1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Paypal Scam - Phishing Email] Look out for these so you don't fall for them!

Discussion in 'Black Hat SEO' started by IamNRE, Aug 24, 2013.

  1. IamNRE

    IamNRE Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 18, 2010
    Messages:
    4,663
    Likes Received:
    7,108
    Occupation:
    Generate Leads With FB Ads For Just $1
    Home Page:
    I woke up from my afternoon siesta to find a funny looking email in my inbox. Looked into it carefully before I clicked on any link.

    The email was saying my PP had been limited bla bla bla. Looked very convincing... not your avg. "I am the son of the governor of Nigeria..." type of shit.

    I've taken a screen shot so that others can get familiarized with it and don't fall for it (or anything similar).

    ===================

    [​IMG]
    [​IMG]

    Ways to stay safe if you get a dodgy email;

    Check the email where it's being sent from! (in this case they even used service@paypal so they are really trying to cover their tracks).

    NEVER EVER click on the links in the email. Open up your browser and login to the website you want to login to directly from there (do not do this if you think you have a keygen - if you have downloaded something recently that might be tracking your keyboard typing).

    Copy the link that is in the email and paste it into a notepad (don't paste it directly into your browser and press go by mistake).

    In this case the URL was;

    http://www. paypal.com.1r4sy5y0gao.2smbk9f62gbsj9gcf5zky.com/cgi-bin/webscr/?login-dispatch&login_email=info@moneysitecontent.com&ref=vesta-check&login-processing=ok

    It looks legit.... right? At first glance Yes. But if you look carefully its actually a subdomain and the actual domain is;

    2smbk9f62gbsj9gcf5zky.com/

    I'll post it again and color the sub domains;

    http://www. paypal.com.1r4sy5y0gao.2smbk9f62gbsj9gcf5zky.com/cgi-bin/webscr/?login-dispatch&login_email=info@moneysitecontent.com&ref=vesta-check&login-processing=ok

    ================================

    If anyone can track down the 455 hole and report him to his host provider or something then please feel free to do so! I tried but the only data I could find on him was;


    [​IMG]


    Moral of the story... don't be a sucker.

    To the thief... you can't blackhat a blackhatter! FAIL
     
    • Thanks Thanks x 22
  2. RushingWind

    RushingWind Elite Member

    Joined:
    Apr 6, 2013
    Messages:
    2,416
    Likes Received:
    3,333
    People would do anything these days. And TBH, I wouldn't call it "Blackhatting". It's seems to be more like stealing. Thanks for the info though. Hope this prevents some newbs from being hacked.
    Thanks,
    RW.
     
    • Thanks Thanks x 2
  3. abhi007

    abhi007 Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2010
    Messages:
    5,299
    Likes Received:
    3,740
    Location:
    snip.li/TubH
    hahaha the emails with the title I am the son of the governor of Nigeria never seen those before but nice catch John :)
     
  4. hoodmonster

    hoodmonster Newbie

    Joined:
    Jul 17, 2013
    Messages:
    39
    Likes Received:
    13
    Location:
    wa
    New internet motto: When in doubt, type url out haha
     
    • Thanks Thanks x 1
  5. IamNRE

    IamNRE Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 18, 2010
    Messages:
    4,663
    Likes Received:
    7,108
    Occupation:
    Generate Leads With FB Ads For Just $1
    Home Page:

    I'd say so too...

    but I reckon it might be from someone from this community coz I do not really promote my services anywhere else and I have not done any SEO. The must have gotten my email from via BHW - but I agree, he should be considered a thief not a black hatter!
     
    • Thanks Thanks x 1
  6. IamNRE

    IamNRE Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 18, 2010
    Messages:
    4,663
    Likes Received:
    7,108
    Occupation:
    Generate Leads With FB Ads For Just $1
    Home Page:
    thanks

    I likez that. When in doubt, type it out!
     
  7. yogi31286

    yogi31286 Elite Member

    Joined:
    Dec 30, 2009
    Messages:
    1,702
    Likes Received:
    584
    Occupation:
    IMer
    Location:
    Where do you think? BHW :)
    Home Page:
    hmm.. i read about this type of stuff recently and wanted to make my laptop's security high. Used malwarebytes, spybot and antivirues is already there. Scanned through spybot and got few trojans(something like that) which were described as key logger!!! from that day onwards i scan my laptop daily and update all the antivirus softwares manually to avoid any recent trojans, hacks.
    Thanks a lot OP for sharing such stuff, will keep this in mind.
     
