another paypal scam..beware..

asif786

macrumors 65816
Original poster
Jun 17, 2004
1,027
0
London, UK.
hey guys,

so i was just checking my my mail today, and i got this email from paypal. this is honestly the best spoof email i've ever seen..

Dear Paypal User,
In accordance with our major database relocation, we are currently having major adjustments and updates of user accounts to verify that the informations you have provided with us during the sign-up process are true and correct. However, we have noticed some discrepancies regarding your account at Paypal. Possible causes are inaccurate contact information and invalid logout process.
We require you to complete an account verification procedure as part of our security measure.
You must click the link below to complete the process.
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Unable to do so may result to abnormal account behavior during transactions.

Thank you for using PayPal!
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.
PayPal Email ID PP096
so i clicked it, and went to the website. i could tell it was iffy because it went to the IP address as opposed to the PayPal site. anyway, everything on the page is paypal like. All that's different is the address that the form posts to..which means they get your details.

Anyway, I thought I'd post a screen cap of the email so you know if you get it. notice how the link in the email shows one place, but when you look in the status bar, it's taking you somewhere else.

just fyi..(i know there's been threads about these before, but i've not seen this one before..)
asif
 

Attachments

ham_man

macrumors 68020
Jan 21, 2005
2,265
0
After recieving my fair share of Paypal emails, I have learned that they never, ever refer to you as anything but your registered name. I have also learned that they have about 3 paragraphs of discaimers at the bottom and multiple images imbedded in the email...
 

grapes911

Moderator emeritus
Jul 28, 2003
6,994
3
Citizens Bank Park
Right after I sold a Power Mac and used PayPal, I received an email very similar to this. I wasn't sure what to do so I emailed PayPal and they told they did not send out the email. I couldn't believe that I was almost fooled.
 

Mitthrawnuruodo

Moderator emeritus
Mar 10, 2004
13,816
185
Bergen, Norway
Haven't seen any PayPal schemes, but just received the attached one, claiming to be from ebay.

Two problems though, I don't have an ebay account and the mail is sent from Uruguay... :rolleyes:
Code:
$ whois 201.239.92.143

OrgName:    Latin American and Caribbean IP address Regional Registry
OrgID:      LACNIC
Address:    Potosi 1517
City:       Montevideo
StateProv:
PostalCode: 11500
Country:    UY

ReferralServer: whois://whois.lacnic.net

NetRange:   201.0.0.0 - 201.255.255.255
CIDR:       201.0.0.0/8
NetName:    LACNIC-201
NetHandle:  NET-201-0-0-0-1
Parent:
NetType:    Allocated to LACNIC
NameServer: NS.LACNIC.NET
NameServer: NS2.DNS.BR
NameServer: TINNIE.ARIN.NET
NameServer: NS-SEC.RIPE.NET
NameServer: SEC3.APNIC.NET
Comment:    This IP address range is under LACNIC responsibility
Comment:    for further allocations to users in LACNIC region.
Comment:    Please see http://www.lacnic.net/ for further details,
Comment:    or check the WHOIS server located at whois.lacnic.net
RegDate:    2003-04-03
Updated:    2004-03-18

OrgTechHandle: LACNIC-ARIN
OrgTechName:   LACNIC Whois Info
OrgTechPhone:  (+55) 11 5509-3522
OrgTechEmail:  whois-contact@lacnic.net

# ARIN WHOIS database, last updated 2005-08-07 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

% Copyright LACNIC lacnic.net
%  The data below is provided for information purposes
%  and to assist persons in obtaining information about or
%  related to AS and IP numbers registrations
%  By submitting a whois query, you agree to use this data
%  only for lawful purposes.
%  2005-08-08 16:21:45 (BRT -03:00)

inetnum:     201.239.0/17
status:      allocated
owner:       VTR BANDA ANCHA S.A.
ownerid:     CL-VPNS-LACNIC
responsible: Italo Sambuceti
address:     Reyes Lavalle, 3340, 4th floor
address:     6760335 - Santiago -
country:     CL
phone:       +56 02 3101502 []
owner-c:     ISO
tech-c:      ISO
created:     20050311
changed:     20050311

nic-hdl:     ISO
person:      Italo Sambuceti Oyarz?n
e-mail:      isambuce@VTR.CL
address:     Reyes Lavalle, 3340, 4 th floor
address:     676-0335 - Santiago -
country:     CL
phone:       +56 02 3101609 []
created:     20020906
changed:     20021122

% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.

$
 

Attachments

asif786

macrumors 65816
Original poster
Jun 17, 2004
1,027
0
London, UK.
Cooknn said:
You didn't log in did you?!
no, thank god! if it wasn't for the IP address sticking out like a sore thumb, i would've logged in though..seriously. i need to be more conscious of these scams now i think..

it's sad that things like this happen...i wonder how these kinds of people sleep at night after conning innocent people out of their money..it's so shameful..
 

Mitthrawnuruodo

Moderator emeritus
Mar 10, 2004
13,816
185
Bergen, Norway
CanadaRAM said:
That would be UruguayBay, then, would it?
uBay? :D

mkrishnan said:
Dear Sir,

I notice two major problems with your request.

1) I am not your Pal.
2) I will not Pay you.

Thank you for your understanding.
Somehow, I suspect that the senders address is spoofed and that the South American (Chilean?) ISP who owns the IP address couldn't care less about a complaint from Norway.

I think the e-mail is better for a laugh and a small training session for the Junk filter in Mail... ;)
 

FoxyKaye

macrumors 68000
asif786 said:
no, thank god! if it wasn't for the IP address sticking out like a sore thumb, i would've logged in though..seriously. i need to be more conscious of these scams now i think..

it's sad that things like this happen...i wonder how these kinds of people sleep at night after conning innocent people out of their money..it's so shameful..
I agree - I have two layers of spam filtering on my email addresses (ISP/GMail and Eudora), so not a lot of stuff ever makes it to my legitimate "In" box. But, once and a great while something like this will make it through, and it really looks convincing. Especially if you're just waking up in the morning and checking email, or it's late at night and you're wrapping up correspondence. I've clicked 'em too, and thankfully Safari and FireFox have warnings for potentially misleading URLs. You're just not thinking about what a URL looks like when you're tired...
 

drison

macrumors regular
Apr 30, 2005
168
0
Chicago
I get this garbage all the time. I have a simple rule. I do not trust any email from a company that has my financial information and wants me to click on a link. If they want me to update some information I will be glad to open a new browser, type in the link to the site and login myself. I am especially untrustworthy of paypal and ebay emails. I don't read any of them unless I know I am involved in an auction, for example.

-Dave
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.