Until today I hadn't been aware of the term phishing, but I almost became a victim of it this morning. I received this email this morning...
You have added mike84@juno.com as a new e-mail address for your account.
If you don't agree with this e-mail and if you need assistance with your account fallow this link:
hxxp://128.134.42.188:2006/www.paypal.com/cgi-bin/webscr_cmd=_login-run
//Mod edit of URL above to protect others.//
Please confirm your information to continue using your account normally.
Copy and paste the link on your internet explorer address bar.
Please do not reply to this e-mail.
Not being familiar what form PayPal uses to email their clients, I used the link to go to the site, and after entering my email address and password to log in, another page immediately came up titled "Security Measures" asking for these items...
Social Security Number:
Mother's Maiden Name:
Full Name:
Card Number: VisaMastercard
Expiration Date: /
CVV2 Number: Card Verification Number (CVV2) is located on the back of your card.
ATM PIN: Electronic Signature (ATM PIN) is required for bank verification.
The first thing that caught my eye was their asking me for my social security number, but the real alarms started going off when I saw that they were requesting my ATM pin number!
I called PayPal, and the first thing the rep asked was how was it addressed, it turns out that they always begin their letters by addressing the individual by name, as you can see this one isn't.
I immediately ran all of my av, spyware, adware, malware...but found nothing, thank you very much.
What I would really like (short of having a little face to face meeting with these $&*#@) is to know how they got my email address, and if it was associated with PayPal as I do have an account with them.
Be aware people...these guys are slick!
Full Version: Phishing Alert! Using Paypal
They're probably phising (fishing). They got your email the same way spam mailers get it. They send that same message to every email they can get a hold of hoping that somebody is ignorant and trusting enough to give them their information.
The address they sent you to should ring a lot of bells. It doesn't have a domain name, only an IP address, and it is accessing the site through port 2006 (which is enough to make my firewall start screaming).
Honstly though, it is a pretty well done scam, the site looks authentic. They even say that privacy is their main concern and then apologize for the inconvenience.
Have you changed you PayPal password?
You might want to do something about the address, so somebody doesn't click it before they've read your post, and fall for the scam.
The address they sent you to should ring a lot of bells. It doesn't have a domain name, only an IP address, and it is accessing the site through port 2006 (which is enough to make my firewall start screaming).
Honstly though, it is a pretty well done scam, the site looks authentic. They even say that privacy is their main concern and then apologize for the inconvenience.
Have you changed you PayPal password?
You might want to do something about the address, so somebody doesn't click it before they've read your post, and fall for the scam.
QUOTE(Mr Alpha @ Mar 28 2006, 05:16 AM) 
They're probably phising (fishing). They got your email the same way spam mailers get it. They send that same message to every email they can get a hold of hoping that somebody is ignorant and trusting enough to give them their information.
The address they sent you to should ring a lot of bells. It doesn't have a domain name, only an IP address, and it is accessing the site through port 2006 (which is enough to make my firewall start screaming).
Honstly though, it is a pretty well done scam, the site looks authentic. They even say that privacy is their main concern and then apologize for the inconvenience.
Have you changed you PayPal password?
You might want to do something about the address, so somebody doesn't click it before they've read your post, and fall for the scam.
The address they sent you to should ring a lot of bells. It doesn't have a domain name, only an IP address, and it is accessing the site through port 2006 (which is enough to make my firewall start screaming).
Honstly though, it is a pretty well done scam, the site looks authentic. They even say that privacy is their main concern and then apologize for the inconvenience.
Have you changed you PayPal password?
You might want to do something about the address, so somebody doesn't click it before they've read your post, and fall for the scam.
Regarading the port number, should paypals port number been the registered numbers from 1024 through 49151, or the dynamic/personal ports 49152 through 65535?
I canceled my account, I seldom used it, as a matter of fact it had been idle since last Sept.
The only difference to the site is that the first one has the logo, tabs, but has the message that "this page has been moved...", and after you click on it you are taken to the second page which is exactly the same as PayPals, I did a side by side comparison and couldn't see any difference. I suspect that the second page is actually a copy of the real one, and the first page with the disclaimer was a means to circuventing default protection.
