I almost got scammed....

[ncage]

Ok guys i am a very knowlegable computer person. I am programmer by trade but this scam almost got me. I sold something on ebay. A video card. About 2 hours after the auction ends i get an email from paypal that the person who won my auction has payed. I click on the email and it even is pointing to paypal.com but its fake i can tell by looking at it. So what do i do. I type im www.paypal.com and then go check my account for the payment. Of course no payment has been made. I also look in the email and they just use my email address and never say my full name which paypal should.
Here was the link in my browser:
https://www.paypal.com/us/links/uni/email=myemailaddress@yahoo.com

Pretty tricky huh? I think this one is going to get a lot of people. These turds are starting to get very smart and its they almost tricked me. I always thought i was to smart for these people.

 

[KLin]

Please post the headers of the email.

 

[kyzen]

:roll:

 

[intogamer]

lol this was posted before

 

[imported_Dirac]

Originally posted by: kyzen
:roll:

sorry, but i dont get it

 

[Juno]

Originally posted by: intogamer
lol this was posted before

QFT

 

[ncage]

Originally posted by: kyzen
:roll:

X-Kaspersky: Checked
X-Apparently-To: myemailaddy@yahoo.com via 68.142.199.85; Sun, 18 Jun 2006 20:36:06 -0700
X-Originating-IP: [216.113.188.112]
Authentication-Results: mta315.mail.mud.yahoo.com
from=lensec.com; domainkeys=neutral (no sig)
Received: from 216.113.188.112 (EHLO outbound2.den.paypal.com) (216.113.188.112)
by mta315.mail.mud.yahoo.com with SMTP; Sun, 18 Jun 2006 20:36:06 -0700
Received: from denweb23.den.paypal.com (denweb23.den.paypal.com [10.191.12.37])
by outbound2.den.paypal.com (Postfix) with SMTP id E83B1118032
for <myemailaddy@yahoo.com>; Sun, 18 Jun 2006 20:36:05 -0700 (PDT)
Received: (qmail 29146 invoked by uid 99); 19 Jun 2006 03:36:05 -0000
Date: Sun, 18 Jun 2006 20:36:05 -0700
Message-Id: <1150688165.29146@paypal.com>
Subject: Notification of an Instant Purchase Payment for Item #8830683522 -
Received from djc1603 (dcrawford@lensec.com)
X-MaxCode-Template: email-auction-unilateral-payment-notification
To: "myemailaddy@yahoo.com" <myemailaddy@yahoo.com>
From: "dcrawford@lensec.com" <dcrawford@lensec.com>
X-Email-Type-Id: PP754
X-XPT-XSL-Name:
/default/en_US/auction/AuctionUnilateralPaymentNotification.xsl
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=windows-1252
MIME-Version: 1.0

 

[ncage]

Originally posted by: intogamer
lol this was posted before

wether this has been here before or not people need to be aware of it. Its looks very legit. I don't want anyone getting scamed.

 

[vegetation]

Welcome to 1999. Paypal payments should always be verified by logging onto paypal.

 

[jadinolf]

ncage

Thanks for the tip. I have always resisted signing up for Paypal but since so many sellers insist on it, I decided to sign up two days ago. Still waiting to be verified.

 

[bluewall21]

This is why SpoofStick is always a good thing to have.

 

[sandorski]

Interesting. Just a few minutes ago I was checking my E-mail and had the same notice. I knew it was a fake, since I do not have a Paypal account.

 

[thescreensavers]

i delt with paypal got over paypal now I am paypal free thouse robbers stole my Fvcking money arrr

 

[alimoalem]

Originally posted by: sandorski
Interesting. Just a few minutes ago I was checking my E-mail and had the same notice. I knew it was a fake, since I do not have a Paypal account.

lol

 

[biggestmuff]

Originally posted by: ncage
Ok guys i am a very knowlegable computer person. I am programmer by trade but this scam almost got me. I sold something on ebay. A video card. About 2 hours after the auction ends i get an email from paypal that the person who won my auction has payed. I click on the email and it even is pointing to paypal.com but its fake i can tell by looking at it. So what do i do. I type im www.paypal.com and then go check my account for the payment. Of course no payment has been made. I also look in the email and they just use my email address and never say my full name which paypal should.
Here was the link in my browser:
https://www.paypal.com/us/links/uni/email=myemailaddress@yahoo.com

Pretty tricky huh? I think this one is going to get a lot of people. These turds are starting to get very smart and its they almost tricked me. I always thought i was to smart for these people.

Well, if it was fake, then it wasn't pointing to paypal.com It was re-directing you. The text being displayed can say anything a user wants. If you hover with your mouse pointer over a link, the bottom left hand corner of your browser window, the status bar, should tell you where the destination really will take you. Try this by clicking on the address in your quoted portion of my post. Just hover; don't click. Or click, I don't care. Now, with this in mind, why would you post that same nefarious, phishing link above? Did you remove the malicious url on purpose or was that just a lucky result of how you copied and pasted?

...but you're the " very knowlegable computer person." What do I know? :beer:

 

[Acanthus]

forward the email to spoof at paypal dot com

their fraud team will investigate the site.

 

[rudder]

Originally posted by: vegetation
Welcome to 1999. Paypal payments should always be verified by logging onto paypal.

exactly, jsut make a habit of printing out postage through paypal and you won't have this problem. One stop shopping to check if the payment is from a verified user, confirmed address, legit email, etc.

