Paypal Scam.... Anyone else?

Walking Man

Walking Man

BANNED
Feedback: +3 / =0 / -0
Joined
May 28, 2003
Messages
9,606
I received the following in an email.
I went to my paypal account to make sure that I wasn't charged and I wasn't.
If you get a message like this DON'T CLICK on any links there.
Did anyone else get anything like this or have any more info?
Thanks!


This email confirms that you have paid Astalavista Group GmbH (info@astalavistae.net) $39.00 USD using PayPal.


Payment Details
Transaction ID: 6VA12510HB8662004
Total: $39.00 USD
Item/Product Name: 6 months- Unlimited access to the memberportal Astalavista.net:
Item/Product Number: cc6m
 
You did the right thing.

I have not seen that one, but there have been some very interesting ones, and I just delete them now without even reading them.

With either paypal or ebay, do not click on any links. Just go to your account and any messages sent to you will be there after you sign in.
 
Right, NEVER click on links in emails where you're going to be asked for account info, passwords, etc.
 
I've gotten similiar ones before. More commonly I get mail saying my account appears to have been compromised and to click the link and sign in to check my account.
I've gotten as many of those as a dozen in a day, sometimes to email accounts that are not even linked to my paypal account.
I've been using the internet for too many decades to fall for any of that tripe, but I have to admit their grammar and spelling have improved, and a lot of the email addresses spoofed and the pages that pop up from the links certainly look authentic.
Also be real careful of attachments you receive, even from friends. Most worms and trojans are unintentionally passed from friend to friend nowadays them any other way. Learn what a file type is and how to identify it. The type of file (the extension) *can* be spoofed, but so far you are not that likely to come across one that isn't pretty easy to spot.
 
Walking Man said:
Actually, I'd like to do more and report them to someone, somehow....
Any ideas?
Click to expand...
Most sites that are commonly spoofed (financial institutions, PayPal, Ebay, etc) have a section devoted to reporting the fraud. PayPal's is here
 
Walking Man said:
Actually, I'd like to do more and report them to someone, somehow....
Any ideas?
Click to expand...

Google "internet fraud", "internet scams", etc., and you'll have a selection of agencies to report to. I think the FBI even has a reporting page.:cool:
 
I received one of these "Paypal" scams just this past week. Right after a "paypal" purchase. It was some sort of statement claiming that someone purchased a cell phone for $200.00 w/ my account. My wife knew about these and told me it was a scam. I was pretty irritated at first. I had my .45 and BA-E ready to hunt down the fraud. ;) But I didn't click on the links but rather deleted it. Then I checked my paypal account and everything was normal. Whoever is running this needs to be tortured with Zardoc (sp???).
 
I had 4 "Questions from Ebay Members" waiting for me tonight that were asking me if I accepted Paypal but the Respond Now buttons had this for a target:
<http://wb6.newseoul.com/.signin.ebay.com/ws/eBayISAPI.dll?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=&ruparams=&ruproduct=&sid=&favoritenav=&confirm=&ebxPageType=&existingEmail=&isCheckout=&migrateVisitor=>

The domain newseoul's dns records would indicate it isn't from ebay unless they moved to Seoul Korea lately.

softcan (NEWSEOUL-COM-DOM)
5F building-chungjung 32-11 chungjungro-3ga
seodaemun-ku
Seoul, 120013
KR
82-2-392-3096
peteryun@softcan.com


Gotta love phishing scams. Ya gotta figure though that out of every 1000 of these one or two take the bait. Ouch.:grumpy:
 
I get messages like that all the time. Like asking to update bank account info. My brother actually feel for one scam. It sent him to an empty link. That is when he knew he was scammed. He had to all his credit cards and debit cards.
 
Yes and sorry I did not mention this before.

1) don't click on it.

2) anything associated with ebay or paypal can be forwarded to spoof@ebay.com, they'll deal with it

and then

3) delete it.
 
Funny thing about reporting them.......Nothing ever happens and I immediately get blasted with more spoof emails......Some kind of conspiracy I'm sure;) If I just delete them they seem to slow down
 
I get them all of the time. I report them to yahoo as spam.