  8. Ptrick125

    Ptrick125 Regular Member

    Joined:
    Mar 4, 2013
    Messages:
    428
    Likes Received:
    113
    Occupation:
    Going To School
    Location:
    Near Austin, Texas
    Home Page:
    People do the same type of things with fake twitter logins...

    Posted via Topify using iPhone/iPad
     
  9. sorainen

    sorainen Registered Member

    Joined:
    Feb 24, 2012
    Messages:
    96
    Likes Received:
    82
    Thanks for the info.
    Also when paypal send you an email, they always put your real name : Hello "John Smith" , they never say : Hello "Money Site Content", so I think you can`t be fooled .
     
  10. WindowsBlue

    WindowsBlue Newbie

    Joined:
    Mar 29, 2013
    Messages:
    28
    Likes Received:
    8
    pro scammer
     
  11. Jumby

    Jumby Junior Member

    Joined:
    May 26, 2013
    Messages:
    192
    Likes Received:
    50
    Lol my days of playing runescape have taught me the ins and outs of phishing. Email phishing is the basic and the easiest way to phish. I can tell by that email that it's a noob doing it. You wouldn't believe the creative ways people can phish you, luckily the methods are isolated in the virtual gaming community for now. All for some virtual currency that they sell for money lol.
     
    • Thanks Thanks x 1
  12. bestseoservice

    bestseoservice Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 30, 2012
    Messages:
    440
    Likes Received:
    46
    Occupation:
    RUN A SEO COMPANY
    Location:
    USA
    Home Page:
    The safest policy is always going to paypal url, without clicking any link, just typing yourself "paypal.com". If your account has been limited, then paypal will inform you at your account overview
     
    • Thanks Thanks x 1
  13. S E O

    S E O Power Member

    Joined:
    May 29, 2013
    Messages:
    551
    Likes Received:
    212
    Occupation:
    Still Learning...
    Location:
    In Front Of BHW
    You showed him a great story bro
    really superb hands off
    cheers
     
    • Thanks Thanks x 1
  14. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    Another thing to remember (unless I'm mistaken), PP will always address any correspondence to YOUR real name that you signed up with. So if you're John Smith whose website is internetriches dot com, the email is addressed to John Smith not internetriches.
     
    • Thanks Thanks x 1
  15. Roshaen

    Roshaen Elite Member

    Joined:
    Sep 24, 2012
    Messages:
    2,238
    Likes Received:
    1,350
    Location:
    Please Pray For My DAD
    I always do this out sometime i do click on the link depeding on the sender but next time i would make sure even if fb or anyone sends me a look i won't do that never since these are like bad habbits once you're used to it you tend to click on every trusted site links

    Thanks OP.
     
    • Thanks Thanks x 1
  16. viralking

    viralking Power Member

    Joined:
    Nov 11, 2012
    Messages:
    757
    Likes Received:
    205
    Location:
    Cpadoom.com
    Home Page:
    man that email and address looks so familiar. i think this guy is doing a lot of stuff other then this. his info was also found by me because he has hacked a few of my accounts
     
    • Thanks Thanks x 1
  17. Junefog

    Junefog Junior Member

    Joined:
    Jul 24, 2013
    Messages:
    101
    Likes Received:
    28
    I'm impressed, how did you even track this guy down?
     
  18. meannn

    meannn Supreme Member

    Joined:
    Apr 22, 2009
    Messages:
    1,461
    Likes Received:
    1,896
    Occupation:
    Unemployed Winner
    Location:
    TR
    Sorry dude but thats not a blackhat thing. There is a difference.
     
    • Thanks Thanks x 1
  19. IamNRE

    IamNRE Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 18, 2010
    Messages:
    4,663
    Likes Received:
    7,108
    Occupation:
    Generate Leads With FB Ads For Just $1
    Home Page:

    WhoIs check.
     
  20. crackarama

    crackarama Regular Member

    Joined:
    Aug 14, 2013
    Messages:
    347
    Likes Received:
    85
    Location:
    scotland
    great read.iv heard some horror stories from friends/workmates about this kinda thing