|
|
cossie
|
 |
On fire! |
Location: Exiled in North East Engl...
Registered: July 2003
Messages: 1699
|
|
|
I received an e-mail at my 'home' address - the one I use for banking and financial transactions, including web purchases - telling me that there had been an attempt to activate my pay-pal account from an IP address in Germany, and inviting me to confirm that this was in order. It also listed recent UK activations.
I don't in fact have a pay-pal account - I closed it a couple of years ago. I clicked on the link to what was allegedly the Pay Pal Home Page, and then went to the same page directly. The pages were very similar, but not identical. It smells like some kind of phishing, and I'd like to report the matter to Pay Pal - but (irritatingly but typically!) there is no contact URL on the home page and, as I don't have an account, I can't log in. I'd especially like a contact URL, but any other suggestions from those who know about these things would be more than welcome!
For a' that an' a' that,
It's comin' yet for a' that,
That man tae man, the worrld o'er
Shall brithers be, for a' that.
|
|
|
|
|
|
|
|
|
Grandfather, go to http://www.paypal.com at the very bottom of the page in small writtting you will see several catagories, one of them is Contact us.
I believe in Karma....what you give is what you get returned........
Affirmation........Savage Garden
|
|
|
|
|
|
|
|
timmy
|
 |
Has no life at all |
Location: UK, in Devon
Registered: February 2003
Messages: 13796
|
|
|
Forward ALL such emails to spoof@paypal.com
They have a whole industry based on closing this stuff down. It's known as phishing. Never even click the link in these emails.
Same with ebay. spoof@ebay.com
Author of Queer Me! Halfway Between Flying and Crying - the true story of life for a gay boy in the Swinging Sixties in a British all male Public School
|
|
|
|
|
|
|
|
|
Ideally you should also include the original mail headers. These include the originating IP address and the servers the email was relayed through to get to your mailbox. These are useful for blocking such emails and (very occasionally -- regretably most people seem to get away with it) bringing successful prosecutions.
Most mail software has an option to view them; some even forward the full headers automatically. If you can view them, copy and paste them into your forwarded emails. You can never supply too much information for diagnostic purposes. (Well, don't go overboard and include your bank account or Paypal details. Those sort of things should never be sent by email, because emails can be snooped on quite easily.)
David
|
|
|
|
|
|
|
|
|
Timmy said,
>Never even click the link in these emails.
Well -- sometimes you can, provided you're absolutely sure that you're safe; if, for example, you're running the web browser inside a sandbox. (Never do it if you have critical things on your computer, or are runing Internet Explorer, because it is possible that the site exploits a vulnerability somehow.) In that case you can then find out who is hosting the site, contact them directly, and get it removed much more quickly than it would have been otherwise.
I did that quite frequently when I worked for a web hosting company a couple of years ago. Where sites were hosted by us, I could nuke them straight away (it's a very satisfying feeling to pull down a scammer's site); otherwise I would contact the other web host involved and kick up a huge fuss until they removed them.
David
|
|
|
|
|
|
|
|
|
Deeej wrote:
Never do it if you have critical things on your computer, or are runing Internet Explorer, because it is possible that the site exploits a vulnerability somehow.
This is, of course sound advice. But even if you are using IE you can usually see the address of the phisher - the address on which the gullible will click. Just copy that address into http://www.dnsstuff.com/ and you can find out the DNS of the sender, where that server is etc... and then you can take it from there.
JFR
The paradox has often been noted that the United States, founded in secularism, is now the most religiose country in Christendom, while England, with an established church headed by its constitutional monarch, is among the least. (Richard Dawkins, 2006)
|
|
|
|
|
|
|
|
|
True, true...
JFR said:
>Just copy that address into http://www.dnsstuff.com/ and you can find out the DNS of the sender, where that server is etc... and then you can take it from there.
The wonderful resource that so few people know about is the 'whois' database. There are several of these, both for domains and IP addresses. Go to http://www.dnsstuff.com (you can also use a tool on your own computer) and enter either the domain name (e.g. iomfats.org) or the IP address of iomfats.org (64.74.153.129) in the WHOIS Lookup box and it'll give you all the publicly-accessible information about the owner. This information is supposed to be correct according to the ICANN regulations on domain ownership, though often it isn't (especially if the person who registered the domain is a scammer -- they will usually use another person's street address, though the email address is generally their own.)
