#  >  > Living And Legal Affairs In Thailand >  >  > Living In Thailand Forum >  >  Has PayPal been hacked ?

## Thetyim

I received the following email today from PayPal.

" Dear PayPal customer,

             As part of our security measures, we regularly screen activity in the PayPal system. We recently noticed the following issue on your account:

 Our system requires further account verification.

 Case ID Number: xx-xxx-xxx-xxx

 For your protection, we have limited access to your account until additional security  measures can be completed. We apologize for any inconvenience this may cause.  "


I can no longer access my account.
Did anyone else get a similar message.
Anyone know whats going on ?

----------


## kingwilly

> Anyone know whats going on ?


not really - but banks / credit unions do this all the time - so y not paypal. i imagine that its jsut an attempted fraud on your account so they freeze it until they/you contact each other and work it out.

----------


## mrsquirrel

No

It's called Phishing

Do NOT PUT YOUR DETAILS IN.

The phishers can make it look like Paypa.
\
Only access Paypal via the website.

----------


## kingwilly

> No
> 
> It's called Phishing
> 
> Do NOT PUT YOUR DETAILS IN.
> 
> The phishers can make it look like Paypa.
> \
> Only access Paypal via the website.


yeah that too - but i think they actually sent him his real numbers (which he edited for us) in which case it could be a real hack attempt thwarted. ( apparently its far more widespread than we realise - so the banks tell us - a little like all these 'credible' Al Queada threats that the POMS and Yanks invent to futher curtail ppls liberties and keep the heat off USreail's war .....

----------


## Thetyim

I have not been asked for any details in the email

When I go to the Paypal site I cannot log in

----------


## mrsquirrel

Is there a link in the email?

----------


## Thetyim

Yep, here it is.

The link doesn't work for me


https://www.paypal.com/cgi-bin/webscr?cmd=_login

----------


## buadhai

> Yep, here it is.
> 
> The link doesn't work for me
> 
> 
> https://www.paypal.com/cgi-bin/webscr?cmd=_login


It's a trick. The link looks like PayPal, but it is really: http://ursul.does.it/

A classic phishing attempt. You click the link because it looks like PayPal's domain, but the underlying URL takes you some place else.

It looks the authorities have already shut this one down.

Whenever you get a link in an e-mail you always need to check the underlying link before you click.

----------


## friscofrankie

> I have not been asked for any details in the email
> 
> When I go to the Paypal site I cannot log in


These people NOW HAVE YOUR PAYPAL PASSWORD!
Loginto PayPal change your password.  Forward your email to Paypals fraud email address and let them know.  When ever you get an email like this CHECK THE ADDRESS the link actually goes to it's quite easy to fake a link and most folks dont; check 'em.
http://your-million-dollar.check.fool

----------


## Thetyim

Thanks , but could you try that link again for me.

It now appears to be working and it looks just like the PayPal website.


Now then,  if it is a trick then why have PayPal blocked my account ?

----------


## Thetyim

Thanks FF, I get the picture now.
They have gotten my password and changed it .

I have written to Paypal and told them.
Fortunately there is FA money in there but I was going to start using it again.

----------


## buadhai

The URL gets redirected to this:

203.186.116.6/www.paypal.com/SecureInfo/paypal/index.php

It looks like the PayPal site, but it's not. That IP address is owned by:

person:       CTINETS HOSTMASTER
address:      15/F, Trans Asia Centre,
address:      18 Kin Hong Street,
address:      Kwai Chung, N.T.,
address:      Hong Kong
country:      HK
phone:        +852-3145-5111

They just copied the PayPal login page. They want you to long in and then, as Frisco Frankie noted, they will then have your PayPal login name and password.

How do you know your PayPal account has been blocked. Did you try to log in to the *real* PayPal site?

----------


## Thetyim

OK sorted.
I didn't give them my password because the link in the email would not work.

I have now managed to log on using Welcome - PayPal and have changed my password to be extra sure.

It was definately a scam because have just realised I didn't have that email address registered to any paypal account.

Thanks for all your help fellows.

----------


## Thetyim

> Did you try to log in to the real PayPal site?


Yes I did but it said my details were invalid but the real reason was that I always run with cookies off

----------


## buadhai

^
Well, at least you've sorted it now.

Just shows how clever these bastards can be. Too bad we have to be so careful.

I understand that Firefox 2.0 will have some anti-phishing features. I think you can download the beta now. Might be interesting to see how it reacts to the fake PayPal site to which you were directed.

