RavenBlog - Comments 1082339285

Comments on Monday 19 April 2004:

That's the best Paypal-password-theft spam ever!

Dear (proper paypal email address),

We recently reviewed your account, and suspect that your PayPal account may have been accessed by an unauthorized third party. Protecting the security of your account and of the PayPal network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive PayPal account features.
Click below in order to regain access to your account:
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

For more information about how to protect your account, please visit PayPal's Security Center, accessible via the "Security Center" link located at the bottom of each page of the PayPal website.

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire PayPal system. Thank you for your prompt attention to this matter.

Sincerely,
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the header of any page.

PayPal Email ID PP198
PayPal Email ID PP316

Note, the link there is safe to look at (open it in a new window, it'll go all full screen and annoying) to poke at and see what fantastic trickery is afoot, but please close the window immediately afterwards, and really really don't put your Paypal password in there. For the less technical reader, the most pertinent thing to note about the trickery is that the address bar you see is not your address bar. Also, it may be slow since the site is probably busily fooling thousands of people - the spam was only received about thirty minutes ago. [01:48]

James

It's a dead site, now. What exactly was the technical trickery?

RavenBlack

It opened itself in a new window with no address bar or status bar, then put a fake address bar at the top of the page (in a separate frame I think), editable and everything. The lack of status bar would hide the fact that the security padlock was missing, and the address bar showed "https://www.paypal.com/" etc (the proper address, anyway) while the actual page was the password-collector. It also went on, in the "confirm your account" pages, to ask for your mother's maiden name, your bank name, bank account number, sort code, credit card number and pin number. Oh the havoc.

James

I've had a couple of these appear using similar tricks; one claimed to be from Visa Security, and fed the information into a host in Germany. I forwarded all the details to Visa (the real Visa!) and received a nice pro-forma thankyou, then nothing more. The big giveaway, of course, is that it was sent to my Whois contact address ;-)

Personally, I found the username trick more convincing - and with a cheap (or trial) SSL certificate, you can get a padlock icon displayed as well.

yardenxanthe

I just took your What Flavour are You quiz and wanted to let you know that I really like it. Yep.

Gecko

Yeah, I've gottenq quite a few of those lately. One was from the "FDIC" telling me that b/c I have violated the PATRIOT act, I had to immidiatly email them back with all sorts of information about my account.

Add Comment:
Name:		Comment: (max. 2048 characters)
Email:
Show Email:	(if no website)
Website:
No HTML tags allowed. (Antispam) What is 25 + 5?