1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Heads up for those of you that use PayPal - new/current phishing attempt.

Discussion in 'Making Money' started by zero-day, Feb 20, 2012.

  1. zero-day

    zero-day Regular Member

    Joined:
    Aug 25, 2011
    Messages:
    349
    Likes Received:
    344
    Occupation:
    Coder
    Location:
    My Office.
    Home Page:
    I'm posting this here to let all of the BHW members/affiliates of ours be notified as I know most of you don't check your emails daily(I sent out an email to all of our affs regarding this)

    Got an email today about my paypal account being limited, downloaded the HTML file, viewed it (all on a virtual machine) it has a form to submit all of your information such as SSN/CC# etc. you put a random number in such as 0000111122223333 and it says "Card Invalid must be 15-18 digits". All in all fake form, posted to a free web-host database. I just wanted to let everyone here know about it and in case you entered the information on the form - to contact your local IRS or someone that could help you handle it.

    Just so you all know - it's not real what-so-ever, but just to be safe - I'd change your paypal password.

    For those of you on the more technical side(like me) I gathered all the information I could about them and I have uploaded it here -
    http://cpainfinity.com/PayPal.zip
    Contents -
    Email message - message of email
    Email source(includes headers)
    HTML file.

    For those of you that don't want to download it -

    Email Message.txt
    Email source.txt
    Includes headers
    Restore_your_account_PayPal.HTML
    The attached HTML file(to the email)
    HTTP changed to HXXPZ and www changed to w3
    I've emailed the free web host, along with paypal. I'm all for emailing people CPA offers, but outright stealing and identity theft(with the SSN + CC#) that's just not right.
     
    • Thanks Thanks x 4
  2. cricket1

    cricket1 Senior Member

    Joined:
    Jul 5, 2011
    Messages:
    1,086
    Likes Received:
    459
    Thank you for informing us. That's really sad people are still doing such things. At least I haven't received such email yet.

    Sent from my Galaxy S2 using Tapatalk
     
    Last edited: Feb 20, 2012
  3. miansc

    miansc Regular Member

    Joined:
    Oct 1, 2009
    Messages:
    416
    Likes Received:
    132
    Location:
    Oz, maate
    nice of you to take the time to make a detailed report on this!
     
  4. MidKnight

    MidKnight Junior Member

    Joined:
    Jun 22, 2011
    Messages:
    170
    Likes Received:
    49
    Occupation:
    Depends, I work multiple jobs on a daily basis.
    Location:
    In My Mind
    Thanks for warning everyone here about this!!!

    I've actually received this e-mail a few times at one of my jobs. It's annoying cause while I know it's a fake, most of the other employees and even the employers don't known the difference between a real one and a phony. It's just as good that almost all of them don't have the information needed to complete the form of the fake link. The one person who does always has me double check if he can't tell, though he usually can.

    Also, it's not just PayPal. There have been eBay, Amazon, and even the USPS phishing e-mails going around the net. I'm sure there's lots of others, but these are the ones we come across.

    Again, thanks for the warnings and especially the detailed info you provided.

    ~MidKnight
     
  5. zero-day

    zero-day Regular Member

    Joined:
    Aug 25, 2011
    Messages:
    349
    Likes Received:
    344
    Occupation:
    Coder
    Location:
    My Office.
    Home Page:
    I've only received this for paypal. The email LOOKED real(on my phone) when i viewed it.

    Just letting everyone know. We look out for our affiliates personal security and "internet awareness" as well as theirs stats and what-not.
     
    • Thanks Thanks x 1
  6. MidKnight

    MidKnight Junior Member

    Joined:
    Jun 22, 2011
    Messages:
    170
    Likes Received:
    49
    Occupation:
    Depends, I work multiple jobs on a daily basis.
    Location:
    In My Mind
    Yeah, even on Outlook they appear real. Easiest way to tell on our end is to mouse over their links without clicking them so you can view the actual address on the bottom left, or a popup bubble. If your phone can look at all the e-mail details, you can see the actual sender's email address, or the BCC which is usually to other people that have a similar address to yours. Proof that it's a fake if you're not the only recipient. My job has accounts on those websites I mentioned, so maybe that's why we get them a lot.

    ~MidKnight