1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning! Fake email supposedly from PayPal..

Discussion in 'BlackHat Lounge' started by blogzandstuff, Mar 24, 2017.

  1. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,797
    Likes Received:
    2,690
    Occupation:
    blog creator
    Location:
    UK
    I got this email today and was suspicious, so i sent it to [email protected] to get it checked, if you get one of these DO NOT RESPOND or click any of the links!
    Certificate Expire Notification.
    Dear xxxx,
    At PayPal, security is among our top priorities and we are continually innovating to deliver the strongest protection possible. This includes adapting our environments and upgrading merchant integrations in order to be compliant with current industry standards, such as those set by the Payment Card Industry (PCI) Security Standards Council.
    PayPal's existing application program interface (API) certificate credentials are 1024-bit, SHA-1 certificates and they can have an expiration date up to and beyond 10 years. As of 4 February 2016, all new PayPal API certificate credentials issued are 2048-bit, SHA-256 certificates with an expiration date every three years.
    Please note that after 31 December 2017, PayPal will cease support of any 1024-bit, SHA-1 certificate, regardless of expiration date.
    To avoid service disruption to your API integration, you will need to replace your current 1024-bit, SHA-1 API certificate with a new 2048-bit, SHA-2 certificate before 31 December 2017.
    You are receiving this notification because, according to our records, your PayPal-issued API certificate is 1024-bit, SHA-1. The API certificate that is associated with the PayPal business or premier account, has an expiry date after 31 December 2017.
    To help you through this process, we have created a set of instructions on how to download and install a new certificate. You can find those instructions and other detailed information on our Merchant API Certificate Credentials Upgrade Microsite.
    We appreciate your patience and support in protecting our customers and their payments.
    Best regards,
    PayPal
    Paypal's response: " Thank you for partnering with PayPal to combat fraudulent emails. We take reports of suspicious email very seriously. Your submission helped us take the appropriate action needed to protect our customers.
    We analyzed your report and determined that the suspicious email was likely fraudulent ".
     
    • Thanks Thanks x 3
  2. Twanofzo

    Twanofzo Regular Member

    Joined:
    Jul 15, 2014
    Messages:
    230
    Likes Received:
    68
    Gender:
    Male
    Location:
    The Netherlands
    Well.. I get these kinda emails everyday. Same goes for the 'You've won...' or 'Someone died in your family, you can get 10000 euros by sending 100 euros to xxx'. I must be rich by now. Sad that I don't have a family anymore though.

    I hope people on this forum can see when an email is fake or not lol
     
  3. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,797
    Likes Received:
    2,690
    Occupation:
    blog creator
    Location:
    UK
    i know most experienced members will know, but you'd be surprised how many people do click the links in these type of emails. It was just a heads up.
     
  4. Twanofzo

    Twanofzo Regular Member

    Joined:
    Jul 15, 2014
    Messages:
    230
    Likes Received:
    68
    Gender:
    Male
    Location:
    The Netherlands
    Yep, I know how many 'idiots' there are in this world. My target are these idiots so I'm not surprised :p

    Thanks for the heads up though!
    Lots of people on here from the 'sir' countries would click these links (No offense ;))
     
  5. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,797
    Likes Received:
    2,690
    Occupation:
    blog creator
    Location:
    UK
    i have business clients who i have just notified to ignore this, it's clearly aimed at merchants. Because of the financial laws are constantly changing and Paypal are always updating their terms and conditions i thought this was a particularly dangerous one, not the usual " Your account has been suspended " type of email i get often. Many small business owners may not really understand what this is and so would do it.
     
    • Thanks Thanks x 1
  6. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,487
    Likes Received:
    11,187
    Occupation:
    CHEAP
    Location:
    DATASETS
    Home Page:
    • Thanks Thanks x 1