another paypal scam

[PoopyPants]

got this in my hotmail just minutes ago, i have also changed the email and password i have on the account

You have added DTT_Data@earth-online.com as a new email address for your
PayPal account.

If you did not authorize this change or if you need assistance with
your account, please contact PayPal customer service at:

<a target=_blank class=ftalternatingbarlinklarge href="https://www.paypal.com/row/wf/f=ap_login">https://www.paypal.com/row/wf/f=ap_login</a>


Thank you for using PayPal!
The PayPal Team

----------------------------------------------------------------
PROTECT YOUR PASSWORD

NEVER give your password to anyone and ONLY log in at
<a target=_blank class=ftalternatingbarlinklarge href="https://www.paypal.com/">https://www.paypal.com/</a> Protect yourself against fraudulent websites
by opening a new web browser (e.g. Internet Explorer or Netscape) and typing
in the PayPal URL every time you log in to your account.

----------------------------------------------------------------

Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.


PayPal Email ID PP107

here is the message source, notice the bullshit paypal addresses.

X-Message-Status: n
X-SID-PRA: PayPal <paypal@email.paypal.com>
X-SID-Result: SoftFail
X-Message-Info: JGTYoYF78jFJxq874P8K+P66fce46WALPoMptdA5xd4=
Received: from community.420k.com ([64.92.171.226]) by mc10-f42.hotmail.com with Microsoft SMTPSVC(6.0.3790.211);
Thu, 12 May 2005 06:37:57 -0700
Received: from nobody by community.420k.com with local (Exim 4.50)
id 1DWDsy-0004Hh-52
for xxxxx@msn.com; Thu, 12 May 2005 08:37:56 -0500
To: xxxxx@msn.com
Subject: You've Added an Additional Email Address !
X-Originating-IP: [206.165.246.86]
From: PayPal <paypal@email.paypal.com>
X-Header-CompanyDBUserName: paypal
Errors-To: paypal@email.paypal.com
Reply-To: paypal@email.paypal.com
X-Header-MasterId: 900477
X-Header-Versions: PayPal.614jt7q1x.h0@email.paypal.com
Message-ID: <PayPal.614jt7q1x.h0@email.paypal.com>
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Date: Thu, 12 May 2005 08:37:56 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - community.420k.com
X-AntiAbuse: Original Domain - msn.com
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - community.420k.com
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: nobody@community.420k.com
X-OriginalArrivalTime: 12 May 2005 13:37:57.0820 (UTC) FILETIME=[CEE8C7C0:01C556F7]

<body>
<table width="680" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="680"><p><tt>You have added </tt><a
href="http://mail.postmail.com.cn/dmcfg/login...ecure-server/SSL/encrypted/1/index.htm"
target="_blank"><tt>DTT_Data@earth-online.com</tt></a><tt> as a new email address for your <br>
PayPal account.<br>
<br>
If you did not authorize this change or if you need assistance with <br>
your account, please contact PayPal customer service at:<br>
<br>
</tt><a
href="http://mail.postmail.com.cn/dmcfg/login...ecure-server/SSL/encrypted/1/index.htm"
target="_blank"><tt><a target=_blank class=ftalternatingbarlinklarge href="https://www.paypal.com/row/wf/f=ap_login</tt></a><tt><br>">https://www.paypal.com/row/wf/f=ap_l......></a><tt><br></a>
<br>
<br>
Thank you for using PayPal!<br>
The PayPal Team<br>
<br>
----------------------------------------------------------------<br>
                    PROTECT YOUR PASSWORD<br>
<br>
NEVER give your password to anyone and ONLY log in at<br>
<a href="http://mail.postmail.com.cn/dmcfg/login...ecure-server/SSL/encrypted/1/index.htm" target="_blank"><a target=_blank class=ftalternatingbarlinklarge href="https://www.paypal.com/</a>">https://www.paypal.com/</a></a> Protect yourself against fraudulent websites <br>
by opening a new web browser (e.g. Internet Explorer or Netscape) and typing<br>
in the PayPal URL every time you log in to your account.<br>
<br>
----------------------------------------------------------------   </tt></p>
<p><tt>Please do not reply to this e-mail. Mail sent to this address cannot be<br>
answered. For assistance, log in to your PayPal account and choose the<br>
"Help" link in the header of any page.  <br>
<br>
<br>
PayPal Email ID PP107<br>
</tt></p>
</td>
</tr>
</table>
</body>
</html>