Wouldn't it be ironic that they steal my identity, and find that instead of getting my money they get my debts?
I just glad that I didn't wind up with something real nasty, I just finished reformatting and installing my os.
Glad to hear you're okay! 
Most banks and online services will tell you that they will not ask for that kind of info via email. They know about these scams, take precautions to keep your info safe. Most will have "security questions;" questions that only you would know, like "What is your mother's maiden name?" That way, they know that its really you trying to access that info.
I agree; someone was "phishing" for your info. Glad you didn't bite!!!
Most banks and online services will tell you that they will not ask for that kind of info via email. They know about these scams, take precautions to keep your info safe. Most will have "security questions;" questions that only you would know, like "What is your mother's maiden name?" That way, they know that its really you trying to access that info.
I agree; someone was "phishing" for your info. Glad you didn't bite!!!
Do any of you know of a good freeware program for bolcking these phishing trips, that's something I would't mind getting hooked on.
paypal has a toolbar that will tell you if the e-mail really came from them.
EVERYONE WHO USES THE NET SHOULD READ THIS ( I am yelling, just not rudely)
Here's a page with a lot of info on internet shenanigans
http://onguardonline.gov/stopthinkclick.html
If you click on the Phishing icon,on the right site of the page there is info on reporting a Phish.
Down near the bottom of the main article is a link to file a complaint with the FTC.
Home :
http://onguardonline.gov/index.html
You should forward Phishing emails to:
mailto:spam@uce.gov
Here's a page with a lot of info on internet shenanigans
http://onguardonline.gov/stopthinkclick.html
If you click on the Phishing icon,on the right site of the page there is info on reporting a Phish.
Down near the bottom of the main article is a link to file a complaint with the FTC.
Home :
http://onguardonline.gov/index.html
You should forward Phishing emails to:
mailto:spam@uce.gov
This is going on all over ebay. In the past 2 days 4 listings have been bouncing to a page that looks like ebay sign in but its hosted on a free account you can see the url at the top(50 megs)
They have all been removed quickly one even had a topless woman in the gallery pic! I mean I hate to go on ebay doing a search and get porno...
Im glad ebay seemed to have been tipped off quick on all the cases.
Be very careful and I never give out anything other than my address.
They have all been removed quickly one even had a topless woman in the gallery pic! I mean I hate to go on ebay doing a search and get porno...
Im glad ebay seemed to have been tipped off quick on all the cases.
Be very careful and I never give out anything other than my address.
QUOTE(dc3 @ Mar 28 2006, 07:56 PM)
Regarading the port number, should paypals port number been the registered numbers from 1024 through 49151, or the dynamic/personal ports 49152 through 65535?
Should have been using port 80 and 443. QUOTE(dc3 @ Mar 28 2006, 09:13 PM)
Do any of you know of a good freeware program for bolcking these phishing trips, that's something I would't mind getting hooked on.
There is an anti-phishing extension for Firefox made by Google, here. I haven't tried it so I don't know anything about it though.
QUOTE(Mr Alpha @ Mar 29 2006, 03:45 PM)
QUOTE(dc3 @ Mar 28 2006, 07:56 PM)
Regarading the port number, should paypals port number been the registered numbers from 1024 through 49151, or the dynamic/personal ports 49152 through 65535?
Should have been using port 80 and 443. QUOTE(dc3 @ Mar 28 2006, 09:13 PM)
Do any of you know of a good freeware program for bolcking these phishing trips, that's something I would't mind getting hooked on.
There is an anti-phishing extension for Firefox made by Google, here. I haven't tried it so I don't know anything about it though.Thanks for the link, I'll try it out and let you know, I use Firefox so this is good for me. I had another phisher this afternoon, this one stated that they were from the Microsoft E-mail Lottery Promotion, and that I had won eight hundred thousand Euros...
yeah, when donkeys fly, poor example, with enough propulsion you can make a brick fly, just look at some of our jets.
Mr. Alpha...I downloaded the anti-phishing extension for Firefox made by Google, and it works great, thank you very much.
Some general info regarding Phishing can be found HERE, along with real examples of phishing emails.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.