1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Almost fell for paypal phishing email.

Discussion in 'BlackHat Lounge' started by todordonev, Mar 6, 2016.

  1. todordonev

    todordonev Regular Member

    Joined:
    Nov 23, 2012
    Messages:
    388
    Likes Received:
    232
    Gender:
    Male
    Location:
    Bulgaria
    Home Page:
    This is yet another of those threads, but I just wanted to bring awareness to you guys and remind you to be extra careful when you receive emails from your bank or paypal or whichever payment mechanism you use.

    So usually I am tech savvy and I always check the redirect urls for those kinds of emails but the thing is I had a long night and I am just waking up, having a coffee and checking my email. Because I am to confirm my bank account with paypal, they send me emails on regular basis.

    I receive phishing on regular basis as well and I am used to it but this one was crafted pretty darn well.

    https://gyazo.com/4ff647259b2f743294fc0a4a1bf61b12 <-- img link

    For whatever reason this time I didn't check neither the redirect on the button nor the url after I clicked the button. It asked me to login so I logged in, then it asked me for credit card details and I was like wtf I am calling paypal and then I looked at the url:

    https://gyazo.com/80ca8c35bd730529ea36646c2f340a5a <-- img link

    I was like damn they got me. They even have SSL on the phishing page, wtf!?!?
    Changed the pwd and everything is fine, atleast for now.


    TL;DR
    So guys and gals always make sure:
    • To use your mobile data if you are on the way and you want to login to paypal. Never use any wifi network, even if its at your home.
    • If you receive emails from bank,paypal, government etc. always check the url at the button. You can do this by hovering your mouse over and checking the lower left corner of the screen.
    • Always check the url on the login page.
    • If you are using smartphone use the paypal app. This is very important because some smartphones show the capital I as the non-capital L and I am constantly receiving emails from @paypaI.com
    ​
    Stay safe,
    Peace.
     
    • Thanks Thanks x 6
  2. umerjutt00

    umerjutt00 Jr. VIP Jr. VIP

    Joined:
    Oct 28, 2011
    Messages:
    3,908
    Likes Received:
    2,168
    Occupation:
    Ninja
    Didn't these type of emails go into your spam folder? For me, these type of emails always end up there.
     
  3. todordonev

    todordonev Regular Member

    Joined:
    Nov 23, 2012
    Messages:
    388
    Likes Received:
    232
    Gender:
    Male
    Location:
    Bulgaria
    Home Page:
    Sadly some go through.


    Also from google:

    If you believe you've received a phishing email, follow these steps right away:

    • Forward the entire email to [email protected].
    • Do not alter the subject line or forward the message as an attachment.
    • Delete the suspicious email from your inbox.
     
  4. iam_ironman

    iam_ironman Regular Member

    Joined:
    Oct 20, 2014
    Messages:
    322
    Likes Received:
    59
    Location:
    India
    Home Page:
    I have receive this type of emails straight to my Hotmail Inbox.
     
  5. Liand

    Liand Newbie

    Joined:
    Aug 2, 2013
    Messages:
    28
    Likes Received:
    8
    Location:
    Kaçanik
    The same happened to me 3 months ago. I actually gave the information needed LOL. But within 2-3 minutes I realized what I did and quickly changed my password and all security related question/answers, and asked Payoneer to block my Mastercard.
    So, all Im trying to say is BE CAREFUL, I have quite some experience in IM and yet I fell for it.
    Anyway, thanks for bringing it up mate.
     
    • Thanks Thanks x 1
  6. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,496
    Likes Received:
    8,427
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Well, if you use Gmail, you don't have to worry about PayPal/eBay phishing at all, unless you're blind. Because without opening any legit or phishing PayPal email - even if the latter arrives to the inbox, which is pretty rare - so in any case, if you get an email from a trusted PayPal address, there will be a small key symbol before the senders name/email address, although i can't remember, if it's enabled by default or not.

    If it's not enabled by default, this is how you can enable it: Authentication icon for verified senders

    [​IMG]
     
    • Thanks Thanks x 3
  7. todordonev

    todordonev Regular Member

    Joined:
    Nov 23, 2012
    Messages:
    388
    Likes Received:
    232
    Gender:
    Male
    Location:
    Bulgaria
    Home Page:
    Thanks a bunch, I might reconsider switching to gmail.
     
  8. Cherry

    Cherry Supreme Member

    Joined:
    Mar 23, 2014
    Messages:
    1,250
    Likes Received:
    316
    Gender:
    Female
    Location:
    Care-a-lot
    I wish those scammers would rot in hell! I know some people who unfortunately fell for these phishing emails.
     
  9. kickthat

    kickthat Jr. VIP Jr. VIP

    Joined:
    Sep 18, 2014
    Messages:
    471
    Likes Received:
    592
    Gender:
    Male
    Location:
    UK
    If I ever get these types of emails from my bank/Paypal or another service I use and if, on a rare occasion, I think they may be legit, I just go direct to the website rather than click links in the emails. Saves ever getting caught out by spammers.
     
    • Thanks Thanks x 1
  10. todordonev

    todordonev Regular Member

    Joined:
    Nov 23, 2012
    Messages:
    388
    Likes Received:
    232
    Gender:
    Male
    Location:
    Bulgaria
    Home Page:
    Thats the best way.
     
  11. Yarotje

    Yarotje Newbie

    Joined:
    Feb 23, 2016
    Messages:
    10
    Likes Received:
    0
    Damm whats out! also happend to me.
     
  12. Eternal1912

    Eternal1912 Power Member

    Joined:
    Dec 6, 2014
    Messages:
    621
    Likes Received:
    246
    Gender:
    Male
    Occupation:
    Freelance Writer
    Location:
    Bulgaria
    I'm using Gmail from one or two years and this has never occurred to me until now and I've been using PayPal for almost a year now
     
  13. John1966

    John1966 Newbie

    Joined:
    Feb 25, 2016
    Messages:
    12
    Likes Received:
    1
    Yep, never had a problem in Gmail!
     
  14. onelettershor

    onelettershor Supreme Member

    Joined:
    Aug 4, 2015
    Messages:
    1,302
    Likes Received:
    447
    Gender:
    Female
    Location:
    Land of sheep
    Normally I get heaps in my junk, but recently I get like 2 a day that makes it into my inbox :(.

    Not like I have much money on paypal anyways haha