Skip to comments.
Paypal scam is almost believable, but not quite
email
Posted on 02/18/2004 8:19:48 PM PST by logician2u
To: "logician2u" <logician2u@myisp.com>
From: service
Subject: Confirm Your Information!
|
TOPICS: Business/Economy; Crime/Corruption; Miscellaneous
KEYWORDS: fraud; identitytheft; illiteracy; paypal; phishing; scams; spoofs; stylesheets
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-71 next last
The scammers are getting clever these days.
Not only does this email phishing trip contain valid PayPal links and phone numbers, but the formatting is nearly identical to what you may on occasion receive from PayPal.
[NOTE: Because FreeRepublic software precludes adding style sheets with a post, the above does not have all the niceties such as fonts, spacing and PayPal's little dots to separate blocks of text. They're there in the original, though; if you really want to see what the email version looks like, copy and save the style sheet along with the HTML for this post. Then make a regular HTML file with header, body, etc., including the style sheet. Just don't use it like these scammer are doing, please. I don't wish to be a party to fraud.]
PayPal users are well advised to follow their suggestions to avoid getting scammed.
Here are three obvious hints that the message is a fraud:
- The message subject is from "service." Service who? It doesn't say.
- The salutation is "Dear Customer:" PayPal knows your name if you're enrolled; don't you think they'd use it if they are asking you for personal information?
- RED FLAG -- "PayPal always keeps in touch with it's customers."
Successful business enterprises don't confuse contractions with possessive pronouns.
Well, maybe the boss slips up once in a while, but copywriters don't very often.
And a proofreader always checks email sent out to millions of customers, knowing at least one of them will be an English teacher.
Anybody else spot something that would identify this spoof email message as not being from who they say it is?
To: logician2u; Admin Moderator
Caution: have the links in the posted message been sanitized or do they lead to the phish site? If the latter, I strongly suggest an edit so we do not perpetuate the scam.
2
posted on
02/18/2004 8:24:48 PM PST
by
NonValueAdded
("America will never seek a permission slip to defend the security of our people." GWB 1/20/04)
To: logician2u
Yes, there's usually a tip-off in the grammer if you look carefully. Notice the 'link' to follow is an IP address, not fully qualified domain name.
To: logician2u
Never used it, nor will I. Knock on wood. If I can't put my credit card number out there to be stolen, I ain't happy. :)
4
posted on
02/18/2004 8:26:15 PM PST
by
writer33
(The U.S. Constitution defines a Conservative)
To: logician2u
When you follow the link it says to follow, it opens in the window with an IP addy as its URL
No paypal.com/whatever
ALWAYS look in the URL window to see if you are where you think you are.
When you sign up for a PayPal acct, they already get your personal info there. Therefore, why would you need to re-submit it??
My bank issued a worning last week about these email phishers
They included a copy of the suspicious email, and it really looks authentic.
These guys are getting pretty clever.
5
posted on
02/18/2004 8:26:20 PM PST
by
PurVirgo
(Here's a tip - Never weedeat the dog pen with your mouth open)
To: logician2u
The gigantic red flag is the ip addresses in the links. It would be going to a paypal domain if this was for real. Of course anything asking for personal information like this is almost always a red flag for a scam.
6
posted on
02/18/2004 8:27:51 PM PST
by
Odyssey-x
To: Odyssey-x
http://210.78.22.113/
Is the IP and URL
Any chance we can be a do-gooder? Who would we send this info to to report it?
7
posted on
02/18/2004 8:29:44 PM PST
by
PurVirgo
(Here's a tip - Never weedeat the dog pen with your mouth open)
To: logician2u
I got one of these and now way did I fall for it.
8
posted on
02/18/2004 8:30:09 PM PST
by
dalebert
To: PurVirgo
inetnum: 210.78.22.64 - 210.78.22.128
netname: SHJITONG-CN
descr: JiTong Shanghai Communications Co.,Ltd
country: CN
admin-c: ZQ15-AP
tech-c: ZQ15-AP
mnt-by: MAINT-CHINAGBN-AP
changed:
kevin@gb.com.cn 19990826
status: ASSIGNED NON-PORTABLE
source: APNIC
changed:
hm-changed@apnic.net 20020827
person: Zhongbao Qian
address: Room 1001,Lekai Builing,Shangcheng Road,
address: Pudong Xin district,Shanghai
country: CN
phone: +86-021-58313170
fax-no: +86-021-58312630
nic-hdl: ZQ15-AP
mnt-by: MAINT-CHINAGBN-AP
changed:
kevin@gb.com.cn 19990826
source: APNIC
9
posted on
02/18/2004 8:33:35 PM PST
by
Prime Choice
(I'm pro-choice. I just think the "choice" should be made *before* having sex.)
