Paul Slocum Posted May 26, 2002 Share Posted May 26, 2002 Do NOT log into this Paypal site. I got an e-mail this morning saying I needed to log into my Paypal account to confirm it with a link to this fake Paypal page. I called the ISP on the phone this morning and e-mailed Paypal, but it's still up. I can't believe the ISP hasn't shut it down yet. http://paypal.com@207.150.221.93/ws-paypal.../?accountupdate -Paul Quote Link to comment Share on other sites More sharing options...
jahfish Posted May 26, 2002 Share Posted May 26, 2002 would be great is everybody on the board registers 10 or 20 different accounts there .... spam them with imaginary accounts .... they won't know what to use anymore ... Quote Link to comment Share on other sites More sharing options...
Paul Slocum Posted May 26, 2002 Author Share Posted May 26, 2002 I used Samspade.org this morning. That's how I found the ISP and contacted them. It's affinity.com. -Paul Quote Link to comment Share on other sites More sharing options...
CosmicJoke Posted May 26, 2002 Share Posted May 26, 2002 That is a seriously dangerous(financially) site! Has anyone informed the real PayPal? jahfish quotewould be great is everybody on the board registers 10 or 20 different accounts there I took your suggestion and registered about 10-15 different accounts. I made them seem pretty realistic. I hope they try logging on with'em! Quote Link to comment Share on other sites More sharing options...
Atari2600Phreak Posted May 26, 2002 Share Posted May 26, 2002 The site's still there. The accounts are being sent to a drop box: input name="FROM_EMAIL" type="hidden" value="admin@yougotmail.com" input name="inputs" type="hidden" value="mail,pass," input name="toEmail" type="hidden" value="freedom2@atrevete.com" input name="subject" type="hidden" value="You've got mail Baby!" input name="redirect" type="hidden" value="http://207.150.221.93/ws-paypal1c/secureverify/" Now I wouldn't advocate this, because it'd be mean and probably illegal, but wouldn't it be a shame if freedom2@atrevete.com were subscribed to about 100 or so free pr0n lists, so that the box would become full, and the accounts harvested would start bouncing. (I don't read enough Spanish to be sure, but it looks like atrevete.com provides a free email service.) The red flags are pretty obvious for an experienced user: no SSL, URL containing "@" (one learns quickly after one goatse link!), but for a relative newbie, this is death on wheels. [ 05-26-2002: Message edited by: Atari2600Phreak ] Quote Link to comment Share on other sites More sharing options...
liquid_sky Posted May 26, 2002 Share Posted May 26, 2002 http://e-newsletters.internet.com/ justscreaming revenge.. up to 191 email lits to sign him up for, Quote Link to comment Share on other sites More sharing options...
Paul Slocum Posted May 26, 2002 Author Share Posted May 26, 2002 It will probably help if more people e-mail support@affinity.com (the host of the site) to get them to shut the site down. -Paul Quote Link to comment Share on other sites More sharing options...
Philflound Posted May 26, 2002 Share Posted May 26, 2002 I'm spamming them with a whole bunch of names. Everyone do it. Did you see that the Log In link does goto the real paypal? You can tell if your paypal link is secure by https:// - The "s" means it's secure. This does not have an "s". Phil Quote Link to comment Share on other sites More sharing options...
KAZ Posted May 27, 2002 Share Posted May 27, 2002 The first site is fake, but yeah, it seems to link to the REAL paypal secure site. The makers of the fake site, then, are after people's login names, and passwords. That's how it looks to me. You could even probably still "send money" to people using the fake site, because it links to the real one. Sneaky bastards. Am I correct on this? Quote Link to comment Share on other sites More sharing options...
KAZ Posted May 27, 2002 Share Posted May 27, 2002 I tried logging into the fake paypal site, using NO login name or password.... It says something like: Your account has been verified, you may now continue using Paypal. I got a security certificate warning about the site too, meaning it wasn't from the real paypal site. It does kinda make me mad that people keep trying to **** other people over like this. Quote Link to comment Share on other sites More sharing options...
Philflound Posted May 27, 2002 Share Posted May 27, 2002 Yes, that is the intention. Unsuspecting people will log in their real user id and password, then the hackers will just take all of their money, change their password, and possibly get access to their bank account. Damn internet is beginning to annoy me. I'd use bad words, but I'm going to keep it clean. Phil Quote Link to comment Share on other sites More sharing options...
jahfish Posted May 27, 2002 Share Posted May 27, 2002 they want to **** with us ... let's **** with them .... i logged in with dozens of different imaginary mails & passwords like hahahaha@gayidiots.com, ****you@laughedmyassoff.com, etc ... etc .... Quote Link to comment Share on other sites More sharing options...
liquid_sky Posted May 27, 2002 Share Posted May 27, 2002 we can always also play dirty.. run a whois, do a few DNS inquireys... Quote Link to comment Share on other sites More sharing options...
zraider Posted May 27, 2002 Share Posted May 27, 2002 If you back off some of that address you get a message stating "future home of www.paypal1.com". Who knows if this is real ? http://207.150.221.93/ws-paypal1c/ [ 05-26-2002: Message edited by: zraider ] Quote Link to comment Share on other sites More sharing options...
