**Freezing** yet ANOTHER PayPal Scam

[Su1c1da1]

exact copy n paste from email




From : "Paypal Support" <support@paypal.com>

To : <killa_joka@hotmail.com>
Subject : System Update! Confirmation REQUIRED
Date : Sun, 28 Jul 2002 04:54:38
Dear PayPal Customer,

This email is to inform you of a recent update we made to our systems,
To avoid service Interruption we require that you confirm
your account as soon as possible.

Please take a moment to confirm your account by going to the following address:

http://www.transactionsystem.org/secureverify/accounts/accountConfirm.html

Follow these steps:

1- Log in to the link given above.
2- Your account will now be updated, you may continue using Paypal services with out any interruptions.

*** Please note: If you FAIL to update your account, it will be temporarily disabled.

We apologize for any inconvenience..
The paypal team is working hard to bring you the best services on the web.

Thank you for your business.


The Paypal Staff.



***************************************************************************************************************

Do not reply to this e-mail, for assistance contact the customer service team.

***************************************************************************************************************

 

[Chiboy]

Thanks for the Warning... How did they send from support@paypal.com?

 

[rival]

another reason not to use paypal, man that thing sucks

 

[Garet Jax]

Originally posted by: Chiboy
Thanks for the Warning... How did they send from support@paypal.com?

It is very easy to change the reply address on an email. Outlook allows it and I think express does as well. Even if that fails, it is very easy to write a java app that sends emails with any reply address whatsoever. It is so common in fact, that a lot of admins are making a filter to look at reply addresses to make sure they point to a valid email address. One company I did work for actually made sure that the domain in the email address was valid.

 

[dew042]

left them some bogus accounts... kinda fun.

dew.

 

[fr]

Can't any of these scammers ever do it with correct punctuation, spelling, capitalization, and grammar?

 

[dew042]

Originally posted by: fr
Can't any of these scammers ever do it with correct punctuation, spelling, capitalization, and grammar?

mental note: next time i do this i need to put in better english skills....










oh, was that out loud?

dew.

 

[progex]

Just remember,

(1)never do anything with your PayPal account if it directs to another address other than a Paypal.com/* address.
(2) If you happen to know HTML well, view the source of the webpage. You can clearly see that on: http://www.transactionsystem.org/secureverify/accounts/accountConfirm.html ... The form is a cutandpastescripts.com formmailer.
(3) Never give out your PayPal login/pass details if the webpage you're going to isn't SSL-Secure. How can you tell? If you see a lock at the bottom right of your browser and if the address starts with: https:// ... As opposed to just http:// .

Thanks for the Warning... How did they send from support@paypal.com?

Another method is using an Anonymous Mailer. Spammers often use these tools to "change" their e-mail address. However, if you view the header of the e-mail message, you can view if it's really an anonymous mailer.

 

[tk149]

Good advice, Progex !

<Bump>

 

[RaWk]

not only can't they spell...but they're JS and perl scripts don't work. SO they couldnt get your password even if you entered it!

 

[thortyboy]

Originally posted by: RaWk
not only can't they spell...but they're JS and perl scripts don't work. SO they couldnt get your password even if you entered it!

Rawk, you're right. hahaha, how funny
transactionsystem.org refers to 63.99.209.79-- kenosha, WI

paypal refers to 65.206.229.16 -- palo alto, CA

this guy is pretty lame, he could have at least used the some type of url like

http://www.paypal.com@65.206.229.16/secureverify/accounts/accountConfirm.html

i know that url refers back to the actual paypal, but isn't there some way to use an @
sign in a url to redirect to another site? ohwell. stupid wannabe sup3R 1337 hax0r. haha

 

[GoatHerderEd]

i put in a bogus one, and it came back with:

Opps!
You email address entered into the HIDDEN tag called 'to' is incorrect



o, and if you click the protect your password link, it takes you to a window that tells you that it must say www.paypal.com!! lol. he didnt even corect that!

 

[RDMustang1]

Opps!
You email address entered into the HIDDEN tag called 'to' is incorrect

Hah, they can't even get the script right.. This is what you get when you submit...

 

[sxr7171]

Originally posted by: fr
Can't any of these scammers ever do it with correct punctuation, spelling, capitalization, and grammar?

Other than some incorrect capitalization, I can't see anything wrong with the grammar or punctuation. Please feel free to point out anything else you see.

 

[iwearnosox]

Originally posted by: sxr7171

Originally posted by: fr
Can't any of these scammers ever do it with correct punctuation, spelling, capitalization, and grammar?

Other than some incorrect capitalization, I can't see anything wrong with the grammar or punctuation. Please feel free to point out anything else you see.

Uh, try "oops" not "opps."

 

[iwearnosox]

The reason their script is erroring might be because of an alert site. They don't use their own forms, if you look it redirects to:

http://www.cutandpastescripts.com/cgi-bin/formprocessing/forms.pl

Posting values:

input type=hidden
name="activenumber"
value="653365185969"
name="username"
value="pp4us"

The sysops of cutandpastescripts.com probably have some good IP info on whoever is doing this. They probably got word of this scam and shut their script down, or it just plain broke.

 

[TNTrulez]

another scam that sux.

 

[skyking]

Is there any way to trace this back to the I.P., and catch these lowlifes for real? A few high-profile convictions of these slimeballs would be nice!

 

[pokerstars]

Um...just a thought here...but is it really smart for us to help these guys debug their scam site?

Just FYI - all PayPal transactions - even logins - are done from secure servers (https://...) - one more thing to watch for.

...dan

 

[iwearnosox]

We're not helping them debug their site, it's not their site having the issue. They're being fairly simplistic in the thought that the more "layers" they place in the process of extracting emails and passwords the better. In reality it's more links in a chain that could, and did break.

Yes, they're traceable, and vunerable. Ultimately it may wind up that they're in Romania, though, and don't care about US law enforcement.

 

[Apollyon]

So being as bored as I am, I figured I'd call their hosting company.

Wouldn't you know it, their office hours are Mon-Fri 8am-whenever, even for the sales department!

Anyways, if I don't think of it tomorrow, someone call readyhost.


Registrant:
Transaction Systems of America (UAMXAYALHD)
192 Ben Claar Road
Claysburg, PA 16625
US

Domain Name: TRANSACTIONSYSTEM.ORG

Administrative Contact:
Transaction Systems of America (UZDDWXYDFO) pp4us@hotmail.com
Transaction Systems of America
192 Ben Claar Road
Claysburg, PA 16625
US
814-942-4699
Technical Contact:
Ready Hosting Inc. (TWHBUQCCZO) sysadmin@readyhosting.com
Ready Hosting Inc.
6127 Green Bay Road
Kenosha, WI 53142
US
262-652-7640 fax: 262-652-7650

Record expires on 26-Jul-2003.
Record created on 26-Jul-2002.
Database last updated on 28-Jul-2002 17:59:44 EDT.

Domain servers in listed order:

NS5.READYHOSTING.COM 63.99.209.103
NS6.READYHOSTING.COM 63.99.209.104

 

[Apollyon]

I forgot to include their number:

1-888-257-2052

If it wasn't toll free, I probably would not have called. I'm cheap.

 

[Cattlegod]

no is this guy going to get off scott free with a ton of ppls money? or will the police take legal action?

 

[Otaking]

I like how when you go to "transactionsystem.org," it redirects to http://www.paypal.com

heheh..

 

[danii8]

:|