Warning. Possible fake PayPal scam.

[bleeb]

I just got an email from supposedly PayPal and asks you to re-enter registration because they are upgrading their servers for "Better Protection" Anyways, if you guys recieve such an email disregard. All their links point to:

64.4.22.250

Edit Link:
http://64.4.22.250/cgi-bin/linkrd?_...01%01%01%01%01%01%01%01%01%01@66.6.128.90/f/


66.6.128.90 Port 80??

Anyone know who owns that address??

Edit: (Copy of html page)

Sign Up | Log Out | Help

Dear paypal user, We would like to inform you that we are upgrading our server to install a better protection software. So please click here and fill in the registration form again to renew your account. Paypal Administration.

Thank you for a using PayPal!

About | Accounts | Fees | Privacy | Security Center | User Agreement | Developers | Referrals | Shops

Copyright © 1999-2003 PayPal. All rights reserved.
Information about FDIC pass-through insurance


It was sent to my hotmail account.

 

[minendo]

Post a copy of the email.

Also alert Paypaldamon.

 

[Electrode]

electrode@belphegor:~$ whois 64.4.22.250

OrgName: MS Hotmail
OrgID: MSHOTM
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: 64.4.0.0 - 64.4.63.255
CIDR: 64.4.0.0/18
NetName: HOTMAIL
NetHandle: NET-64-4-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.HOTMAIL.COM
NameServer: NS3.HOTMAIL.COM
NameServer: NS2.HOTMAIL.COM
NameServer: NS4.HOTMAIL.COM
Comment:
RegDate: 1999-11-24
Updated: 2003-06-27

TechHandle: MSFTP-ARIN
TechName: MSFT-POC
TechPhone: +1-425-882-8080
TechEmail: iprrms@microsoft.com

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com

# ARIN WHOIS database, last updated 2004-01-10 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

 

[bleeb]

Can you do a whois for 66.6.128.90 Port 80??

 

[zimu]

Originally posted by: bleeb
Can you do a whois for 66.6.128.90 Port 80??

OrgName: SKYWEB, INC.
OrgID: SWEB
Address: 105 OLD MATAWAN
City: OLD BRIDGE
StateProv: NJ
PostalCode: 08857
Country: US

NetRange: 66.6.128.0 - 66.6.143.255
CIDR: 66.6.128.0/20
NetName: SKY-WEB
NetHandle: NET-66-6-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.SKYWEB.NET
NameServer: NS2.SKYWEB.NET
Comment:
RegDate: 2000-09-01
Updated: 2001-06-22

TechHandle: DA526-ARIN
TechName: DNS ADMIN
TechPhone: +1-732-583-0040
TechEmail: hostmaster@skyweb.net

# ARIN WHOIS database, last updated 2004-01-10 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

OrgName: SKYWEB, INC.
OrgID: SWEB
Address: 105 OLD MATAWAN
City: OLD BRIDGE
StateProv: NJ
PostalCode: 08857
Country: US
Comment:
RegDate: 1996-07-31
Updated: 1996-07-31

# ARIN WHOIS database, last updated 2004-01-10 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

 

[Damon]

Hi,

An easy way to spot this as a scam?

"Dear paypal user"

Our emails address users with FIRST and LAST name. "Dear PayPal User" is not a greeting we would use. We also don't ask users to fill in a form to *fix* their account.

 

[dman]

I get one of these a day it seems. I also got one for CitiBank the other day. It was done rather nicely, if it didn't have a bunch of spelling errors and I had a citicard I might think it was legit. It brought you to the main citi site so you saw the right page / url but had a pop-up that asked for the information. Properties for the popup pointed to another domin (.ru).

 

[RossMAN]

I receive Paypal.com scam emails almost daily and I usually delete them without reading it because:
1) There is always an attachment of around 15k.
2) It's sent to an email address I have never registered with Paypal.com

 

[Muse]

I got an email today that purportedly was to confirm my Paypal information. There was no text, just a link. Subject: "Confirm Your Information!" Supposedly From: service <service@paypal.com>. When I went to the link it looked very professional. So much so that there was NOTHING to suggest it was not legitimate. It contained a link where I was supposed to enter my personal info. It wanted my credit card number and I was not about to type that in without assurance that I wasn't being scammed bigtime. I called Paypal and was told that any email from Paypal will always have a text section addressed to Dear (your name goes here). They asked me forward the message in an email to spoof@paypal.com, which I did.

I'm unable to determine the URL to the first page you see, but it contains a link to the following page where you are supposed to enter your personal info:

http://210.187.122.110/Verify.htm

Have a look yourself! Is that for real or bogus? Personally, I think it's a very slick bigtime scam.

 

[dighn]

.

 

[EyeMWing]

Heh. The only paypal update forms I'll ever consider filling out are the ones it throws in my face every time I login

 

[MrBond]

Have a look yourself! Is that for real or bogus?

Read up a few posts. A Paypal employee posted saying that they'll never contact you to fix your account by filling out a form.

 

[TheKub]

Possible fake PayPal scam? *yawn* Im only interested in REAL scams.

 

[gsellis]

This is a paypal phishing expedition. If you go to paypal, they have info. I forwarded a copy per their directions to paypal. I got it last week. I don't have a paypal account.

 

[Yossarian]

Originally posted by: TheKub
Possible fake PayPal scam? *yawn* Im only interested in REAL scams.

hehe same here.