Paul Slocum Posted May 27, 2002 Author Share Posted May 27, 2002 I can't believe that site is still up. I contacted affinity.com again by phone this morning, and e-mailed paypal again. -Paul Quote Link to comment Share on other sites More sharing options...
KAZ Posted May 27, 2002 Share Posted May 27, 2002 I joined in and emailed support@affinity.com with a rather "aggressive" letter telling them to take the site down. [ 05-27-2002: Message edited by: KAZ ] Quote Link to comment Share on other sites More sharing options...
Osbo Posted May 27, 2002 Share Posted May 27, 2002 one more reason to send money orders, no wonder why the .com are almost kaput Osbo Quote Link to comment Share on other sites More sharing options...
weaselbrains Posted May 28, 2002 Share Posted May 28, 2002 What this site is doing is stealing the images and layout from the real PayPal site and using a form that emails people's user Id and password to the owners of the site when someone tries to log in. Emailing the ISP and trying to have the site shut down is a good step, but how many people's IDs and passwords do you imagine they have obtained already? It might take a day or two for the ISP to get around to shutting the site down, and in that time they might receive a bunch of people's IDs and passwords - meaning they can drain their PayPal accounts. I think the best way would be to email freedom2@atrevete.com with huge attachments in the hope that they will push the inbox over its size limit and stop it from receiving anymore PayPal account details. Signing into their site with fake PayPal details is not going to do that much because it will only take them 2 seconds or so to check whether they are fake or not. I wonder how many people have entered their real details into this page already. mitchell Quote Link to comment Share on other sites More sharing options...
Guest cvo Posted May 29, 2002 Share Posted May 29, 2002 [ 05-28-2002: Message edited by: cvo ] Quote Link to comment Share on other sites More sharing options...
Guest cvo Posted May 29, 2002 Share Posted May 29, 2002 Good news/update: I did a little bit of homework to find out as much as I could about the scab(s) running the fraudulent PayPal site, and I discovered that the site being used to run the script was off of http://wwwtoolz.com/form2email/form2email.asp I emailed the sys admin regarding the situation, and he was very very cool about it and took immediate action. He blocked off their ability to the login email from their webpage, and contacted their web host (http://www.winsave.com). So now if you go to the original fraudulent PayPal site (http://paypal.com@207.150.221.93/ws-paypal1c/secureverifyn/?accountupdate), you will see that if you click on the "Login" button, you will get an informative message/alert. I did as much as I could, and now it's up to PayPal to do some work. Of course with PayPal's customer service history, I doubt much will be done. Ciao, Carolyn Quote Link to comment Share on other sites More sharing options...
Atari2600Phreak Posted May 29, 2002 Share Posted May 29, 2002 Bravo! Quote Link to comment Share on other sites More sharing options...
Philflound Posted May 29, 2002 Share Posted May 29, 2002 Page cannot be found! Hooray! Phil Quote Link to comment Share on other sites More sharing options...
Albert Posted May 29, 2002 Share Posted May 29, 2002 Awesome! However, I'm really dismayed at how long it took for this site to shut down. I really hope too many people didn't get suckered into this, although I have little doubt that some people are now wondering what the hell happened to the money in their checking account. Another good reason not to link your primary checking account to PayPal.. ..Al Quote Link to comment Share on other sites More sharing options...
Guest cvo Posted May 29, 2002 Share Posted May 29, 2002 Hey again! You can actually still get to the fraudulent site via the following URL: http://paypal.com@207.150.221.93/ws-paypal...ex.html.changed However, if you click on the "Login" button, you will get the following nifty message: "While submitting your form, we found the following errors: THIS USER WAS USING THIS PAGE TO FALSELY AQUIRE PAYPAL ACCOUNTS. WE HAVE CANCELED THEIR ACCOUNT, AND CONTACTED THE PROPER AUTHORITIES. FOR MORE INFO, CONTACT SENIORHEFF@ATTBI.COM. THANKS, WWWTOOLZ STAFF." Eeeeexcellent, Smithers.... Ciao, Carolyn Quote Link to comment Share on other sites More sharing options...
Noble Kale Posted May 29, 2002 Share Posted May 29, 2002 those bastards. I arrived too late to help it would seem. Congratulations and thanks to everyone who helped stop this site. Now we just have to wait for the fallout.... Just goes to show, this community (AtariAge) is not to be screwed with. We dealt with that fake rare cart bastard, and we just dealt with this... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.