FRIHOST • FORUMS • SEARCH • FAQ • TOS • BLOGS • COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Paypal E-Mail Scam





Vrythramax
I received this in my email this morning and thought you all should be aware of what a real e-mail scam looks like so you can avoid being ripped off.

Vrythramax - Receipt.eml wrote:

X-Account-Key: account1
X-UIDL: 8ccae11cba260000
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: by pop (mbox ******)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Sun Mar 19 09:57:50 2006)
X-From_: sergio@staging.youwager.com Sun Mar 19 05:10:21 2006
Return-Path: <sergio@staging.youwager.com>
Received: from ****.*******.net (****.*******.net [209.2**.**.***])
by ****.*******.net (8.12.10/8.11.6-BW0403.04) with ESMTP id k2JAALrI009362
for <******@*******.net>; Sun, 19 Mar 2006 05:10:21 -0500
Received: from staging.youwager.com (unknown [209.97.221.186])
by ****.*******.net (Spam Firewall) with SMTP id B33F8D000923
for <******@*******.net>; Sun, 19 Mar 2006 05:28:09 -0500 (EST)
Received: (qmail 7372 invoked by uid 1007); 19 Mar 2006 08:36:45 -0000
Date: 19 Mar 2006 08:36:45 -0000
Message-ID: <20060319083645.7371.qmail@staging.youwager.com>
To: ******@*******.net
Subject: Receipt of Your Payment to LWPELECTRONICS
From: "service@paypal.com" <service@paypal.com>
Content-Type: text/html
X-Virus-Scanned: by ****.*******.net at *******.net


Dear PayPal Member,

This email confirms that you have paid LWPELECTRONICS (sales@lwpelectronics.com) $239.95 USD using PayPal.

This credit card transaction will appear on your bill as "PAYPAL LWPELECTRONICS*".

PayPal Shopping Cart Contents
Item Name: NEW MOTOROLA V3 PINK RAZR RAZOR QUAD-BAND CELL PHONE
Quantity: 1
Total: $219.95 USD


Cart Subtotal: $219.95 USD
Shipping Charge: $20.00 USD
Cart Total: $239.95 USD


Shipping Information

Shipping Info: Bill Chang
202 N Magnolia Dr.
Saco, ME 04072
United States
Address Status: Unconfirmed
If you haven't authorized this charge, click the link below to cancel the payment and get a full refund.
Dispute Transaction
Thank you for using PayPal!
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.
PayPal Email ID PP120


*NOTE* - Header information has been modified to remove my email information.

The link in the email would have taken you to a login page @ comcast.net where it would ask you for your Paypal username and password. You can see how easy it would be to get taken in by this kind of scam, as it plays on the fear of being charged for something they didn't buy and asks you if you want to dispute it...who wouldn't want to dispute a charge of hundreds of dollars? That's when they get you.

Keep your eyes open and you can avoid this kind of trap.

@Bondings...
I have the full headers and source for this email if you require it for filtering if you'd like, just let me know.
Jack_Hammer
Looks as though they have really thought the scam through, though I don't use Paypal.
Wink
Vrythramax
To make it all the more realistic they actually link to paypal's own graphics in the email to make it look even more authentic, so even reding the source of the message can be a bit more confusing if you don't know exactly what to look for.

Anyone who does use Paypal should never use a link in an email such as this, if you have a legitimate dispute you should instead go to the Paypal website and login there to dispute any [alleged] disputes.
Diebels
Vrythramax wrote:

Anyone who does use Paypal should never use a link in an email such as this, if you have a legitimate dispute you should instead go to the Paypal website and login there to dispute any [alleged] disputes.


Real email from Paypal alway adresses you by your name
Soulfire
I avoid clicking links of any kind (except things like confirmation, etc.) in e-mail just to be safe. You are much better off just going right to www.paypal.com and logging in there, everytime, just to be safe.
Bondings
I think I already got such an email.

And some moron used an exploit in a website on Frihost to send them from our server (it was caught soon luckily) half a year ago.

Anyway, it is easy to recognize those emails.
Quote:
Dear PayPal Member,

They will always use your name in the title.
Davidgr1200
I believe the basic rule is NEVER reply to an e-mail asking for your credit card details or passwords. This scam is usually sent to make you send your password for your bank account. Just imagine that it is an unknown person coming to your door and saying: "Hi, I'm from your bank. We've forgotten your account numebr, can you please tell us it again". Who would believe them? It's no different when it's an email. Just because someone says they are a certain person doesn't make it true.

Best wishes

George Bush
President of USA
goutha
I'm receiving at leat one email like this per day!

My eBay account, paypal account, hotmail... I eaven received one on behalf of my bank....

The golden rule... never answer... and if it's an email related to your eBay or paypal account, report it... It's easy and useful!
Jack_Hammer
goutha wrote:
I'm receiving at leat one email like this per day!

My eBay account, paypal account, hotmail... I eaven received one on behalf of my bank....