Check me on this -- I think that all of the genuine emails I've gotten from Paypal have addressed me by name, whereas the scammers don't. Anyone else see this?
 
I looked, and all the legit mail I got from paypal DID address me with both my first & last name in the body of the e-mail.
I still wouldn't count on that as a definitive method of ascertaining an email that appears to be from them is legitimate, though. I've received a ton of those scam emails about "needing my help, send us your bank info so we can transfer 200 trillion dollars into your bank account to get the money into the USA, we will give you 10% of it in return for the favor", and some of those have had my full name in the message body.
 
Man, I get those damn thing EVERY day, sometimes two three or even 5 of them! They are fishing for your info. Report them to spoof@paypal.com same with ebay, same m.o. all the time and every single day. However, in reporting them, it doesn't seem to make them go away AT ALL. They just keep coming BASTARDS!

SOmetimes I will reply, just in hopes it reaches the original sender at teh phoney address and tell them to go die scamming scum bag , etc, etc, expletiv, blah, blah...just makes me feel better;)
 
What I've found is that when I send an insulting email to the email address provided by the scammer, I get a form email back saying something like "it was great to talk to you, please send the money to...." I used to reply back asking them politely to F off, but it just spawned more emails with wiring instructions, etc...here's one exchange I had with a phony who sent me a "second chance" offer for an ebay auction i didn't win (the item was a knife):

My response to the original "Second Chance Offer":

Maybe you'll do yourself and me a favor and get lost. This item was sold to the original bidder. It is not available, and you are a con artist. Take a hike, loser.

And this is the response I got to my email. He must not have gotten the hint:

Hello Dear Sir,
Here is how I want to go about delivery and payment for the product which
will be through TNT and will also give you the chance to inspect the
product before I receive the payment for it.
I will explain to you step by step how this will work.
A. First you have to send me your shipping information : your
Name:
Address:
City:
Zip Code:
Country:
Item#:
Ebay ID:
Amount:
1. After I receive your shipping info, I'll go to a TNT Location
and leave the product onto your name and with your address as the
intended receiver.
2. TNT will check the product , also the legal papers to see that
everything is OK with it.
B. You will receive a notification from TNT as a confirmation that the
product is in their custody and also, that the product has been tested.
1. After that, you will have to make a money transfer via Western
Union on my name, as a guarantee, and send the payment information to
TNT.
2. TNT will verify the Money Transfer, and if everything is in
order, they will deliver the product to your door step.
3. After you will receive the product and you will be completely
satisfied with it, you will instruct TNT to release the payment
information to me, so I can collect my money.
C. If by any reason, you will not be satisfied with the product , you
will return the product to TNT with no expense.
I will pay for shipping and you for the amount transfer.
Let me know if we can do this.
Please contact me as soon as possible.Thank you very much.
Best regards.

And, here was my response:

Hi. I'm so glad we could make this work. I would love to receive the item and it is so important to me that the product be tested first. Here is all of the information. Please let me know when the product is in TNT's custody. That would be so neat. Here is the information you requested:

Name: Phil McCrack
Address: 1283 Gullible Dr.
City: Idiotsburg, Washington
Zip Code: 99337
Country: USA
Item#: OU812
Ebay ID: Asswad1
Amount: $3,000,000.00

And then, here is the scammers reply:

Hello Dear Sir,
Ok, today my brother will go to TNT and put there the package on your name and address
because for the moment i am located in United kingdom as i told you for personal affaires.You will have my
name and address from United Kingdom where you can send the money.You will only have to snd the money
through western Union and send all details to TNT.They will manage everything.
I hope this situation wont affect you and please understand me.
thank you very much for your colaboration.
My best regards.

At that point, I just deleted it and didn't waste any more time on it. About two days went by and I got this email from them:

Hello Dear Sir,
Please send me the money via Western Union and send you all payment details at TNT.After that in maximum 24 hours you receive the product at your home address.This is the email address from TNT for send the payment details : tnt-info@europe.com
Please contact me as soon as possible.Thank you very much.
Best regards.

