Other Talk "Otterville" plus Religion/Politics

BEWARE - PayPal Email Legit?

Old 05-26-05, 08:20 AM
  #1  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,171
BEWARE - PayPal Email Legit?

Is this a legit email from Paypal?
When I click on the link my antivirus software sais its a Trojan virus...

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: JS.Trojan.Blinder
File: C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\0NGBINI3\login[1].htm
Location: C:\Documents and Settings\\Local Settings\Tempora

Eveything looks so real...



Dear valued PayPal® member:



It has come to our attention that your PayPal® account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.


However, failure to update your records will result in account suspension.
Please update your records on or before May 29rd, 2005.

Once you have updated your account records, your PayPal® session will not be
interrupted and will continue as normal.

To update your PayPal® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run



Thank You.
PayPal® UPDATE TEAM

Accounts Management As outlined in our User Agreement, PayPal® will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/webscr...rivacy-outside



The HTML graphics in this message have been displayed. [Edit Preferences - What's This?]
ANDREMIKE is offline  
Old 05-26-05, 08:25 AM
  #2  
DVD Talk Legend
 
AGuyNamedMike's Avatar
 
Join Date: Jul 2000
Location: (formerly known as Inglenook Hampendick) Fairbanks, Alaska!
Posts: 15,064
It looks like some phishing spam to me, with a tricky trojan payload.

JS.Trojan.Blinder is an embedded JavaScript trojan that spoofs the URL displayed in the browser address bar.
AGuyNamedMike is offline  
Old 05-26-05, 08:31 AM
  #3  
DVD Talk Legend
 
Mrs. Danger's Avatar
 
Join Date: May 2005
Location: With Nick Danger
Posts: 17,578
Real e-mails from Paypal will just tell you to log into your account, and will not include a link.

If you are in doubt about any kind of "official business" e-mail, check with the company it is supposed to be from. Always go to your account through your usual route, never from an e-mail link.
Mrs. Danger is offline  
Old 05-26-05, 08:31 AM
  #4  
DVD Talk Legend
 
Join Date: Jan 2000
Location: Work. Or commuting. Certainly not at home.
Posts: 17,816
Two clues.

1) May 29rd, 2005.
2) PayPal wouldn't send something like this out. As always, if you're concerned, type paypal.com into your browser yourself and login.
wildcatlh is offline  
Old 05-26-05, 08:57 AM
  #5  
DVD Talk Hero
 
nickdawgy's Avatar
 
Join Date: Jan 2003
Location: Southern Cal-ee-for-nee
Posts: 29,064
May 29rd

Another clue is the copyright thing after the name PayPal. I don't think they use that everytime they mention the name of the website.

Also, the address is http:// and not https:// which means it's not secure.

Last edited by nickdawgy; 05-26-05 at 08:59 AM.
nickdawgy is offline  
Old 05-26-05, 09:20 AM
  #6  
DVD Talk Legend
 
Join Date: Jan 2001
Location: Times Square
Posts: 12,133
No legit company will ever use an email link for updating and/or confirming sensitive information.

If you want to check on your account information, or update it, NEVER use an email link. ALWAYS go directly to the site itself.

(They always try to scare you - you know, your Paypal account will be suspended, or your eBay functions will be blocked, or your checkinbg account will be frozen, or your hair will fall out.)
marty888 is offline  
Old 05-26-05, 09:22 AM
  #7  
Moderator
 
Geofferson's Avatar
 
Join Date: Aug 2000
Location: The Village Green
Posts: 39,072
Not legit. All emails from PayPal will direct you by name, not something generic like 'valued PayPal customer'.
Geofferson is offline  
Old 05-26-05, 09:46 AM
  #8  
DVD Talk Legend
 
Minor Threat's Avatar
 
Join Date: Jul 2000
Posts: 13,732
Originally Posted by nickdawgy
May 29rd

That had me rolling as well......
Minor Threat is offline  
Old 05-26-05, 10:24 AM
  #9  
X
Administrator
 
X's Avatar
 
Join Date: Oct 1987
Location: AA-
Posts: 10,676
Here's the culprit:

Domain Name.......... paypalw.com
Creation Date........ 2005-05-22
Registration Date.... 2005-05-22
Expiry Date.......... 2006-05-22
Organisation Name.... L A Davenport
Organisation Address. 542 Crooked Run Rd
Organisation Address.
Organisation Address. Elizabeth City
Organisation Address. 27909
Organisation Address. NC
Organisation Address. UNITED STATES

Admin Name........... L A Davenport
Admin Address........ 542 Crooked Run Rd
Admin Address........
Admin Address........ Elizabeth City
Admin Address........ 27909
Admin Address........ NC
Admin Address........ UNITED STATES
Admin Email.......... [email protected]
Admin Phone.......... +1.2527718397

Appropriate street address.

Where do these guys get people's Paypal email addresses?
X is offline  
Old 05-26-05, 10:46 AM
  #10  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,171
Isn't there some law these guys are breaking? With all of that information you seemed to have found on them, can't the police go and arrest these people?
ANDREMIKE is offline  
Old 05-26-05, 11:23 AM
  #11  
X
Administrator
 
X's Avatar
 
Join Date: Oct 1987
Location: AA-
Posts: 10,676
I'm not sure they'll find him at that address. But we could try calling him...

Listing Of Old Schools Closed
From: 03/01/2003 To: 03/31/2003
Newland School 542 Crooked Run Rd Elizabeth City, NC 27909
X is offline  
Old 05-26-05, 12:07 PM
  #12  
DVD Talk Legend
 
Join Date: Jan 2001
Location: Times Square
Posts: 12,133
Originally Posted by X
Where do these guys get people's Paypal email addresses?
I'm not sure they have people's Paypal addresses - I think in most cases they are simply sending out those emails en masse to email lists that spammers are always gathering and exchanging.

I say that because I've received several phishing emails about my "bank account" at banks where I've never conducted business.

The theory is: send out enough of them, and some are guaranteed to land in a gullible person's inbox.
marty888 is offline  
Old 05-26-05, 12:24 PM
  #13  
X
Administrator
 
X's Avatar
 
Join Date: Oct 1987
Location: AA-
Posts: 10,676
Yeah now that you mention it, I did get that email at a different address. One that very few people have and I have never received spam at.
X is offline  
Old 05-27-05, 12:47 PM
  #14  
DVD Talk Special Edition
 
Join Date: Dec 1999
Location: Raleigh, NC
Posts: 1,766
what will get scary is when these phishing crooks start to send out viruses where it changes your hosts file for paypal.com ect. and has it point to there IP. If that happens you can type paypal.com in the address bar but it will still go to the crooks site
habers is offline  
Old 05-27-05, 01:18 PM
  #15  
DVD Talk Hall of Fame
 
Gil Jawetz's Avatar
 
Join Date: Jan 2000
Location: I was here but I disappear
Posts: 8,407
Just yesterday a guy I work with fell for this. Gave them ALL his info! Oy vey!
Gil Jawetz is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.