To: logician2u
It's our "friends" in China pulling another scam.
What's really sad is that even if 1% of the recipients of this scam fall for it, the perps still stand to make a killing.
: (
10
posted on
02/18/2004 8:35:02 PM PST
by
Prime Choice
(I'm pro-choice. I just think the "choice" should be made *before* having sex.)
To: logician2u
status = "Getting WHOIS results...";
Country: CHINA
ARIN says that this IP belongs to APNIC; I'm looking it up there.
status = "Looking up at APNIC...";
Using cached answer (or, you can get fresh results).
% [whois.apnic.net node-1]
% Whois data copyright terms
http://www.apnic.net/db/dbcopyright.html inetnum: 210.78.22.64 - 210.78.22.128
netname: SHJITONG-CN
descr: JiTong Shanghai Communications Co.,Ltd
country: CN
admin-c: ZQ15-AP
tech-c: ZQ15-AP
mnt-by: MAINT-CHINAGBN-AP
changed:
kevin@gb.com.cn 19990826
status: ASSIGNED NON-PORTABLE
source: APNIC
changed:
hm-changed@apnic.net 20020827
person: Zhongbao Qian
address: Room 1001,Lekai Builing,Shangcheng Road,
address: Pudong Xin district,Shanghai
country: CN
phone: +86-021-58313170
fax-no: +86-021-58312630
nic-hdl: ZQ15-AP
mnt-by: MAINT-CHINAGBN-AP
changed:
kevin@gb.com.cn 19990826
source: APNIC
11
posted on
02/18/2004 8:35:15 PM PST
by
Theo
To: Prime Choice
12
posted on
02/18/2004 8:36:05 PM PST
by
Theo
To: logician2u
I've gotten two of these in the past week. Luckily, I was suspicious and logged onto PayPal to see if they had any info about fake emails. They did, and I forwarded both emails to the address they indicated. They replied, saying that both emails were fakes.
What I'd like to know is how the scammers got my PayPal email address. I must have 15 different email addresses (which I use for different things), and the only one to receive these emails is my PayPal email address.
To: Prime Choice
The Chinese are the biggest scammers on Ebay, and Ebay does little or nothing about it.
To: NonValueAdded
Send it to Paypal spoof.
15
posted on
02/18/2004 8:39:06 PM PST
by
Big Horn
(A waist is a terrible thing to mind.)
To: NonValueAdded
I strongly suggest an edit so we do not perpetuate the scam. Thanks for your suggestion.
I hesitated to post the link as it came to me, but was not sure whose URL to enter. The real PayPal? That might give people on this forum the idea it was legitimate when it's obviously not.
The email message I got came in about five hours ago.
We'll see how quickly the spoofers' site disappears. I have great confidence it will. eBay/PayPal doesn't waste any time threatening ISPs hosting scammers.
To: Theo
LOL - That's why I love FR
I can always count on somebody beating me to the punch
17
posted on
02/18/2004 8:41:10 PM PST
by
PurVirgo
(Here's a tip - Never weedeat the dog pen with your mouth open)
To: PurVirgo
18
posted on
02/18/2004 8:41:55 PM PST
by
NonValueAdded
("America will never seek a permission slip to defend the security of our people." GWB 1/20/04)
To: logician2u
one more tip off is that pay pal will always identify you by name, and not by dear customer, or dear (insert your email addy). I got a similar spoof, but it was a notification (From the PayPal Team) that some of my Paypal services had been disabled. Then the letter purported to say that during maintainance of the site, it was believed there had been a 3rd party breach of the account. If I followed the link, which very closely resembled the PayPal url, that some of the features of paypal were deactivated and I would have to follow the link to reactivate the features. It almost fooled me to the point that I clicked on the link...... but noticed I was being re-directed to another web site.
I closed it, and after doing some investigation, forwarded the email to pay pal. Hope they catch the crooks.
To: Theo
Darn you. You got the info while I was still searching for it. :-) Guilty as charged, SIR! : )
Isn't http://www.dnsstuff.com great?
Dunno. I'm a Unix command-line geek. I manually dug up the APNIC record.
20
posted on
02/18/2004 8:45:31 PM PST
by
Prime Choice
(I'm pro-choice. I just think the "choice" should be made *before* having sex.)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-71 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson