VERY important message RE:Paypal

[Zyglamail]

I just received what appeared to be an official looking e-mail from paypal about security and them wanting me to verify some information.

The headers on the e-mail looked legit so I went to the link provided which also looked legit, however the destination DID NOT look legit. The url showed paypal as a destination BUT it rerouted you instantly to

http://cgi3-paypa1.com/cgi-bin/

Notice the number one where the l should be in paypal? DO NOT UNDER ANY CIRCUMSTANCES fill this page out. Paypals sites will ALWAYS have paypal.com

Now it looks as if someone is looking to make some money the easy way. Here are the details associated with the domain name I ended up at.

Domain Name.......... cgi3-paypa1.com
Creation Date........ 2003-03-09
Registration Date.... 2003-03-09
Expiry Date.......... 2004-03-09
Organisation Name.... Rita Palow
Organisation Address. 1985 Mallard Rd
Organisation Address.
Organisation Address. Middleburg
Organisation Address. 32068
Organisation Address. FL
Organisation Address. UNITED STATES

Admin Name........... Rita Palow
Admin Address........ 1985 Mallard Rd
Admin Address........
Admin Address........ Middleburg
Admin Address........ 32068
Admin Address........ FL
Admin Address........ UNITED STATES
Admin Email.......... [email protected]
Admin Phone.......... +1.9042919774
Admin Fax............

Tech Name............ YahooDomains TechContact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... [email protected]
Tech Phone........... +1.6198813096
Tech Fax............. +1.6198813010
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com

 

[thate]

good catch

 

[Zyglamail]

I also called paypay to verify this was not from them and it was NOT so paypal is now aware of this issue.

 

[sk*]

Also to note, all paypal sites (that you have to login) are HTTPS not HTTP, the extra s verifies that it is encrypted. ALL HTTPS sites are encrypted under 128bit I believe.

-sk

 

[Only1eagle]

ANY online company that has personal or payment info on you will NEVER ask you to do stuff like this.

At the very most they will have you call them to update personal info.

Just be aware!

 

[sk*]

ANY online company that has personal or payment info on you will NEVER ask you to do stuff like this.

At the very most they will have you call them to update personal info.

Just be aware!

Actually, paypal makes you fax pretty much everything to them for verification purposes. They won't ask you straight out in an email though.

-sk

 

[sk*]

Also interesting that the site has a "enter password option" which is really directed to paypal itself. I assume it records your password on their servers. Can check where the url is addressed to upon pressing submit, if it is anything other than paypal.com itself it probably means they save your password in their database. That's what I would do anyway ...

-sk

 

[Zyglamail]

Definatly a scam and if Rita used he real name when registering that domain she is likely going to be in a world of hurt when paypal brings the law down on her, the e-mail I received was forwarded to paypals violation department.

 

[sk*]

Definatly a scam and if Rita used he real name when registering that domain she is likely going to be in a world of hurt when paypal brings the law down on her, the e-mail I received was forwarded to paypals violation department.

Probably not using his/her real name (if so then even stupider), but either way it is not hard to catch the person that made that website and registered the domain.

The person is probably someone from elite themselves or someone that already knew you zyg, as they chose you selectively ... the domain was only registered a couple days ago afterall. Suggestion to the person would be to not make another stupid attempt like that again, for obvious reasons.

-sk

 

[Zyglamail]

Bump

 

[ceo]

The person is probably someone from elite themselves or someone that already knew you zyg, as they chose you selectively ... the domain was only registered a couple days ago afterall. Suggestion to the person would be to not make another stupid attempt like that again, for obvious reasons.
-sk

nope...this kind of stuff happens to many paypal users. Some people go through everything (they aren't as observant as Zyg) and get scammed...others (Zyg, et. al.) don't. Just don't follow the links. Delete the email (or FWD it to paypal)...the real paypal would never send an email like this.

 

[Zyglamail]

I got one of those message and being the computer security geek that I am, I looked at the expanded mail headers. It becomes pretty obvious then. I wish I still had it so I could paste it.

Well, im an IT guy myself and the headers on the mail I saw looked legit (but as you know they arent hard to fake if ya know what your doing). The url in the message also stated a real paypal URL, however the displayed URL was not the real target which of course was a bunk paypal lookalike URL and the page it took your too looked legit and had all the real paypal links suchs as "forgot password" etc. Unfortunatly not everyone is as familiar with computers as we are and even if they only get one person, its one person too many. I just wanted to give everyone a heads up.

As most of you who use payal may have noticed if paypal wants anything from you they will force you to view it after logging in, they will not request you to do anything via e-mail.

 

[Zyglamail]

I seem to recall even the reply address in that message was something silly like *@noname.com or something.

The header on this one was pretty solid actually, reply to was correct and everything.

 

[Latamier]

Way to watch out for others Zyg. Thanks for the tip, and keep up the good work.