The golden rule... never answer... and if it's an email related to your eBay or paypal account, report it... It's easy and useful!


Use some kind of blocker?, what E-mail do you use, I find that google is very effective.
henryjl
Hey I got a email from paypal saying that I need to update my password but gmail said that it was a scam or something so it didn't let me go to the website Very Happy (PHEW!)

Oh and I also got the killing kama sutra worm in my hotmail.
I didn't know what it was because they news haven't told the breaking news yet.
So then I opened it and there was like 3-4 pictures with a red X or something and then my norton found the virus. 2 hours later I watched the 10 o'clock news and then they started talking about the worm Mad
Daniel15
If you don't want to get these kinds of emails, just turn on SpamAssassin. It filters out almost all spam, including "phishing" attempts, like this one.

The thing to look at is the headers:
Quote:
X-From_: sergio@staging.youwager.com Sun Mar 19 05:10:21 2006
Return-Path: <sergio@staging.youwager.com>

The 'Return-Path' is where the email actually came from. In this case, it's sergio@staging.youwager.com. That is definately not a PayPal server, which proves that the email is fake. Another thing to look for is the 'Received:' headers. The first one of these headers should have the PayPal server name and IP address in it.

I love my ISP's email server, they actually block viruses at the SMTP server, so they never actually end up in your inbox. Quite a nice idea Smile
eqfan
i dont use paypal Smile
Code of Ruin
eqfan wrote:
i dont use paypal Smile

I don't either and yet I get all kinds of mail saying that something is wrong with my Paypal account.
n0obie4life
Bondings wrote:
And some moron used an exploit in a website on Frihost to send them from our server (it was caught soon luckily) half a year ago.


Yes.

It was that moron that got us BANNED from AOL's servers Sad.
Daniel15
n0obie4life wrote:
Bondings wrote:
And some moron used an exploit in a website on Frihost to send them from our server (it was caught soon luckily) half a year ago.


Yes.

It was that moron that got us BANNED from AOL's servers Sad.


Doesn't matter about that. Now we fit in with almost every other mail server on the planet (my ISP is also banned, even some of AOL's own servers are banned Razz)

Quote:
I don't either and yet I get all kinds of mail saying that something is wrong with my Paypal account.

Yeah, I get heaps of emails saying my "Citibank" account and my "St George" account needs to be verified, but I have an account at neither.
goutha
I'm using a personal server email... and my blocker does signal some times the scam mails with some stars ***** But it's not really effective. Then I found a solution. I put the mouse over the email link and read to what adress it's linked. If it's not an eBay or Paypal adress, I simply erase the email.
n0obie4life
daniel15 wrote:
Quote:
I don't either and yet I get all kinds of mail saying that something is wrong with my Paypal account.

Yeah, I get heaps of emails saying my "Citibank" account and my "St George" account needs to be verified, but I have an account at neither.


I've got some saying about my eBay account. Some weird bank..that I don't even know/even heard before. Some about my PayPal account..Some from VISA saying my credit card has been lost. Including some from Doctor Bahutu from Nigeria.

I'm just waiting for some that would say "Your Frihost account has been suspended. Please go to this webpage and type in your username and password to reactivate your account!"
Vrythramax
daniel15 wrote:
If you don't want to get these kinds of emails, just turn on SpamAssassin. It filters out almost all spam, including "phishing" attempts, like this one.

The thing to look at is the headers:
Quote:
X-From_: sergio@staging.youwager.com Sun Mar 19 05:10:21 2006
Return-Path: <sergio@staging.youwager.com>

The 'Return-Path' is where the email actually came from. In this case, it's sergio@staging.youwager.com. That is definately not a PayPal server, which proves that the email is fake. Another thing to look for is the 'Received:' headers. The first one of these headers should have the PayPal server name and IP address in it.

I love my ISP's email server, they actually block viruses at the SMTP server, so they never actually end up in your inbox. Quite a nice idea Smile


I do know how to filter email, but this particular email came through on my personal account with my ISP and they don't offer Spam Assasin, even if they did I wouldn't be allowed to change thier configs Sad

I only posted this so anyone out there that has not already experienced this kind of thing would be aware of what to look for in the future. Smile

Very good point though, I'm sure there are some Frihost Users who either don't know about the software or (possibly) don't know how to go about setting it up.
Bondings
Vrythramax, it was certainly a good idea to post this. Most people are unfortunately not aware of these scams. Maybe you saved someone a lot of money by posting this. Very Happy
deathrabbit
These are always incredibly easy to detect, just piece together the URL that it wants to send you to if it has any hex codes(ex %41), and look at it for tricks. Any place other than paypal.com is definatly fake. Anything that has an '@' symbol and then another url is a fake, since the first part is in a place that can be used for a logon name I think, and is just discarded if not needed, and goes to the second url. Lastly, anything that has a non paypal url, then the paypal url would be proxying through the non paypal, and could see the paypal data being sent.
Vrythramax
I think the easiest way to avoid this is if you have a Paypal account, and you receive any email like this, go to the Paypal website and login there securely and check and see if any such charge has been made, and file any disputes there and also with your credit card company.

