|
Scammers after paypal info
Just wanted to let everyone know that someone is trying to spoil Christmas for people. Since shopping online has become so common and so many people are using paypal the scam is running today. I got the email at work and at home today that appears to be from paypal saying they are upgrading servers and need you to verify your account information. The page is infected with a trojan horse type virus that will copy your account info and forward it to the thieves so they can logon to your paypal account and use your credit card info.
:mad: :mad: |
I received the same Email. I hope no one falls for this one. Went right into the trash bin.
|
I dumped mine as well. Not a paypal user but I still got the email.
How does the website "www.fenprus-ssvsa.cl/paypal/verify.htm" - the actual destination of the 'click here' in the email - tell IE to display the address as a real paypal.com address? Found that out by looking at the address bar as the site opens and you see it for a split second, but it's there in the history for you to see the properties of. xl - any info on the trojan ? I'd like to make sure I didn't get it when I hit the site in case it goes active in the future. |
Many, many thanks for this wonderful site. I just checked my email and
WOW, they sent the email to me 6 times in a row. I wonder why I am so popular. :rolleyes: I didn't open anything and deleted it and then deleted the deleted stuff. (Is there a rule somewhere I can't say deleted too many times in one sentence?) I love this site...thank you Brent, PIGS! I hope they catch them and put them in a hole with Saddam. David:mad: :mad: :mad: |
I think this is a form of mail fraud which probably should be reported to the FBI.
|
MAIL WASHER
A while back, Richard Hudgins recommended a program named MailWasher. You can get a free version at mailwasher.net.
MailWasher enables you to look at your e-mail before you download it to your computer. This way, you can delete, bounce and blacklist whatever you want without the bad stuff even getting on your computer. Try it. |
I opened the email and looked at the form, but I didn't enter anything. It's now deleted. Don't you have to fill something out before the scammers get your sensitive info?
|
I got it too...Actually forward the information (email) to the legit PayPal site. They want to be aware of all incidents. They want to hunt down this scum and make an example of them. Ebay was having the same problems a few months back and I followed up with them, I never received an email after that.
The tipoff for me was, they sent the email to the wrong email account. I have PayPal and eBay ids setup on a separate account. You can also setup filters to ensure you don't get crap like this. |
This type of scam went around in October as well. I had forwarded the mail header info to PayPal...
..here is their response and advice: Dear Ron, Thank you for bringing this suspicious email to our attention. We can confirm that the email you received; was not sent to you by PayPal. The website linked to this email is not a registered URL authorized or used by PayPal. We are currently investigating this incident fully. Please do not enter any personal or financial information into this website. If you have surrendered any personal or financial information to this fraudulent website, you should immediately log into your PayPal Account and change your password and secret question and answer information. Any compromised financial information should be reported to the appropriate parties. If you notice any unauthorized activity associated with your PayPal transaction history, please immediately report this to PayPal by following the instructions below: 1. Go to https://www.paypal.com/ 2. Click on the Security Center at the bottom of the page 3. Click on "Report a Problem" 4. Select the Topic: Report Fraud 5: Select the Subtopic: Unauthorized use of my PayPal Account, and click Continue. 6. Follow the instructions to access the appropriate form Sincerely, PayPal Account Review Department PayPal, an eBay Company |
Does anyone know whether clicking the link installs any code on your system ?
I clicked the link thinking not, but did not enter any info obviously. Just want to know if there was any code planted by the link if that is possible. Thanks. |
I did, too, and just about completed filling it out when I saw that they asked for a SSI. That queered the whole thing for me. I knew something was up. I received the same email about six hours later. Thanks for bringing it to the forum.
|
I also got the alleged paypal request sent two times yesterday and i forwarded both today to their fraud research area at : spoof@paypal.com. I received an almost immediate response thanking me and saying they would look into it. bill.
|
Ross,
You're probably safe, however, it's better to be safe than sorry. Run a complete system scan with your anti-virus software (be sure it's up to date) so that you can rule out installation any trojans or other malicious code. Run Spybot too, just in case. Happy holidays. Bill |
What I'm wondering about is ...
Went to the site, more to see what it was, didn't enter anything but after xl said it had a trojan I'm wondering if that is on this machine and waiting for the next time my card details are entered then it'll sent that info off to wherever it goes. I'm running Panda anti-virus and it didn't say anything - but that's checking virus's, not trojans. My stepson occassionaly uses paypal here, and we sometimes buy items online from a range of other sites (never had a problem yet). Just want to make sure there isn't a trojan on here patiently waiting ..... |
When I went through the properties I saw "barney@epost.de". Found several ".de". Denmark????? Hmmmmm???? Oh well, delete.
|
I recieved 4 of them in about 15min. on the 25th
|
I got the same stupid email too, nice Christmas present.
Ross, I use a program call Ad-Ware for removing spyware as well as a Antivirus program. Ad-ware can be found at http://www.lavasoftusa.com/software/adaware/ Beware of the emails that claim to remove spyware, usuallu they will remove spyware then place their spyware on your system. |
Slow dawg
.de is a root zone for Germany. Denmark is .dk. :) |
Quote:
I tried to run the script on a "mule" system here at work this a.m., but the site is already down. (interesting... the source of the code in the e-mail I received came from an ISP in Chile... and traced to a generic porn site there... this is why crimes like this are so hard to prosecute, since there are no political boundaries to these offenses... currently, the largest source of junk e-mails come from mainland China, because it's cheap to use them to send out millions of messages). Bill gives good advice... although I see no residue in the code, it's a good idea to run an AV check with up-to-date definitions. |
Quote:
...so they use http://www.lavasoft.de |
| All times are GMT -7. The time now is 03:08 AM. |
Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0
The representations expressed are the representations and opinions of the clubcobra.com forum members and do not necessarily reflect the opinions and viewpoints of the site owners, moderators, Shelby American, any other replica manufacturer, Ford Motor Company. This website has been planned and developed by clubcobra.com and its forum members and should not be construed as being endorsed by Ford Motor Company, or Shelby American or any other manufacturer unless expressly noted by that entity. "Cobra" and the Cobra logo are registered trademarks for Ford Motor Co., Inc. clubcobra.com forum members agree not to post any copyrighted material unless the copyrighted material is owned by you. Although we do not and cannot review the messages posted and are not responsible for the content of any of these messages, we reserve the right to delete any message for any reason whatsoever. You remain solely responsible for the content of your messages, and you agree to indemnify and hold us harmless with respect to any claim based upon transmission of your message(s). Thank you for visiting clubcobra.com. For full policy documentation refer to the following link: