HomeBlogsChristoph C. Cemper's blog
Security

PayPal Security Verification Hoax

<< W32.HLLW.Gaobot.DK | MT-Blacklist 1.62 and updater >>
Thu, 12/25/2003 - 12:11 — Christoph C. Cemper

Dear Paypal, dear Domain-Admins, dear Domain-owner,

Today I received the attached hoax mail from a site pretending to be PayPal and the need to re-verify (re-enter) all my PayPal data including credit-card and SSN info.

This was a criminal attempt to get hold of my personal and finance key information and a definitve act of fraud attempt.

The mail used a known IE6-bug for faking URLs with the following url-href text

www.paypal.com%01…01@pp.youlikeshe.com

This again re-redirected to the real hoax-page that prompted for all my personal data. I enclosed that page as html-source for further investigation.

smbc.ch/p/verify.htm

that posts to the verify.php script on the same server.

Please take what further action is possible for you to stop this fraud.

thank you & merry xmas,

Christoph C. Cemper

24 hours later:

  • only auto-forwarders from the domain-admins and a long mail from paypal

Thank you for bringing this suspicious email to our attention. We can

confirm that the email you received; was not sent to you by PayPal. The

website linked to this email is not a registered URL authorized or used by

PayPal. We are currently investigating this incident fully. Please do not

enter any personal or financial information into this website.

If you have surrendered any personal or financial information to this

fraudulent website, you should immediately log into your PayPal Account and change your password and secret question and answer information. Any

compromised financial information should be reported to the appropriate

parties.

If you notice any unauthorized activity associated with your PayPal

transaction history, please immediately report this to PayPal by following

the instructions below:

1. Go to https://www.paypal.com/

2. Click on the Security Center at the bottom of the page

3. Click on "Report a Problem"

4. Select the Topic: Report Fraud

5: Select the Subtopic: Unauthorized use of my PayPal Account, and click

Continue.

6. Follow the instructions to access the appropriate form

update 29.12.

There's a new bookmarklet out for detecting such scam – check it out

update 25.8. 2006 – almost 3 years later

I am still getting a ton of paypal scams in my inbox, so I posted a follow up article

Average rating
 
 
 
 
 
(0 votes)

Similar entries

  • PayPal Scams - Beware of Phishing emails

    It is a pleasure shopping online with paypal. Every freelancer who works online with customers from across the globe finds it simple to get paid if he/she holds a paypal account. Paypal does make life simpler, and with the newly launched paypal debit card, you can even withdraw money from an ATM, just like you would with a bank account. Because of these reasons more and more people are adding themselves to the paypal name every day, and more and more hackers are targeting paypal as a result!

    The most common of scams with paypal are the ‘phishing’ emails. I got those scammy paypal fraud mails already three years ago… but they haven’t stopped – so I think this article is worth lightening up things for all of my readers and the internet crowd in general.

  • PayPal Scam Phishing Timemachine

    Look what I just got… Your account will be suspended ! We are contacting you to remind you that on 8 April 2005 our Account Review Team identified some unusual activity in your account. In accordance with PayPal's User Agreement…

  • PayPal buys VeriSign unit for $370 mln

    PayPal buys verisign payment solution

  • 6 Shocking Things I learnt about Paypal

    6 Shocking Things I learnt about Paypal in the past years… useful, shocking and make sure you plan for it.

  • PayPal DOS? Heavy Traffic? Error 3004, 3005?

    An error has occurred. Due to heavy traffic on our site, we were unable to complete your request. We are working to increase capacity in a number of ways so that you won't see this message again. In the…