Paypal Hacked - Sophisticated Phishing Email Scam

J

Joseph C.

100 kW
Joined
Feb 3, 2011
Messages
1,797
Location
Ireland
I almost got a relation into serious trouble today when they asked me to examine a PayPal email. It was a very official looking email, all professional, no mistakes, perfect PayPal fonts and colours. The email said that there was a limitation placed on an account due to suspicious activity.

Concerned at its veracity, I checked the email address and it was the service@intl.paypal.com which is one of their official emails (I would later check the address side-by-side with a genuine email and they were identical). Reassured I clicked on the link to to what I thought was the official site. I logged the relation in and only then did I look at the URL - www.pagpai.com - I could have swore I saw www.paypal.com when I looked at the URL from the link. I'm confident that it redirected though I'm not 100 per cent certain.

Anyway it was a phishing site though not of the usual calibre of work you'd expect. To me, apart from the URL, this one was indistinguishable from the genuine one. The English was perfect and all the details were there (though I realise how easy it is to copy CSS files.

I changed the relation's password a few minutes later before passing the email on to PayPal. No harm done but I doubt I was the only one to give them a password and I'd don't think I'm wrong in saying that others may be out of pocket.

There must be a serious flaw in the PayPal system. Either their email address system is completely compromised, they are a victim of social engineering or there is a flaw that allows hackers to intercept/spoof PayPal's emails.

Considering the amount of Endless Sphere users that use PayPal - be very careful. It seems the only way to be sure now is to open a new tab and then go into PayPal direct because you can't trust their email system.
 
I have had inconsistent log-ins recently. All looked good. On one occasion it said twice I got my password wrong. I backpaged to the homepage, pressed my account and it was open. I can't mail them though. When I fill in the forms, they also fill my name for me. Then tell me it's wrong so won't send it
 
friendly1uk said:
I have had inconsistent log-ins recently. All looked good. On one occasion it said twice I got my password wrong. I backpaged to the homepage, pressed my account and it was open. I can't mail them though. When I fill in the forms, they also fill my name for me. Then tell me it's wrong so won't send it
Click to expand...

I wonder if there are many vulnerabilities lurking that we don't know about it? It seems that that they have been using service@intl.paypal.com as far back as 2013. You'd think they would have fixed this by now.

Your log-in issues are worrying too. There seems to be a lot of bugs for what should be a very mature platform.
 
Phishers have been spoofing email addresses and hyperlinks for a long time. I'm not sure this is anything new, except maybe it was written by someone fluent in English...

I always follow the rule of never following links from emails - just log in through the homepage and if the matter is legit you will always be able to do what you need to do from there.
 
Punx0r said:
Phishers have been spoofing email addresses and hyperlinks for a long time. I'm not sure this is anything new, except maybe it was written by someone fluent in English...

I always follow the rule of never following links from emails - just log in through the homepage and if the matter is legit you will always be able to do what you need to do from there.
Click to expand...

Seriously, this is what I thought when 1st reading this? Why would anybody click on a link in an email?
 
Yep,, anything supposedly from paypal, my bank, my credit cards, no way in hell I'd click a link in an email or send a reply. That even extends to stuff like motels I booked a room with. Got fished that way after booking a room for the balloon fiesta this year. Suddenly I got this email, supposedly from the motel. It wasn't them. But that motel is hacked. Got separate cc's for paying for shit like that, ones' I can use and then lock if I need to.

Call me flakey floont, but you can't help being a little bit paranoid. Do my taxes fast nowdays! Before some crack head in florida does them for me
 
I get 100s of phishing scam emails a week. I block and report them all. Even if its a real email from a bank or paypal. Then If I think there is an issue after deleting the email and blocking it. I open another browser window and search the bank or paypal or what ever it is and log in the normal way to make sure its cool. But I almost never bother.

Moral of the story if ANY BANKING TYPE thing sends you a email don't click its links. Just report and delete it then decide what you want to do.
 