As an aside, there's a problem over the ownership of domains where someone has used a 'privacy' service like Timmy. According to ICANN regulations, the domain technically belongs to Domains by Proxy, Inc., who have registered the domain on Timmy's behalf, rather than Timmy himself. This may present a problem if he ever wants to move the domain to another registrar. Such systems were a perpetual headache when I was working for one such registrar, as it was virtually impossible to guarantee that the person who claimed to own the domain actually was the owner. That is the primary purpose of the whois system, but it's very often exploited these days.
David
|
|
|
|
|
|
|
|
|
... though, of course, if you haven't actually looked at the site you can't be sure (a) that someone else hasn't already taken it down, (b) that it's actually a phishing site (rather than a rather peculiar spam, or a "joe-job" type attack designed to undermine a competitor's reputation). If you were making an all-avenues effort to get the site taken down, you'd have to look at it just to see what you were dealing with.
It is sometimes amusing to write scripts that spam the phishing site with false information. It may not actually help, but it feels therapeutic.
Incidentally, *most* phishing sites are actually pretty shoddy underneath. This is because they are assembled in a matter of hours, so they have to be easily-modifiable so they can spring up again on a different site. Spelling mistakes, missing pages, chunks of text from real sites that haven't been modified correctly, scripts that don't work -- these are all indications that it's a scam. And, obviously, asking for anything like your credit card details, bank details, address, social security number, before you've even logged in, is a dead giveaway.
The most popular site types with scammers are escrow sites*, money transfer services, banks, pharmaceutical sites, porn sites. Who on earth pays for porn, anyway?
David
*There are far more fake escrow sites on the internet than real ones. In fact, the only "real" escrow site I have ever come across is escrow.com, which I would trust as I have used them before. I do not think I would touch any others with a barge pole. At Easyspace I once took down seven of the things in half an hour.
|
|
|
|
|
|
|
|
timmy
|
|
Has no life at all |
Location: UK, in Devon
Registered: February 2003
Messages: 13796
|
|
|
It is still easiest to leave it to the company concerned. Amateur sleuths should leave well alone. These phishing people are not thick, we are speaking of very sophisticated criminials who are outsmarting equally intelligent people.
With or without the headers paypal has quite enough to close the sites down. the email headers are probabaly from random infected PCs used by people like us, but witho no virus or other software protection on them. It is the sites that are the key to the crook, not the email
Author of Queer Me! Halfway Between Flying and Crying - the true story of life for a gay boy in the Swinging Sixties in a British all male Public School
|
|
|
|
|
|
|
|
|
Timmy said,
>It is still easiest to leave it to the company concerned. Amateur sleuths should leave well alone. These phishing people are not thick, we are speaking of very sophisticated criminials who are outsmarting equally intelligent people.
I think you give them too much credit. Most of them are "script kiddies" from third-world countries rather than experienced professional hackers. The code that drives the sites is generally pretty sloppy "cut and paste" stuff. I suppose I may not qualify as amateur because I used to deal with these sorts of things professionally.
>With or without the headers paypal has quite enough to close the sites down. the email headers are probabaly from random infected PCs used by people like us, but witho no virus or other software protection on them. It is the sites that are the key to the crook, not the email
Actually, Paypal has real trouble shutting them down, especially if they are in countries in which Paypal does not have an office and/or legal experience. In that case often all Paypal can do is complain to the ISP. Which is exactly what we, as users, can do, as well.
Reputable hosting companies are just as keen to get rid of these phishing sites as we are. Even non-reputable ones are swayed by the likelihood that the hosting is supported by stolen credit cards -- meaning that they will almost certainly get chargebacks and punitive fines if they do not do something quickly. They will respond to a take down request from a user as well as a company.
David
|
|
|
|
|
|
|
|
|
Deeej,
Is a Linux computer less vulnerable in a situation like Cossie's?
|
|
|
|
|
|
|
|
timmy
|
|
Has no life at all |
Location: UK, in Devon
Registered: February 2003
Messages: 13796
|
|
|
There is a huge set of people such as VeriSign who target these sites to shut them down as fast as they open. A whole lot of intellignece resources are brought to bear. The script kiddies are paid to do what they do. This truly is not an amateur operation, Deej
Author of Queer Me! Halfway Between Flying and Crying - the true story of life for a gay boy in the Swinging Sixties in a British all male Public School
|
|
|
|
|
|
|
|
|
Timmy said,
>There is a huge set of people such as VeriSign who target these sites to shut them down as fast as they open.
Verisign?