<edit>Nope, FF 2.0 beta didn't catch it. But, it's based on either a local list or a Google list. I guess the URL they sent hasn't been logged yet. Hard to keep up with these guys....</edit>

----------


## friscofrankie

It's very easy to copy a site such as paypal, or an online banking site, edit the page to use a script, to capture your username and password and enter that into a database. Of course I will tell you some thng like "Sorry we are unable to process your request" Or, even better, "Username/password combination invalid."  The second message will get you to enter the combo again so I can be sure I am getting the right info.  

Of course when trying to login you cannot, they don;thave that info to log you in!!!  This still means the email has worked for the sender of the emaiil!!  Now they can login to that account, transfer what ever funds are in it to another account then move it around or withdraw it.  

ANYTIME you get an email like this forward it to the proper email address of your bank, paypal whatever.  If the institution does not have a contact for Fraud notification lose the account and move onto one that does.

----------


## endure

If you ever get an email from Paypal that that starts 'Dear paypal customer' instead of 'Dear User Name' it's a fraud. Same with Ebay. Genuine emails  always use your user name as part of the initial salutation.

----------


## Thetyim

> Genuine emails always use your user name


Yes you are right.

My first reaction was to test if this was genuine by trying to log on to the real Paypal site.  When I couldn't logon due to invalid user/password I naturally assumed it to be genuine.
If paypal had an honest error message that said "turn on you cookies, sunshine"   them I wouldn't have been fooled.

----------


## Thetyim

Just got a reply from Paypal who have confirmed that it is a scam.

One thing that they pointed out that I had overlooked is to change password AND secret questions.  Changing just the password is not enough.

----------


## RDN

> I have not been asked for any details in the email
> 
> When I go to the Paypal site I cannot log in


You can't log in probably because the site has already been shut down. The link contains info about YOU. 

DO NOT CLICK IT!

I've already sent half a dozen of these phishing emails to "abuse@paypal.com". I get them all the time and I don't even have a paypal account.

----------


## mrsquirrel

I was right and you were wrong na na na nan an anaaaaaah.

----------


## Begbie

Yep it's a scammers site. Go to Paypal and change your password.

----------


## man with no head

Never, never, never, never....

say it again:

NEVER

will any bank (including PayPal) send you an email asking you to login to confirm or change account settings and give you your account number in the email.

And NEVER click a link in an email from a supposed trusted source. If in doubt open a new browser window and type in the URL yourself.

----------


## friscofrankie

Thetyim, here are a few emails you may want to reply to.  looks lieka good deal man.  Go for it.



> Good Day,
> My name is Benny Higgins, an executive Auditor of a bank here in Scotland, United Kingdom. There is a deal of a transfer involving thirty millions pounds sterlings.I am proposing to make this transfer to a designated bank account of your choice. For your indulgence and support(morally, willingly etc.), you will have 45% share of the total amount after the transfer must have been successfully concluded,and 50% belongs to me while 5% incase any expenses. Kindly reply me stating your interest, or call +44-7040112855 and I shall furnish you with the details and necessary proceedure with which to make the transfer. I anxiously await your response.Reply through this my private bennyhiggins60@yahoo.co.uk 
> 
> Thanks and God Bless You, 
> Benny Higgins.





> ATTN: SIR/MADAM
> 
> Tel;27-73-970716.
> STRICLY CONFIDENTIAL
> 
> 
> I am Mr. SISULU LUCKY, a senior staff and chairman "Tender Board Committee" on the award of contracts in Department of Works and Housing here in South Africa. I got your contact E-mail address from a secure server online in my quest to find a trustworthy person on whom I can repose confidence for a transaction of this nature.My aim of sending this "business proposal" to you
> is to solicit for your assistance and co-operation to transfer some huge amount of money into your account overseas. Therefore, this communication should be held in high confidence.
> 
> ...


*And I think this ended up in my administrators account by mistake it is obviously meant for you.*




> Dear valued WellsFargo ® member:
> 
> Due to concerns, for the safety and integrity of the wellsfargo
> account we have issued this warning message
> 
> We have noticed that your Wells Fargo online account needs to be updated once again, please enter your online account information, because we have to verify all of the online accounts after we have updated our Wells Fargo Online Banking site. To verify your online account and access your bank account, please click on the link below:
> 
> 
> 
> ...


This last one is kinda funny.  I worked a bit on the Online banking project for this company....
__________________________________________________  __________

----------


## kingwilly

read this site for more info - its a great laff

Welcome to the 419 Eater

----------


## Thetyim

Gee, thanks FF.
I will get on to it right away.

I owe you a beer for that

----------


## buadhai

> Gee, thanks FF.


He's really a great guy isn't he? I sent him all my credit card numbers, PINs and passwords so he can make sure I'm safe and secure.

What a guy! A real asset to our online community.

----------