Never simply reply to the email or follow any link(s) it may contain.

A little common sense can save you alot of money and headaches.
lukeropro
these kind of things happen all the time. some idiotic guy tries to cheat your money and come up with all these stupid ideas... I don't use paypal anyway, not secure enough...
alkady
This is why I always call the company instead of using the email. More secure and more quick.
Animal
The safest way to deal with these if you're unsure of the email's validity is to open your browser and manually type the Paypal address in:

Code:
https://www.paypal.com


It's really easy for anyone to fake a link. For example:

http://www.google.com

Only mine's not going to steal all your credit card information Wink

If you're really bored and you get one of these emails, open the link and type in a load of rubbish information (nothing even close to your real details though). Then hit back and do it again. And again. And again...

You wonder how long it would take these guys to go through and try all the details - with any luck, they'd be caught by the Paypal servers and IP banned before they got to any real information.

Just a thought!
Vrythramax
Animal wrote:
If you're really bored and you get one of these emails, open the link and type in a load of rubbish information (nothing even close to your real details though). Then hit back and do it again. And again. And again...

You wonder how long it would take these guys to go through and try all the details - with any luck, they'd be caught by the Paypal servers and IP banned before they got to any real information.

Just a thought!


and not a bad one Cool

I hadn't thought about that...next time I will do just that....turn the scam around on the heathens Smile
Daniel15
Quote:
If you're really bored and you get one of these emails, open the link and type in a load of rubbish information (nothing even close to your real details though). Then hit back and do it again. And again. And again...


That's what I used to do. If I ever saw a phishing attempt (especially the bank ones), my first name is "Phishing" and my last name is "Won't Work". I usually set both the username and password to "hellomynameisphishingandihatepeoplethattrytophishbecauseitdoesn'twork!111!11!!!!!1!" or something similar Razz
mOrpheuS
Vrythramax wrote:
turn the scam around on the heathens Smile

One very classic (supposedly) real-life example of that is the p-p-p-powerbook prank that someone pulled off on a wannabe scammer.
What's more interesting is that it was the combined thinking and efforts of a forum community that made it all possible.

Read all about it here ... very funny.
Daniel15
mOrpheuS wrote:
Vrythramax wrote:
turn the scam around on the heathens Smile

One very classic (supposedly) real-life example of that is the p-p-p-powerbook prank that someone pulled off on a wannabe scammer.
What's more interesting is that it was the combined thinking and efforts of a forum community that made it all possible.

Read all about it here ... very funny.

I originally read about that at ZUG.com (which is quite a good site, by the way).

http://www.zug.com/pranks/powerbook/
ashok
Code of Ruin wrote:
eqfan wrote:
i dont use paypal Smile

I don't either and yet I get all kinds of mail saying that something is wrong with my Paypal account.


yeah me too Laughing
n0obie4life
mOrpheuS wrote:
Vrythramax wrote:
turn the scam around on the heathens Smile

One very classic (supposedly) real-life example of that is the p-p-p-powerbook prank that someone pulled off on a wannabe scammer.
What's more interesting is that it was the combined thinking and efforts of a forum community that made it all possible.

Read all about it here ... very funny.


Oh well, not complete Sad. I'm going onto the site to find the pics/replies..the last email (after the package was sent and delivered), was not there Sad.
Daniel15
n0obie4life wrote:
mOrpheuS wrote:
Vrythramax wrote:
turn the scam around on the heathens Smile

One very classic (supposedly) real-life example of that is the p-p-p-powerbook prank that someone pulled off on a wannabe scammer.
What's more interesting is that it was the combined thinking and efforts of a forum community that made it all possible.

Read all about it here ... very funny.


Oh well, not complete Sad. I'm going onto the site to find the pics/replies..the last email (after the package was sent and delivered), was not there Sad.

That's on ZUG.com... I posted the link above.
http://www.zug.com/pranks/powerbook/
Vrythramax
I went to that site last night and read about that turn-a-round they pulled on the scammer...I got a real good laugh out of it, I hope it was all true.
n0obie4life
Thanks daniel15 Smile

I got the link from Bondings actually, so I didn't really see it Very Happy
Bondings
Yeah, I loved that prank. I just read the last part of it, it's just great. Unfortunately a bit of an anticlimax that they didn't find out his real name and address.
Related topics
Australian state to ban workplace e-mail spying
Web e-mail !
Neat e-mail account
Play bay E-Mail (PBeM)
e-mail problems
Longest domain name in the world!
[RESOLVED]OK, so l've noticd that e-mail takes space...
e-mail
e-mail
What is up with the POP3 e-mail?
Favorite Free E-mail
E-mail me button help
1GB Alan,2GB e-mail alanύ,oyunlar,ajanda vs...Webtop!!!
.net Domain with unlimited e-mail - Best company?
Reply to topic    Frihost Forum Index -> General -> General Chat

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.