guy sitting at home using his laptop can uncover all this information, but the corporate folks at Paypal do nothing.

Shame.

]]> By: artcoder http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-40744 artcoder Tue, 27 Feb 2007 00:47:07 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-40744 Nice article. I also wanted to point out that a clear tipoff that this is a fraudelent email is that it addressed you as "Dear valued PayPal member". The real PayPal will address you by your name or by your business. And if someone did accidentally type in their correct login and password into the phishing site, that means that the fraudster had gotten your login. If that ever happens to anyone, go to the real PayPal site and change your password immediately. Nice article. I also wanted to point out that a clear tipoff that this is a fraudelent email is that it addressed you as “Dear valued PayPal member”. The real PayPal will address you by your name or by your business.

And if someone did accidentally type in their correct login and password into the phishing site, that means that the fraudster had gotten your login. If that ever happens to anyone, go to the real PayPal site and change your password immediately.

]]> By: Parand Darugar http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-25595 Parand Darugar Sat, 02 Dec 2006 23:05:39 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-25595 That's interesting that they didn't do SSL. Makes sense actually - the average person wouldn't even notice if they were on an ssl site or not, and having an SSL certificate complicates things. Might as well skip it so you don't get the IE/Firefox SSL warning. That’s interesting that they didn’t do SSL. Makes sense actually – the average person wouldn’t even notice if they were on an ssl site or not, and having an SSL certificate complicates things. Might as well skip it so you don’t get the IE/Firefox SSL warning.

]]> By: Pooya http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-25580 Pooya Sat, 02 Dec 2006 20:54:59 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-25580 Got a good one today, faking as BofA. Subject: Bank of America Member (Your Account Suspension Notice ) which could be plausible given my habits :) Had the BofA logo and even showed the link as ....sitekey... that BofA now uses (http://sitekey.verfing.accountinformation.secuirtydepartment.bankofamerica.com ) though it actually goes to http://gameton.com/images/bankofamerica.com/bankofamerica.com/cig-bin/signondo/Online/cigi-bin/ssologincontroller/SignIn/ Given the URL structure, I assume they have this for every bank and just send out random ones. The site, if you go it is done very well, basically captured the old login from BofA site and put their own piece in the middle. All the other links of the page go to the actual BofA site. You can enter anything into the username/password and it lets you in and then asks for lots and lots of info. This piece they screwed up on, because there's things your bank would never ask you for. Tried this in IE7 and its anti-phishing is of no help, though this particular pisher didn't even bother to get the SSL certificate, its just plain HTTP. Anyway, overall they're getting much better and this is going to be a real problem for people. Got a good one today, faking as BofA. Subject: Bank of America Member (Your Account Suspension Notice ) which could be plausible given my habits :) Had the BofA logo and even showed the link as ….sitekey… that BofA now uses (http://sitekey.verfing.accountinformation.secuirtydepartment.bankofamerica.com ) though it actually goes to http://gameton.com/images/bankofamerica.com/bankofamerica.com/cig-bin/signondo/Online/cigi-bin/ssologincontroller/SignIn/

Given the URL structure, I assume they have this for every bank and just send out random ones. The site, if you go it is done very well, basically captured the old login from BofA site and put their own piece in the middle. All the other links of the page go to the actual BofA site. You can enter anything into the username/password and it lets you in and then asks for lots and lots of info. This piece they screwed up on, because there’s things your bank would never ask you for.

Tried this in IE7 and its anti-phishing is of no help, though this particular pisher didn’t even bother to get the SSL certificate, its just plain HTTP. Anyway, overall they’re getting much better and this is going to be a real problem for people.

]]> By: Hannah http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-15433 Hannah Mon, 25 Sep 2006 15:54:06 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-15433 You say here that the site has been shut down, but I just got a similar phishing email yesterday from a paypal phisher, with a full functioning website. I did not enter my information but contacted paypal instead through their official website. Maybe they have successfully built another site, because it is up and running today! Beware... You say here that the site has been shut down, but I just got a similar phishing email yesterday from a paypal phisher, with a full functioning website. I did not enter my information but contacted paypal instead through their official website. Maybe they have successfully built another site, because it is up and running today! Beware…

]]> By: streaky http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-11741 streaky Sun, 06 Aug 2006 19:10:08 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-11741 IE7's phishing capabilities are built on a database of sites, doesn't matter if it's good or not it'll let you know.. I like to use http://www.opendns.com/ as my DNS servers which have such a capability built in anyway - which works even better and faster :) All users need to be educated in the simple facts - most banks and paypal will tell you quite simply that they will never, ever, ask you for such details, if you're dumb enough to believe such a mail it really is your own fault. Course, the best thing to do with these things would be for the community at large to get together and fill these people's databases with invalid data rendering them completely useless - nobody is gonna trawl through 20,000 records looking for a few that may be correct :) IE7’s phishing capabilities are built on a database of sites, doesn’t matter if it’s good or not it’ll let you know.. I like to use http://www.opendns.com/ as my DNS servers which have such a capability built in anyway – which works even better and faster :)

All users need to be educated in the simple facts – most banks and paypal will tell you quite simply that they will never, ever, ask you for such details, if you’re dumb enough to believe such a mail it really is your own fault.

Course, the best thing to do with these things would be for the community at large to get together and fill these people’s databases with invalid data rendering them completely useless – nobody is gonna trawl through 20,000 records looking for a few that may be correct :)

]]> By: Pooya http://parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/comment-page-1/#comment-10037 Pooya Sat, 15 Jul 2006 21:59:39 +0000 http://www.parand.com/say/index.php/2006/07/06/anatomy-of-a-paypal-phishing-scam/#comment-10037 Neat investigation. It would be interesting to try the anti-phishing capabilities of IE7 to see how it does with something that's well done like this one. Post the next one you get and we can try it. Neat investigation. It would be interesting to try the anti-phishing capabilities of IE7 to see how it does with something that’s well done like this one. Post the next one you get and we can try it.

]]>