Joseph C. said:
There must be a serious flaw in the PayPal system. Either their email address system is completely compromised, they are a victim of social engineering or there is a flaw that allows hackers to intercept/spoof PayPal's emails.

Considering the amount of Endless Sphere users that use PayPal - be very careful. It seems the only way to be sure now is to open a new tab and then go into PayPal direct because you can't trust their email system.
Click to expand...
Thanks for the notice, but this has nothing to do with the PayPal email system.
Anybody can send an email with a from address equal to "service@intl.paypal.com".
Also having a link appear as http://paypal.com in an email, having actual a link to http://pigpai.com inside is very easy to do.

Phishing is very hard to prevent with the current way email works.
There are improvements with sender-id etc, but still some things come through.

Most important check is to see to which url the link is going.
 
What everyone else said. This is nothing new. I have been getting emails like that for years. Paypal wasn't hacked and It's not a feat of sophisticated hacking to copy an email (logos and all) and send it with any address complete with links to a fake site in it.

NEVER EVER EVER click a link in an email.
 
Not near as naïve as the guys falling for the latest scam.

Phone call, you never paid a ticket, owe the IRS, etc. Meet me in the parking lot of the jail with a pre paid debit card today, or they come to arrest you tonight.

Oh please, people fall for that shit? Apparently every week, or more often. And that's just in my town, and the ones that make the paper!

Meet me with a debit card outside the jail? Are you serious? :shock:
 
Ha! I thought you had made that one up! :D

The same rule applies if your bank supposedly calls - if you think it might be real, hang up and dial their normal number (not one the original caller gave!). I ignore emails from banks as they have my proper contact details on file and anything actually requiring my attention will come in the form of a letter through the post.

Joseph, just a heads-up: If you find your computer has locked you out with a big warning notice from the police, claiming you have been caught looking at extremely naughty internet smut and must either expect a prison sentence of several years or pay a £100 online fine (seriously!) - this too is a scam ;)
 
If I'm not mistaken, email still has ways to be spoofed to appear as though any email was sent from any address to any addresses.

There are entire factories of people running computers for the purpose of making profit from phishing-based scams, because it still seems to work.
 
Yea unfortunately. At some point in the next 5 years I hope to see this change because the amount of garbage sent
is just unreal. I have managed incoming mail servers for one of the larger ISP's and the volume is just silly.

I usually suggest doing a reply all just to see where it came from. Almost always it will be some bogus domain that's not
whatever they are acting like they are (tho yea you can fake this easy enough).

Looking at the email headers also helps to identify where an email came from tho if it's only thru a web based service
it's not as helpful.

http://kb.mediatemple.net/questions/893/How+do+I+view+email+headers+for+a+message%3F
 
If you hover your cursor over the links it will show you where the link actually takes you. Never where you think it should take you. Most of these emails will include links to the correct pages for the privacy policy and abuse policy to make them look legit. They are always addressed to the dear 'user', 'customer', 'account holder', 'client', 'your@email', etc. Never by your proper name. If its that important they would know who they need to address.
 
Out of 100,000 hooks, one bites, good enough for a Nigerian to live on for a long time.
Always dumb f's out there, all they need is just a nimble.
 
Heh, I didn't realise the answer to phishing emails was eugenics...

Of course the internet-savvy, distrustful, paranoid person won't be fooled by these scams, but not everyone fits that description.
 
zerogee said:
If you hover your cursor over the links it will show you where the link actually takes you. Never where you think it should take you. Most of these emails will include links to the correct pages for the privacy policy and abuse policy to make them look legit. They are always addressed to the dear 'user', 'customer', 'account holder', 'client', 'your@email', etc. Never by your proper name. If its that important they would know who they need to address.
Click to expand...

Cheers that is a good point.
 
Another recent one just raised it's head again. I tell ebay I will use paypal, so it takes me to the paypal login screen. Then it won't let me click in the password box. I have to press enter, get told wrong password, then after it refreshes I can enter it.
 
You must log in or register to reply here.
Back
Top