I never replied, and haven't seen anything since...I don't normally even respond but I was in a mood that day
 
Here's an article i wote and hand out to my customers who may fall victim to phishing attempts;

MacTech said:
Phishing, what is it, and how do you avoid it?
by MacTech

Phishing is a type of spam that attempts to get the reader to disclose their personal information and/or bank information to a fraudulent website, once the phishers have this information, they can run up unauthorized charges, drain your bank account or use your identity for criminal acts, or sell your identity to identity thieves, most commonly they take the form of a bank/credit card company/web merchant e-mail message asking you to update personal info for "security" reasons, or telling you that your account number has been stolen and you need to re-enter your personal/account info to allow them to "reset" your account

most phishing attempts have links to websites that look like the real thing, but are really the scammers site, where they harvest your account info and can then make fraudulent charges to your account, or sell off your identity to identity thieves

how do you recognize a phishing attempt?

first off, it's obvious if a bank you don't even have an account with is telling you your account is compromised, i.e. if you don't have an account with "ACME Cash-O-Matic Bank", and you get an e-mail that your <nonexistent> account is compromised, it's clearly a phishing attempt

second, banks will *never* ask for personal info in an e-mail, another sign of a phishing attempt

third, if you have the headers display turned on in your e-mail app, you can trace back where the e-mail came from, for example, if you have an account with the MegaCorp GalacticBank, and you get an e-mail from them telling you that your account has been compromised, the headers should show the e-mail as being sent from "megacorp.com", "megacorp.net", etc..., *NOT* "Joe-Bob's Bank And House of Ribs.com" or "Yeehaaa!.com"

unlike most spam attempts, where you should simply delete them and not respond, phishing attempts need to be brought to the attention of the company that's being fraudulently represented, as they tend to frown on fraud, especially if it's attached to their name, using the example above, you should go to the Megacorp GalacticBank webpage, find out the correct e-mail address to send the fraud attempt to (typically fraud@megacorp.com, or phish@megacorp.com) so they can investigate and prosecute the scammers, make sure you forward them the *entire* message, including the headers, that way they can track it down

the headers also contain the ISP ID that they used to send the scam out (Yeehaaa!.com in the above example), i'd also recommend sending the phishing attempt to the ISP's abuse department as well, most ISP's will pull scammers accounts, they don't want *their* company name associated with scammers either....

a couple more hints....

look for misspellings, somehow i don't think a Visa rep would write "attention valued visa custumer"

check the URL to see if it's a secure connection or a non-secure, secure connection URL's begin with https:// (note the s, signifying a secure connection), a https connection isn't a guarantee of a secure connection, as they can be faked, but it makes the chances of the email being valid a little more probable....

for example https://visa is a little more legit than http://visa, and both are more valid than https://joebobsbankandhouseofribs, even though it has a (forged) security indicator

look for random letters at the top or bottom of the email, many times these random letters are disguised as an "encryption key" when all it is is a text block used to foil spam filter criteria

look for letter/number substitutions...
v1sa.com
visa.c0m
paypa1.com
paypal.c0m

check the destination address, if it has an @ symbol, most browsers ignore everything to the left of the @ symbol, for example;

https://megacorpbank.com@joebobsbankandhouseofribs.com/accountverify.html

the above URL has the https, signifying a secure location, it has the correct main URL, however it's still a phish, as the browser will redirect to Joe-Bobs Bank and House of Ribs (free fries with every checking account!, act now, supplies are limited) phishing site.....

remember, if it sounds too good to be true, or looks suspicious in any way, don't trust it.....

just for fun, click on the Megacorp link to see what happens, it's a fake link, but see where your browser tries to take you, does it try to take you to MegaCorp bank, or Joe-Bob's?
Click to expand...
 
I also get a dozen or so of these a week. Delete, delete, delete. In fact, any legitimate notices I have received from eBay or my banks have instructed me specifically NOT to respond by hitting "Reply" or clicking on a link.

I never have and never will click on a "live" link sent within an email. It's like coming up to a stranger in the street and saying, "Hi, there! Would you mind just putting your hands in my pockets to see if there's anything you need?"
 
You must log in or register to reply here.
Back
Top