I do not understand how people can be fooled by this stuff, but from the amount of articles I have read, people have been fooled. Even with the authentic looking email, why would you even think that PayPal would email you asking to input your sensitive data again? That is just beyond me.
This time the site was taken down before I got this email, that went something like this:
Dear paypal user, We would like to inform you that we are upgrading our server to install a better protection software. So please click here and fill in the registration form again to renew your account. Paypal Administration.
With a link that looks like this:
http://www.paypal.com%01%01%01%01% ... @211.54.126.187/f/
If you were to click on the link, you might find yourself viewing one of the following messages:
This site has been suspended by network administrator.
If you are the owner of this domain, please open a My Website has been Suspended Support Ticket for further information. Please include the domain name which has been suspended.
If you are a visitor, please visit this site again later.
I am glad to see this one was down before the emails got sent out. Unfortunately this is not often the case. As a matter of fact, this is the first time I have seen the site down when I went to it.
On a related note (related to Windows IE) we still don't have a fix for that 'phishing' bug that will allow a web page to spoof the URL. I think I read it will be in next month's bug fixes.
That @ is what does it. I seem to remember CNN.com spoofing a few years back that did this as well.
The thing is, the %01 is what is the bug in WinIE, so Outlook users would not know either, as Outlook uses WinIE to render the HTML in your email.
Ed: JH - please double check
.jpg?t=20120527181101)
Article comments
1 - Tom Johnson
It's the "@211.54.126.187/f/" that means something - that's an IP address, and you can spoof any real address just by adding that to a link. People may be wary of weird emails like this, but it's this spoofed address that throws them off - seeing "http://www.paypal.com/ . . . " reassures them that it's real.
It's getting to the point where it seems like people really need to take a test before they can get an "internet driver's license," a test that proves they can determine what is and what is not legitimate. If everyone knew all this stuff, we'd never have to worry about these stupid scams.
2 - Ken Edwards
yeppers, the @ is what does it. I seem to remember CNN.com spoofing a few years back that did this as well.
The thing is, the %01 is what is the bug in WinIE, so Outlook users would not know either, as Outlook uses WinIE to render the HTML in your email.
3 - jadester
it gets me that people are still got by this kinda scam. Hell, if i was feeling really mean/evil i could do something like it, or even something harder to track down the origin of. But i'm not (plus i'm not THAT desperate to make money =+)
All that people have to remember is that Paypal NEVER will ask for your details by e-mail. Any such request is faked. It's not a difficult thing to remember, and, despite some peoples' concerns about paypal, i have never experienced problems with them (i haven't had a large volume of money moving through them ever). Stick to this important rule (emphasised by them on their own site) and you at least have a defense if a determined hacker/s get into paypal's server(s?)
4 - TDavid
This phishing stuff is a big problem, unfortunately :(
5 - Ken Edwards
thats it, the phishing bug
6 - Dwaine AKA Scooter AKA D.J.
I AM A GOD AND IF YOU DISAGREE I WILL SMITE YOU TENFOLD! HAHA!!!!!!!!!!!
7 - Ken Edwards
Now Now... it goes like this:
MUA HA HA HA HA HA HA HA
8 - Anon
I just go to the sites and fill the forms out with garbage. at least it might inconvience them for a moment
9 - RJ Elliott
It's not just the 'net scams that fool people.
A co-worker of mine recently was had by a phone-scam. "They" called offering him a credit card with a really low APR and a really high credit limit. All they needed was a tiny "application fee" to be deducted directly from his checking account. "May we have your bank account number, sir?"...
OOPS! :-/
10 - jadester
surely many alarm bells should start ringing if someone asks you for your account number when you aren't expecting to pay for anything.
11 - Roger
No Phillip I don't live in Asheville either but you're closer than before.
I have lived there as well as Nashville,TN and New jersey.
I have also traveled and have associates in your (Mac Divas) back yard. Dallas/Richardson.
Further I have traveled and have associates in Fredrick and Baltimore,MD, LasVegas, SanFrancisco and SanDiego,CA Philidelphia and all Of NJ, Manhattan, NY and Charolette, NC.
You never know where I may pop up. Maybe Houston?
Anyway you are welcome to call or write or post whatever you want about me. I am already starting to post info on all of your bogus characters and sending it to people on the net with a curiosity about MacDiva, Stefan "Shark"ansky etc.
Have a nice day and don't let the viruses bite.
Roger Ely
12 - none
Notification of Limited Account Access - Security Measures ?
Can anyone explain e-mails with the subject of:
"Notification of Limited Account Access - Security Measures "
and links going to:
http://www.paypal.com.wscm.tk/us/webscr/Loginx.php
http://www.paypal.com.cgi-bin.wsst.tk/us/webscr/Loginx.php
Is this what this blog is talking about in regards to spoof e-mails ?
Name: www.paypal.com.wscm.tk
Address: 216.81.70.151
OrgName: Vortech Inc.
OrgID: VTC1
Address: 106 S. Semoran Blvd.
City: Orlando
StateProv: FL
PostalCode: 32807
Country: US
NetRange: 216.81.64.0 - 216.81.79.255
CIDR: 216.81.64.0/20
NetName: VORTECH-BLK-2
NetHandle: NET-216-81-64-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: DNS.ANONYMOUS-SERVERS.COM
NameServer: DNS2.ANONYMOUS-SERVERS.COM
13 - Eric Olsen
yes, this is "phishing" - you should send this in to your ISP
14 - Eric Olsen
do not give them any information
15 - Aaman
How can he send it to his ISP AND not give them any information?
16 - Eric Olsen
I mean don't contact the phishers and give them any information. All he has to do is forward the email to his ISP, right?
17 - Aaman
Yes - and forward the email to spoof@paypal.com as well.
18 - jeffery funk
hey guys i have been geting Emails like that too from pay pal and they said there has been a problem in spoofs and said they wanted me to update my info WHY? i say no way for what reason should i do this it`s already on record like DUH lol.... so i just went and closed my account i don`t need the hassle later ;]
19 - Nancy
People fall for it because people are stupid. Despite endless warnings, they continue to respond, which is what the scammers count on. ANY company on the up&up will NOT contact you & ask for information. They will contact you & have YOU call THEM so you know it's legit, if it is legit. Actually, I don't know of any company that I deal with that ever has needed any "additional" or "supplemental" information. I tend to think that anybody that goddamn dumb to fall for this crap deserves what they get.
20 - Nancy
If anyone ever contacts you, don't give info. You call THEM at their HQ/service no. & ask first if there's a problem w/your account or whatever. 99.999999% of the time, there is NOT. Follow this simple rule of thumb & you'll have no problems.
21 - Nancy
If anyone ever contacts you, don't give info. You call THEM at their HQ/service no. & ask first if there's a problem w/your account or whatever. 99.999999% of the time, there is NOT. Follow this simple rule of thumb & you'll have no problems.
BTW, there's also now a scam ( or more than one) where people get calls, letters, or emails purportedly from various US Govt agencies like the Social Security Admin. saying there's a problem & asking for info. DON'T FALL FOR IT! If you even remotely think this might be true, then use your damned brain & call SS directly - their number is in the blue pages of your phone book - & ask them. Or the IRS. Or whomever.
22 - jadester
it's like with "bricks and mortar" banks, too.
Think about it - they already have detailed information about you. If there's a problem, they'll ask you to drop in to a local branch and speak with someone face-to-face.
They certainly won't ask you to enter additional details on some random website
23 - Ken Edwards
Today I got an official (holy cow!) email from PayPal telling me of the threats of phishing - its about time folks!