Paypal scam?

Discussion in 'Community Discussion' started by pertusis1, Oct 8, 2013.

  1. pertusis1 macrumors 6502

    Joined:
    Jul 25, 2010
    Location:
    Texas
    #1
    I am not sure if this is the best forum to post this in, but I have just come across a perplexing fraudulent website. Today, I tried to log onto eBay.com. I did not get there by a website, merely typing 'ebay.com' into Safari.

    When I put my login information in, it directed to a restore account page. Stupidly, I entered the requested extensive information. When it gave me an error message, I looked at the web address bar, which showed that the website was NOT secure. I called Paypal, who told me that I had not attempted to login to ebay or paypal at all today (which confirms that the initial login site was bogus). At first, I thought it was perhaps a typo on the web addresss, but I tried going to ebay and paypal again, and each time I was directed to a bogus website.

    Has anyone else encountered this? I was on Safari at the time, and even downloaded Firefox, which did exactly the same thing.

    Can anyone tell me how to troubleshoot this? At first, I thought it was likely a virus/cookie, but it's hard to see how this could have affected Firefox (no imported preferences) on the first time I used it.

    For what it's worth, I do use VMware fusion with McAfee antivirus on the Windows side.
     
  2. AdrianK macrumors 68020

    Joined:
    Feb 19, 2011
    #2
    It could be a redirection via DNS. Try pining ebay via the terminal and enter the IP address it gives you in a browser and see if it directs you to the bogus site.
     
  3. Huntn, Oct 8, 2013
    Last edited: Oct 8, 2013

    Huntn macrumors G5

    Huntn

    Joined:
    May 5, 2008
    Location:
    The Misty Mountains
    #3
    This could be a start: netsecurity.about.com

    I assume this is happening on Windows... or is it Mac? I'd like to know so I can decide which MacRumor Guide to put this info in. I use a Netcraft Toolbar in Firefox which shows the safety of web sites. I also found this Microsoft link:Reset Host Files Back to Default. Make sure it's not a phishing site. :p

    And just as a FYI Firefox already has phishing protection installed and turned on by default, but a quick check showed that I did not have "block reported web forgeries" checked.
     
  4. pertusis1 thread starter macrumors 6502

    Joined:
    Jul 25, 2010
    Location:
    Texas
    #4
    Oddly enough

    OK, so I tried traceroute via the Network Utility to:

    ebay.com

    Traceroute has started…

    traceroute to ebay.com (46.182.3.20), 64 hops max, 72 byte packets

    ** note that 46.182.3.20 takes me directly to the bogus site

    EDIT: this is happening on a Mac. Not sure which discussion forum it belongs in.
     
  5. pertusis1 thread starter macrumors 6502

    Joined:
    Jul 25, 2010
    Location:
    Texas
    #5
    Thanks for the interesting post. Oddly, on multiple computers in my house, it does the same thing. I'm starting to wonder if I'm losing my mind. I would be very interested if anyone else has tried plugging in the DNS # above yet.
     
  6. pertusis1 thread starter macrumors 6502

    Joined:
    Jul 25, 2010
    Location:
    Texas
    #6
    another tidbit

    OK, oddly, if I access ebay via my iPhone on the AT&T 4G network, I still get a non-functional ebay site. However, if I go to the mobile ebay site, it seems to work fine.

    Note that I did reset the host file, which didn't seem to make a difference.

    Also, ebay sent me an email (which hotmail 'trusts'). When I try to follow the link to pay for the item (either in OSX or Windows 7), I get a message that ebay's certificate is not trusted because the website does not match the certificate.

    still puzzled...
     
  7. Huntn, Oct 9, 2013
    Last edited: Oct 9, 2013

    Huntn macrumors G5

    Huntn

    Joined:
    May 5, 2008
    Location:
    The Misty Mountains
    #7
    So the question is how and why are you being directed to a fake site? This happens when you type in http://www.ebay.com and http://www.paypal.com?

    When I type these in, on my Mac using Firefox, the beginning of the url includes a green PayPal with a locked lock icon and if I move my mouse over it, says verified by Verisign, the http turns into "https" representing a secured connection. This is before I sign in. However when I type in the ebay url, it does not show these things.

    I wonder if there is something up with your service provider, ATT? Do you have an internet provider at home? Does it happen there when accessing with a laptop/desktop?

    Please verify if this is happening on MacOS or Windows or is it just with iOS? Thanks.
     
