?

Log in

No account? Create an account

PayPal hoax - John C. Kirk

Jun. 3rd, 2003

10:17 pm - PayPal hoax

Previous Entry Share Next Entry

Hmm, I wasn't intending to post another entry this soon, but I just got a rather worrying email. It appears to be from PayPal, but I think it's a hoax, so be very cautious if you receive something similar.

Key things that made me suspicious:



Once I got suspicious, I checked the source code of the message - although it appears to be from PayPal.com (according to the "from" email address), the form is set up to send its data to quiesy.portland.co.uk. And even if they are a registered subcontractor, a file called "boyz.php" doesn't sound very official to me. And finally, this email was sent to my old Demon address, rather than my new address (which is actually registered with PayPal, so the one that they'll use to contact me) - presumably this means that it's a wide scale thing, rather than anything that's specifically targetted at PayPal users.

Anyway, I've notified PayPal of this, and they should get back to me in a couple of days to confirm/deny.

So, assuming that I'm right, it's good to know that I'm getting less gulllible as time goes by. In this case, I think it helps that we covered social engineering as part of the Cryptography/Information Security course, which I was revising a couple of weeks ago.

Oh, and one last thing - I've included the entire email below (behind the cut tags), so that you can see it for yourselves. This should be obvious, but please don't enter your details and click the "log in" button!



PayPal


Dear PayPal Customer

 


This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.


The inactive customers are subject to restriction and removal in the next
3 months.


Please confirm your email address and and Credit Card info
number by logging in to your PayPal account
using the form below:





 



Email Address:
Password:
Full Name #: 
Credit Card #: 
Exp.Date(mm/yyyy) #: 
ATM PIN (For Bank Verification) #: 








This notification expires May 31, 2003


Thanks for using PayPal!

Comments:

[User Picture]
From:rjw1
Date:June 3rd, 2003 02:45 pm (UTC)
(Link)
certainly a hoax
(Reply) (Thread)
[User Picture]
From:shuripentu
Date:June 3rd, 2003 03:00 pm (UTC)
(Link)
Ty for telling us :) *huggles*
(Reply) (Thread)
[User Picture]
From:overconvergent
Date:June 3rd, 2003 03:08 pm (UTC)
(Link)
And even if they are a registered subcontractor, a file called "boyz.php" doesn't sound very official to me.

Maybe there should be a list of 10 things that show you that something isn't official:

...

2. Use of warez language.

...
(Reply) (Thread)
[User Picture]
From:johnckirk
Date:June 3rd, 2003 03:22 pm (UTC)
(Link)
Quick follow-up - I've now received another copy of this message. The new one is identical to the old one, except that it was received from a different server (possibly open mail relays?), and it links to a form on a different server. I don't know if this is going to be like the Nigerian 419 scam, where I get multiple versions of it every day... But I'm planning to shut my Demon account down shortly anyway, so that will help.
(Reply) (Thread)
[User Picture]
From:dwagon
Date:June 4th, 2003 12:39 am (UTC)
(Link)
definately a hoax - got the same one myself, but the fact that i dont have a paypal account was the tipping off factor to me *grin*
i rally wonder if anyone would actually give them their pin number though...i mean thats just being extra sneaky on the hoaxers part...
(Reply) (Thread)
[User Picture]
From:rileen
Date:June 4th, 2003 11:22 am (UTC)
(Link)
I hope Paypal themselves do s'thing to stop this if possible ...... good to know your gullibility's decreasing, though i reckon this is kind of 'online gullibility', ie easier to spot for you than a person trying to con you :-) ..........
(Reply) (Thread)