Tag Archives: PayPal

PayPal Scam: Your account has been limited.

Posted on by The Old Wolf

I’ve mentioned phishing scams before, in a number of places. This email arrived yesterday,

phishing

Note the red flags on this one:

  1. A sender’s address that is not “Paypal.com”
  2. Poor formatting
  3. Incomplete text

The attachment they mention gives you this:

Phishing2

If you are foolish enough to provide this information, it will be sent not to PayPal but to http://162.213.154.42/~oilreol/service.php:

NetRange 162.213.152.0 – 162.213.155.255
CIDR 162.213.152.0/22
NetName FUC-US-2001
NetHandle NET-162-213-152-0-1
Parent NET162 (NET-162-0-0-0-0)
NetType Direct Allocation
OriginAS AS26272
Organization FortaTrust USA Corporation (FUC-9)
RegDate 2013-06-10
Updated 2013-12-17
Ref http://whois.arin.net/rest/net/NET-162-213-152-0-1
OrgName FortaTrust USA Corporation
OrgId FUC-9
Address 3701 NW 82 Ave.
City Doral
StateProv FL
PostalCode 33166
Country US
RegDate 2012-03-08
Updated 2014-07-02
Ref http://whois.arin.net/rest/org/FUC-9
OrgAbuseHandle IPADM602-ARIN
OrgAbuseName IP Admin
OrgAbusePhone +1-305-898-0033
OrgAbuseEmail ipadmin@fortatrust.com
OrgAbuseRef http://whois.arin.net/rest/poc/IPADM602-ARIN
OrgNOCHandle IPADM602-ARIN
OrgNOCName IP Admin
OrgNOCPhone +1-305-898-0033
OrgNOCEmail ipadmin@fortatrust.com
OrgNOCRef http://whois.arin.net/rest/poc/IPADM602-ARIN
OrgTechHandle IPADM602-ARIN
OrgTechName IP Admin
OrgTechPhone +1-305-898-0033
OrgTechEmail ipadmin@fortatrust.com
OrgTechRef http://whois.arin.net/rest/poc/IPADM602-ARIN

This information does not mean that FortaTrust itself is necessarily behind the phishing attempt, but someone could be using their servers in spurious ways.

Whatever the case, be careful out there. PayPal and other legitimate financial institutions will never ask you for sensitive financial data by email.

The Old Wolf has spoken.

An especially convincing Phishing scam

Posted on by The Old Wolf

Here’s the email that came to me yesterday:

Image1

  1. Notice that it appears to come from “Paypal.com,”  However, the original sender was 23.249.163.109 (if even that’s not spoofed) which is in Buffalo, NY rather than PayPal’s headquarters which is in California.
  2. Second, the message is an image rather than text. That’s a red flag right there. The images link back to:

These are definitely nothing linked to PayPal. So we know even without any further examination that we are dealing with a phishing scam.

The image itself, if you click on it, will lead you to a long URL which actually contains the email address that their phishing email was sent to. If you click on these links, they know who you are.

http://redirect.paypal.com.0.session…..=MyEmailAddress@comcast.net

Image2

So notice that when you get to the phishing website, they already have your email address. This is what makes the scam more credible – they’re not asking for your PayPal ID, because they are counting on the fact that you use your same email address as your PayPal address, and they already have that.

If you foolishly enter your password, the first thing you’ll see is this bit of misdirection:

Image3

But that’s just a clever bit of misdirection. So you try again, and this is what you get next:

Image4

Which soon passes to:

Image5

And off to the races we go.

REMEMBER: Banks or PayPal or other financial institutions will NEVER ask you to verify information like this via email. All such requests are SCAMS.

When I check out websites like this (don’t try this at home – you could also be picking up a lot of malware if you’re not properly protected), I usually enter really insulting phrases for names, cities, and so forth. It’s a small thing, but it’s really the only way I can get under the skins of these criminals.

Image6

That billing address is nothing I would ever want to repeat in polite company – but notice that the scammers are trying to make their victim think they already have a credit card on file, and you’re just supposed to verify it.

Image7

So again I give them some bogus information that could never be used as a real card or be used to hurt anyone else.

Image8

The last screen will redirect the victim, once they have handed over their sensitive information to thieves, to the real PayPal website. Notice however – nothing else on the page works. All the other links are non-existent.

This scam is well-contrived enough that I fear any number of people will be taken in.

The most important thing to remember is that, as I said before, PayPal will NEVER ask you to give up sensitive financial information like this through an email message.

Be careful out there, and protect your loved ones.

The Old Wolf has spoken.

Don’t you think the customer knows his/her own address?

Posted on by The Old Wolf

Yarg snarl yarg.

I run an online business. People pay me via PayPal, or use that service as a credit-card broker.

Every now and then, I get a popup like this when shipping:

ScrewPayPal.

And then you can’t go forward or override the popup until you use the “suggested” address. Notice that the only difference is that the customer entered “Hot Springs,” and the Post Office (xchxxxchhxttt paTOO!) demands “Hot Springs National Park.”

For the love of Mogg’s holy grandfather, don’t you think the customer knows his own address? Is the Post Office so stupid that even with a correct ZIP Code, they’ll be unable to deliver the parcel because their database happens to have a slightly different name for the locality?

It’s fine to provide this information, but they need a button that says “Use Address As Provided” so that the seller doesn’t have to take the time to go in and manually change the address.

The Old Wolf has ranted.

Old_Wolf_Curse