  8. pertusis1 thread starter macrumors 6502

    Joined:
    Jul 25, 2010
    Location:
    Texas
    #8
    Yesterday, it happened in both OSX and Windows 7, as well as on my iPhone. The phone connected through ATT, but my home computers were through an entirely different wireless carrier. I am going to mess with it more tonight, but have not had a chance yet.

    In the end yesterday, I found that if I went to ebay's mobile website on my iphone, this site was secure and worked properly.

    ----------

    I did type in the DNS number posted above, and when I'm on a work computer, it directs me to the bogus eBay page. However, if I type in 'ebay.com', while at work it takes me to the correct page.
     
  9. pertusis1 thread starter macrumors 6502

    Joined:
    Jul 25, 2010
    Location:
    Texas
    #9
    bump

    aha! I called a friend of mine who knows more about this stuff, and he immediately identified the problem. My internet service provider had been hacked. I thought my phone was misdirecting, but I erroneously had it on wifi, not 4G (ATT). Thus, what all of my computers had in common was the internet service provider. Once I changed my DNS, everything fixed itself. I'll have to call my ISP to tell them that they have a problem.
     
  10. pertusis1 thread starter macrumors 6502

    Joined:
    Jul 25, 2010
    Location:
    Texas
    #10
    DNS spoofing

    Well, I have learned a lot. As it turns out, the DNS that my ISP uses was hacked in a method called DNS spoofing. I called them, and they thanked me profusely for the heads' up. Never heard of this before, but it was a lesson that it's ALWAYS worth checking for that little padlock at the top of the browser.

    I guess that wraps up this thread.
     
  11. MICHAELSD macrumors 68040

    MICHAELSD

    Joined:
    Jul 13, 2008
    Location:
    NJ
    #11
    Which ISP wouldn't notice this breach...?
     
  12. Xerotech macrumors 6502

    Joined:
    Jul 22, 2011
    #12
    Your entire ISP. That is seriously ridiculous, i hope they give you free service for a life time.
     
  13. Huntn, Oct 11, 2013
    Last edited: Oct 11, 2013

    Huntn macrumors G5

    Huntn

    Joined:
    May 5, 2008
    Location:
    The Misty Mountains
    #13
    Holy ****! How did you change your DNS? In Firefox I'm using Netcraft Toolbar, World IP and Trust My Web to identify fake sites.
     
  14. pertusis1 thread starter macrumors 6502

    Joined:
    Jul 25, 2010
    Location:
    Texas
    #14
    System preferences... Network... Advanced... DNS...

    hit the + in the left lower side of the window, and add a new DNS. Apparently a lot of people use 8.8.8.8, which is a google public DNS and rarely has problems. I used another public DNS, but there are lots available.

    The sad thing is that Safari DID identify that the site did not have a valid certificate, but I just didn't notice that the padlock was not there. I'm kicking myself, but perhaps I should get an add-on to actually warn me about these sites.
     
  15. Huntn macrumors G5

    Huntn

    Joined:
    May 5, 2008
    Location:
    The Misty Mountains
    #15
    How would changing the DNS on your computer fix an issue residing at the ISP level? Not doubting, just want to understand. Thanks!
     
  16. nowlan1 macrumors newbie

    Joined:
    Feb 12, 2011
    #16
    That doesn't change the DNS on your computer. It changes where your computer gets it's DNS information from. Changing it away from your ISP will fix it After you clear the DNS cache on your computer.
     
  17. Huntn macrumors G5

    Huntn

    Joined:
    May 5, 2008
    Location:
    The Misty Mountains
    #17
    Is there a disadvantage from steering away from you ISP for DNS info?
    Thanks!
     
  18. pertusis1 thread starter macrumors 6502

    Joined:
    Jul 25, 2010
    Location:
    Texas
    #18
    Just a quick follow up note that I pulled out my old ipad, and sure enough The problem was still not fixed on the DNS. I manually changed the DNS to 8.8.8.8 and cleared the safari cache. Problem solved.

    Still hard to believe my ISP let this happen, and that it is still not fixed.

    ----------

    I'm not sure. Would be interested in the answer though.
     
  19. nowlan1 macrumors newbie

    Joined:
    Feb 12, 2011
    #19
    I don't think there is any disadvantage except that the server you choose to use might be further away. In googles case they have plenty of bandwidth so it's not an issue.
     

Share This Page