NOT HOT! PAYPAL sever update requesting new info. Scam! Beware!

[Kavikgold]

Earlier this morning I recieved this email. Figuring it was just another notice to get a paypal credit card or something, I ignored it:

Dear paypal user, We would like to inform you that we are upgrading our server to install a better protection software. So phere and lease click fill in the registration form again to renew your account.

Paypal Administration.


Thank you for a using PayPal!


After seeing it, I went back to sleep because I ... well... didn't really get any sleep. After waking up, I took a look at all my emails again

It was an html email, so all the other links do indeed go to paypal, but the click here link does not. It links to some random bogus ip address and yadda yadda yadda will screw you over. Very sly, and even I almost fell for it, until I took a closer look, and realized that paypal does not send e-mails in that format (small detail, but easily detected).


I know there have been a flood of these emails quite recently within the past months, but I wanted to give you all a for-warning. This was one of the bettter designed scams. I am not 100% sure this is a scam, but considering I tried logging into paypal by typing their link, and not getting any page to update my info, I am almost positive this is one you should look out for guys/girls.


Sorry about the use of .0000000001% anandtech's bandwith!

Be safe ATers

 

[hevnsnt]

please post the offending ip

 

[Kavikgold]

The link that was included in the email was this: (warning do NOT actually use it!! again, it is a scam)

http://196.15.171.42/sys/


Anybody got more info on this?

 

[winr]

Did you forward it to:

spoof@paypal.com


I get that crap from ebay and paypal around every two months.

..............................................................
EDIT: thanks for the heads up!!--------------------------------------------------------
...............................................................

🙂

 

[Buz2b]

Originally posted by: Kavikgold
The link that was included in the email was this: (warning do NOT actually use it!! again, it is a scam)

<a target=_blank class=ftalternatingbarlinklarge href="http://196.15.171.42/sys/
">http://196.15.171.42/sys/
</a>

Anybody got more info on this?

Here's the latest:

This site has been suspended by
network administrator.

If you are the owner of this domain, please open a My Website has been Suspended Support Ticket for further information. Please include the domain name which has been suspended.

If you are a visitor, please visit this site again later.

Looks like they have been given a time-out. LOL!

 

[Balt]

As a non-paypal user I'm curious, how do all of these scammers know your e-mail addresses? Does paypal make this information publicly available?

 

[Kavikgold]

well there's two possbilities.

lets start with the more ... "better" ..... one:

you sign up for a newsletter from some random site, and you start getting spam, and this is the end result.



and now with the more... "worse" ... one:

*cough* pending class action suit against paypal *cough*

 

[TheBigCheese]

Originally posted by: Balt
As a non-paypal user I'm curious, how do all of these scammers know your e-mail addresses? Does paypal make this information publicly available?

They don't know whether you are a Paypal user! They send out 100's of millions of emails because there is no cost associated (they are using stolen accounts to send the mails and computers that they have planted software in) so if 90% are not Paypal users, so what? Every day I get similar emails about US Bank, Citibank, Chase Bank, etc. and I'm not a customer of any of them.

 

[osage]

PayPal blows donkey balls..... IMHO, but hey I could be wrong.

 

[Balt]

Originally posted by: TheBigCheese

Originally posted by: Balt
As a non-paypal user I'm curious, how do all of these scammers know your e-mail addresses? Does paypal make this information publicly available?

They don't know whether you are a Paypal user! They send out 100's of millions of emails because there is no cost associated (they are using stolen accounts to send the mails and computers that they have planted software in) so if 90% are not Paypal users, so what? Every day I get similar emails about US Bank, Citibank, Chase Bank, etc. and I'm not a customer of any of them.

I have a desginated spam account that gets all of the "Citibank" e-mails and such as well, but I've never gotten one related to Paypal, which is why I asked. Could be a coincidence, but it seems odd.

 

[imported_siegler]

You're lucky. I average about 2 or 3 a day. When you use a text email client they kinda lose their impact though 😉

 

[moshquerade]

You know what else sucks about PayPal? I sent a guy a payment and he was able to call me on the phone and inevitably stalk me with all the info PayPal freely gave him about me.
I don't think the guy needed anything from me but the payment.

 

[jamautosound]

Originally posted by: Buz2b

Originally posted by: Kavikgold
The link that was included in the email was this: (warning do NOT actually use it!! again, it is a scam)

http://196.15.171.42/sys/

</a>

Anybody got more info on this?

Here's the latest:

This site has been suspended by
network administrator.

If you are the owner of this domain, please open a My Website has been Suspended Support Ticket for further information. Please include the domain name which has been suspended.

If you are a visitor, please visit this site again later.

Looks like they have been given a time-out. LOL!

It's still up.

 

[imported_codpilot]

Warning, this also trys to drop a trojan on your computer (per Mcaffee) Exploit-URLSpoof.gen on entry to the page and on pressing the submit button (tried to give it some bull info).

 

[yougotdeals]

Originally posted by: moshquerade
You know what else sucks about PayPal? I sent a guy a payment and he was able to call me on the phone and inevitably stalk me with all the info PayPal freely gave him about me.
I don't think the guy needed anything from me but the payment.

That's pretty scary.

 

[csyberblue]

Originally posted by: codpilot
Warning, this also trys to drop a trojan on your computer (per Mcaffee) Exploit-URLSpoof.gen on entry to the page and on pressing the submit button (tried to give it some bull info).

I just visited the website and AVG anti-virus didn't detect anything. Am I at risk now?

 

[MrPShah]

unfortunately you probably are....

http://housecall.antivirus.com

 

[NickNack]

more info on the provider:

08/30/04 16:04:47 whois !NET-196-15-128-0-1@whois.arin.net

whois -h whois.arin.net !net-196-15-128-0-1 ...

OrgName: Telkom SA Ltd.
OrgID: SAIX
Address: Soekor Building
Address: 151 Frans Conradie Ave
City: Parow
StateProv: Western Cape
PostalCode: 7500
Country: ZA

NetRange: 196.15.128.0 - 196.15.255.255
CIDR: 196.15.128.0/17
NetName: SAIX-2-CIDR
NetHandle: NET-196-15-128-0-1
Parent: NET-196-0-0-0-0
NetType: Direct Allocation
NameServer: IGUBU.SAIX.NET
NameServer: SANGOMA.SAIX.NET
Comment: Please contact abuse@saix.net for abuse queries
RegDate: 1997-10-13
Updated: 2003-08-27

AbuseHandle: TIA-ARIN
AbuseName: Telkom IPNet Abuse
AbusePhone: +2712 6770224
AbuseEmail: abuse@saix.net

NOCHandle: TIN2-ARIN
NOCName: Telkom IPNet NNOC
NOCPhone: +27 12 6800224
NOCEmail: nnoc@saix.net

TechHandle: JDU24-ARIN
TechName: Du Preez, Johan
TechPhone: 012 6800067
TechEmail: johan@saix.net

OrgAbuseHandle: TIA-ARIN
OrgAbuseName: Telkom IPNet Abuse
OrgAbusePhone: +2712 6770224
OrgAbuseEmail: abuse@saix.net

OrgTechHandle: TIN2-ARIN
OrgTechName: Telkom IPNet NNOC
OrgTechPhone: +27 12 6800224
OrgTechEmail: nnoc@saix.net

# ARIN WHOIS database, last updated 2004-08-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.