 

[ncage]

Originally posted by: biggestmuff

Originally posted by: ncage
Ok guys i am a very knowlegable computer person. I am programmer by trade but this scam almost got me. I sold something on ebay. A video card. About 2 hours after the auction ends i get an email from paypal that the person who won my auction has payed. I click on the email and it even is pointing to paypal.com but its fake i can tell by looking at it. So what do i do. I type im www.paypal.com and then go check my account for the payment. Of course no payment has been made. I also look in the email and they just use my email address and never say my full name which paypal should.
Here was the link in my browser:
https://www.paypal.com/us/links/uni/email=myemailaddress@yahoo.com

Pretty tricky huh? I think this one is going to get a lot of people. These turds are starting to get very smart and its they almost tricked me. I always thought i was to smart for these people.

Well, if it was fake, then it wasn't pointing to paypal.com It was re-directing you. The text being displayed can say anything a user wants. If you hover with your mouse pointer over a link, the bottom left hand corner of your browser window, the status bar, should tell you where the destination really will take you. Try this by clicking on the address in your quoted portion of my post. Just hover; don't click. Or click, I don't care. Now, with this in mind, why would you post that same nefarious, phishing link above? Did you remove the malicious url on purpose or was that just a lucky result of how you copied and pasted?

...but you're the " very knowlegable computer person." What do I know? :beer:

Your wrong. It was going to paypal.com. Don't you read the news? Paypals site was being used by people to scam paypal members. The URL i gave above is what showed up in firefox not what was shown on the link. Im not stupid i know they can redirecty you to another site. Even the certificate is paypals own certificate because its actually part of their site. Its like someone hacked part of their site. What your talking about his how MOST phising emails work. This was different and thats why im warning people. I'm sorry it just pisses me off when people don't know all the information and downgrade other people when they shouldn't be. I did email it to spoof@paypal.com and the definitly said it didn't come to them. When i get home tonight i will link to a screenshot of the actually firefox browswer with "https://www.payal.com" in it. Ask questions before you come out and call someome stupid next time.

 

[pontifex]

Originally posted by: biggestmuff

Originally posted by: ncage
Ok guys i am a very knowlegable computer person. I am programmer by trade but this scam almost got me. I sold something on ebay. A video card. About 2 hours after the auction ends i get an email from paypal that the person who won my auction has payed. I click on the email and it even is pointing to paypal.com but its fake i can tell by looking at it. So what do i do. I type im www.paypal.com and then go check my account for the payment. Of course no payment has been made. I also look in the email and they just use my email address and never say my full name which paypal should.
Here was the link in my browser:
https://www.paypal.com/us/links/uni/email=myemailaddress@yahoo.com

Pretty tricky huh? I think this one is going to get a lot of people. These turds are starting to get very smart and its they almost tricked me. I always thought i was to smart for these people.

Well, if it was fake, then it wasn't pointing to paypal.com It was re-directing you. The text being displayed can say anything a user wants. If you hover with your mouse pointer over a link, the bottom left hand corner of your browser window, the status bar, should tell you where the destination really will take you. Try this by clicking on the address in your quoted portion of my post. Just hover; don't click. Or click, I don't care. Now, with this in mind, why would you post that same nefarious, phishing link above? Did you remove the malicious url on purpose or was that just a lucky result of how you copied and pasted?

...but you're the " very knowlegable computer person." What do I know? :beer:

I've read they can spoof that too

 

[lagvoid]

I always go to www.paypal.com myself to check for payments. Those sites that only accept payments via paypal links worry me.

 

[j00fek]

wow, ill have to look out for this one

 

[ncage]

Originally posted by: biggestmuff

Originally posted by: ncage
Ok guys i am a very knowlegable computer person. I am programmer by trade but this scam almost got me. I sold something on ebay. A video card. About 2 hours after the auction ends i get an email from paypal that the person who won my auction has payed. I click on the email and it even is pointing to paypal.com but its fake i can tell by looking at it. So what do i do. I type im www.paypal.com and then go check my account for the payment. Of course no payment has been made. I also look in the email and they just use my email address and never say my full name which paypal should.
Here was the link in my browser:
https://www.paypal.com/us/links/uni/email=myemailaddress@yahoo.com

Pretty tricky huh? I think this one is going to get a lot of people. These turds are starting to get very smart and its they almost tricked me. I always thought i was to smart for these people.

Well, if it was fake, then it wasn't pointing to paypal.com It was re-directing you. The text being displayed can say anything a user wants. If you hover with your mouse pointer over a link, the bottom left hand corner of your browser window, the status bar, should tell you where the destination really will take you. Try this by clicking on the address in your quoted portion of my post. Just hover; don't click. Or click, I don't care. Now, with this in mind, why would you post that same nefarious, phishing link above? Did you remove the malicious url on purpose or was that just a lucky result of how you copied and pasted?

...but you're the " very knowlegable computer person." What do I know? :beer:

http://it.slashdot.org/article.pl?sid=06/06/16/143208

Read and weep. SO what do you know? NOTHING

 

[PokerGuy]

I'm not sure I follow.... You're saying they are pointing you to the 'real' paypal site, but somehow pulling a scam. Can you explain a little further? I know the email is obviously fake, but if they are linking to the real paypal site, what's the issue?

 

[AmpedSilence]

Originally posted by: PokerGuy
I'm not sure I follow.... You're saying they are pointing you to the 'real' paypal site, but somehow pulling a scam. Can you explain a little further? I know the email is obviously fake, but if they are linking to the real paypal site, what's the issue?

because the information typed in there is not going to PayPal; its going somewhere else. and that is a problem.

 

[PokerGuy]

Thanks for the link ncage, I read the article and it's a little clearer now. What I still don't understand is how the cross site scripting works, ie, how do they inject malicious code onto a page when that page is being loaded from the real paypal server?