 

[halik]

i got the list of people who fell for it... emailing em all now...


damn thaeres like 200 ppeople, i'll just send it to paypal

 

[PoopyPants]

????
what do you mean by that ?

i think we should take that email address and add it to every scam, email list, prize winning scheme we can find on the internet.

yup i think ill do that. that that jerk-off's email get blasted with crap.

 

[bret]

nice catch man

 

[PoopyPants]

oh and i dont mean take my email address lol the msn one and bomb it lol.

 

[halik]

99% of people that gave their passwords and ccs out for this scame have yahoo email address :roll:

 

[PoopyPants]

and how do you know this ???

 

[halik]

Originally posted by: PoopyPants
and how do you know this ???

read my lips : i got the file that the php script save all the info. Theres good 500 people on it ... new person every 2 minutes. It's beemn going since april btw.

 

[halik]

alright i emailed all the recent people,
looks like they multiple spammings one for yahoo and one for hotmail. The first additions were at the end of april and the newest one is today morning...

 

[PoopyPants]

cool, i dont know anything about all that php stuff and stuff lol

thanks man! let us know if anyone gets back to you.

anyway to delete all that info and put it back on his server. so the sheet is empty on his end ?

 

[halik]

Originally posted by: PoopyPants
cool, i dont know anything about all that php stuff and stuff lol

thanks man! let us know if anyone gets back to you.

anyway to delete all that info and put it back on his server. so the sheet is empty on his end ?

not likely,
you'd have to find how the scammer hacked the box to begin with and then change the permissions on the file. Seeing as the machine is in china, theres no point in emailing the admin...

I'd put my money on a brute force ssh attack that got 'em in anway. The logs on my machines at work have a ton of entries with just random combinations of username/passwords.

 

[halik]

AHHAHA so i dug thru the php scrips and found his email address: and sent him this

to bsdpinguin
(subject: 'werd' .. what he had in the script)

Not quite asshole,
say hi to abuse@yahoo.com for me. And by the way, i emailed everyone
in aha.txt with their private information. I'm sure they'll know what
to do...
Have fun paying your spam bill!

and he responded!:

From: Petter Beggs bsdpinguin@yahoo.com
Subject: back off
Body:
grrr

 

[gshock888]

im dumb but why would he refer you back to a paypal site? what info would he gain? its not like he asked you to email back the info?

 

[halik]

Originally posted by: gshock888
im dumb but why would he refer you back to a paypal site? what info would he gain? its not like he asked you to email back the info?

You submit the stuff via a form and it emails him automatically

 

[Phoenix86]

Originally posted by: halik
AHHAHA so i dug thru the php scrips and found his email address: and sent him this

to bsdpinguin
More options 12:47 pm (8 minutes ago)
Not quite asshole,
say hi to abuse@yahoo.com for me. And by the way, i emailed everyone
in aha.txt with their private information. I'm sure they'll know what
to do...
Have fun paying your spam bill!

and he responded!:

From: Petter Beggs bsdpinguin@yahoo.com
Subject: back off
Body:
grrr

NICE!!!
:beer:

 

[trevinom]

Originally posted by: halik
AHHAHA so i dug thru the php scrips and found his email address: and sent him this

to bsdpinguin
(subject: 'werd' .. what he had in the script)

Not quite asshole,
say hi to abuse@yahoo.com for me. And by the way, i emailed everyone
in aha.txt with their private information. I'm sure they'll know what
to do...
Have fun paying your spam bill!

and he responded!:

From: Petter Beggs bsdpinguin@yahoo.com
Subject: back off
Body:
grrr

Dude, you are the bomb!!!
You dropped the bomb on him, Baby...you dropped the bomb on him

 

[simms]

Originally posted by: trevinom

Originally posted by: halik
AHHAHA so i dug thru the php scrips and found his email address: and sent him this

to bsdpinguin
(subject: 'werd' .. what he had in the script)

Not quite asshole,
say hi to abuse@yahoo.com for me. And by the way, i emailed everyone
in aha.txt with their private information. I'm sure they'll know what
to do...
Have fun paying your spam bill!

and he responded!:

From: Petter Beggs bsdpinguin@yahoo.com
Subject: back off
Body:
grrr

Dude, you are the bomb!!!
You dropped the bomb on him, Baby...you dropped the bomb on him

Wow, those credit card information is so easy to get.. that's pretty scary.