 

[Muse]

Just for the Hell of it I filled out part of the bogus form, telling them just what scumbags they are in no uncertain terms.

 

[conjur]

Originally posted by: Paypaldamon
Hi,

An easy way to spot this as a scam?

"Dear paypal user"

Our emails address users with FIRST and LAST name. "Dear PayPal User" is not a greeting we would use. We also don't ask users to fill in a form to *fix* their account.

How often do you send emails to users warning them of scams? I don't think I've seen an email from Paypal in some time.

 

[Muse]

Got my reply from spoof@paypal.com:

To: (my name and email address)
Subject: RE: (fwd) Confirm Your Information! (KMM42025822V25982L0KM)
From: "spoof@paypal.com" <spoof@paypal.com>
Date: Tue, 03 Feb 2004 11:19:40 -0600

Thank you for bringing this suspicious email to our attention. We can
confirm that the email you received; was not sent to you by PayPal. The
website linked to this email is not a registered URL authorized or used by
PayPal. We are currently investigating this incident fully. Please do not
enter any personal or financial information into this website.

If you have surrendered any personal or financial information to this
fraudulent website, you should immediately log into your PayPal Account and
change your password and secret question and answer information. Any
compromised financial information should be reported to the appropriate
parties.

If you notice any unauthorized activity associated with your PayPal
transaction history, please immediately report this to PayPal by following
the instructions below:

1. Go to https://www.paypal.com/
2. Click on the Security Center at the bottom of the page
3. Click on "Report a Problem"
4. Select the Topic: Report Fraud
5: Select the Subtopic: Unauthorized use of my PayPal Account, and click
Continue.
6. Follow the instructions to access the appropriate form





Original Message Follows:
------------------------

Is this legitimate? It's certainly not clear.
Thank you.

(my name)

attachment, etc....

 

[rudder]

Originally posted by: Muse
I got an email today that purportedly was to confirm my Paypal information. There was no text, just a link. Subject: "Confirm Your Information!" Supposedly From: service <service@paypal.com>. When I went to the link it looked very professional. So much so that there was NOTHING to suggest it was not legitimate. It contained a link where I was supposed to enter my personal info. It wanted my credit card number and I was not about to type that in without assurance that I wasn't being scammed bigtime. I called Paypal and was told that any email from Paypal will always have a text section addressed to Dear (your name goes here). They asked me forward the message in an email to spoof@paypal.com, which I did.

I'm unable to determine the URL to the first page you see, but it contains a link to the following page where you are supposed to enter your personal info:

http://210.187.122.110/Verify.htm

Have a look yourself! Is that for real or bogus? Personally, I think it's a very slick bigtime scam.

If there is ever a doubt, just type www.paypal.com in your browser and you can be sure.

 

[CraigRT]

it's no biggie, i get crap like this all the time... just be careful and delete this crap when you see it

 

[Muse]

Originally posted by: CraigRT
it's no biggie, i get crap like this all the time... just be careful and delete this crap when you see it

It's pretty scarry how authentic it looked. If I didn't know better.... I could see no mention of Paypal.com in the address bar of IE at the links so I knew it was bogus. I wonder how many unsuspecting people put their CC numbers in there. More, I wonder what is done with that info. Do these guys turn around and order stuff online or do they sell the numbers to other people who do - some sort of underground market in CC numbers? Not that I wonder about it too much - I don't want to get too far into the heads of criminals. Don't want to be one.

 

[jbond03]

Ok i got this one today.

i was stupid enough to click on the link, i dont think the page loaded but i quickly closed it, hopefully there is nomore
cookie exploits (does paypal store cookies?) in IE.


they used the html to hide the real url that it was going to:

for: https://www.paypal.com/us/fq/ac=AgK...hiPygx7K.gaeNEFiO1K540ck3BLjtTRxaie1f5&wtp=pr

it went to: http://paypal-com-webscr-cmd-login-...ygx7KgaeNEFiO1K540ck3BLjtTRxaie1f5w&tpre.html


and: https://www.paypal.com/us/ewf/f=sa_pass
it went to: http://paypal-com-webscr-cmd-login-...ygx7KgaeNEFiO1K540ck3BLjtTRxaie1f5w&tpre.html



Somebody attemp to access your account !!!

This email was sent automatically by the PayPal server in response to your
request to recover your password. This is done for your protection --- only
you, the recipient of this email can take the next step in the account
verification process.

To verify your account and access your account, follow these steps:

1. Click on the link below. If nothing happens when you click on the link
(or if you use AOL), copy and paste the link into the address bar of your
web browser.

https://www.paypal.com/us/fq/ac=AgK...hiPygx7K.gaeNEFiO1K540ck3BLjtTRxaie1f5&wtp=pr


The link will take you to our Verify your account data page.

2. On the Verify Your Identity page, log in to your account, and click
Submit.


If you did not request that we send this email to you,
please report this email to us at:

https://www.paypal.com/us/ewf/f=sa_pass

Thank you for using PayPal!
The PayPal Team

----------------------------------------------------------------


Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.

PayPal Email ID PP385

 

[Ness]

I wish people would pay attention when they sign up for paypal and a message along the lines of "Remember, paypal will NEVER email you about verifying information, or request information via email."

edit: BLEEB and JBOND: please take out the excessively long stuff in your post... it stretches the forum's tables.

 

[robh23]

Dear paypal user

grammar mistake.