 

[knyghtbyte]

i never respond to any emails regarding payments, certainly dont click the links in them...lol

in fact i only use a c/c on one internet site......i dont use it in shops or restaruants either really.....its mostly just to use as proof of ID....lol

 

[Carazariah]

Originally posted by: gshock888
im dumb but why would he refer you back to a paypal site? what info would he gain? its not like he asked you to email back the info?

The html code lets you give the verbage of the link and the actual link information like this example.

www.drudgereport.com

So by the link it looks like you would go to http://www.drudgereport.com but I setup the html code to redirect you to www.drudge.com which is a alternative to drudge. The Paypal scammer did the same thing and listed the visible text to www.paypal.com but redirected the html link to his own site.

Not very nice and mimics the Paypal scam alert nearly perfectly.


C

 

[WildHorse]

! ! ! W A R N I N G ! ! !
BE CAREFUL RE: YOUR PAYPAL ACCOUNT INFO!!!

In about tjhe last 2-43 months I've been getting A LOT of phishing e-mails attempting to play omn my PayPal account. I estimate maybe 50-75 similar messages in that time. Typical example follows:

A) Bogus e-mail received:
As part of our security measures, we regularly screen activity in the
PayPal system. We recently noticed the following issue on your account:

We would like to ensure that your account was not accessed by an
unauthorized third party. Because protecting the security of your
account is our primary concern, we have limited access to sensitive PayPal
account features. We understand that this may be an inconvenience but please
understand that this temporary limitation is for your protection.
Case ID Number: PP-072-838-482

https://www.paypal.com/us/cgi-bin/webscr?cmd=complaint-view

For your protection, we have limited access to your account until
additional security measures can be completed. We apologize for any
inconvenience this may cause.

To review your account and some or all of the information that PayPal
usedto make its decision to limit your account access, please visit the
Resolution Center https://www.paypal.com/ . If, after reviewing your account information, you seekfurther clarification regarding your account access, please contact
PayPal by visiting the Help Center and clicking "Contact Us".We thank you for
your prompt attention to this matter. Please understand that this is a
security measure intended to help protect you and your account. We apologize for
any inconvenience.

Sincerely,
PayPal Account Review Department

PayPal Email ID PP876290

B) I forwarded above bnogus message to spoof@ebay.com

C) Got this reply confirming that it is indeed fraudulent:
Dear ____________,

Thank you for contacting PayPal.

We appreciate you bringing this suspicious email to our attention. We
can confirm that the email you received was not sent to you by PayPal.
The website linked to this email is not a registered URL authorized or
used by PayPal. We are currently investigating this incident fully.
Please do not enter any personal or financial information into this
website.

If you have surrendered any personal or financial information to this
fraudulent website, you should immediately log into your PayPal Account
and change your password and secret question and answer information. Any
compromised financial information should be reported to the appropriate
parties.

If you notice any unauthorized activity associated with your PayPal
transaction history, please immediately report this to PayPal by
following the instructions below:

1. Log in to your account at https://www.paypal.com/ by entering
your email address and password into the Member Log In box

2. Click on Security Center at the bottom of the page

3. Click on the 'Unauthorized Transaction' link under the Report a
Problem column

4. Please follow the instructions in order to access the appropriate
form

If you have any further questions, please feel free to contact us again.

Sincerely,
PayPal Account Review Department

 

[RossMAN]

It's very simple.

Email received from Paypal (whether it's legit or not) - DELETE it

Manually login to www.paypal.com without clicking any links or even bookmarks.

Yes I'm a paranoid mofo.