I know for a fact that when scam sites were running off our servers (Easyspace -- at one stage the biggest registrar and web host in the UK) it was almost always the users who alerted us to the problem. If the big companies became involved they would send official, legal letters by post. By the time we got them we had almost always shut the site down already -- and prevented God knows many how people from being scammed -- precisely because of the efforts of those people (usually individuals, sometimes small community user groups) who were helpful and let us know.
We kept the evidence, but you might be interested to hear that practically no-one -- Verisign, Paypal, the police, anyone -- ever followed it up.
>The script kiddies are paid to do what they do. This truly is not an amateur operation, Deej
Not an amateur operation, no. I absolutely never said it was. From the sheer number of sites it was evident that there was a large infrastructure supporting them. However, I think there is also a great deal of FUD (it's a geek term meaning fear, uncertainty and doubt -- propaganda, essentially) peddled around, making out that these people are more fearsome than they are. You wouldn't give your credit card or bank details to any random person you met in the street -- even if he said he worked for your bank -- so why should you online?
The rule of thumb is that you should be suspicious of any email from Paypal or any financial organisation. If it asks you to do something, ring them and make sure, or log in using the usual web address and ask a question that way. If the message asks for any information at all from you, you should be suspicious. If it does not supply your full name and/or your username, be very suspicious indeed.
David
|
|
|
|
|
|
|
|
|
Sailor said:
>Deeej,
>Is a Linux computer less vulnerable in a situation like Cossie's?
Possibly, if the email tries to get you to install a virus and then snoops on your activity from the operating-system end. Most viruses won't run under Linux.
In this case, however, I think probably not. Most phishing sites manage to con the user into giving away information voluntarily, and that applies whatever the email client, web browser or operating system.
That said, if you know how to use Linux the chances are that you will be computer literate enough to be more suspicious. That doesn't guarantee safety, however.
David
|
|
|
|
|
|
|
|
|
|
|
>This truly is not an amateur operation, Deej
Not amateur criminals, no. But what I meant was that on the whole the sites themselves appear to be written by amateurs, which makes them easy to spot if you know what to look for. The evident aim is to con those people who are gullible enough to believe anything, rather than to make it good enough to con everyone,
I have seen some extremely clever phishing sites, but they have always (thus far) been "proof of concept" sites set up by security experts. Even those could not have fooled someone who logged into his bank properly (on a properly scanned and non-compromised computer, a cleanly opened browser window, a self-typed address from memory, etc.).
I still maintain there is a lot of FUD over what scammers can and cannot do.
David
|
|
|
|
|
|
|
|
|
Quite interesting, but I draw particular attention to the last sentence:
>After all, phishing is just a modern version of an old con trick, and as we all know, a trick certainly loses its appeal when the audience understand how it’s done.
David
|
|
|
|
|
|
|
|
Whitop
|
 |
Toe is in the water |
Location: USA
Registered: June 2005
Messages: 73
|
|
|
Hi. Cossie,
You were so right to be suspicious! And I think you got your answser within the hour from the alert Brian.
Your simple query certainly set off a thread full of useful and, to me, new information. Many thanks, Mac
|
|
|
|
|
|
|
|
cossie
|
|
On fire! |
Location: Exiled in North East Engl...
Registered: July 2003
Messages: 1699
|
|
|
I followed Brian's advice - I'd already looked but failed to see the 'Contact Us' reference, which is an indictment upon my eyesight or (more probably!) my whisky consumption.
Working from that link, I was eventually instructed to forward the e-mail to spoof@paypal.com, which is what Timmy suggested. So, as a good citizen should, I have duly obeyed orders!
Thanks again to all who contributed!
For a' that an' a' that,
It's comin' yet for a' that,
That man tae man, the worrld o'er
Shall brithers be, for a' that.
|
|
|
|
|
|
|
|
|
Thanks, Deeej! My email and web host seem to have a good system for filtering out unwanted messages, and the pinhole can be made as narrow as I want to. Within a year and a half I have received no spam or otherwise unwanted email messages.
|
|
|
|
|
|
|
|
|
Sailor said:
>Within a year and a half I have received no spam or otherwise unwanted email messages.
Ah, but how many *wanted* messages did you never receive? That's also something to bear in mind.
I'm sure you're very careful about that sort of thing, Sailor, but in more general terms there's nothing more irritating (and insulting) than someone telling you, "Oh, sorry -- I never received your message. The system thought you were a spammer." For that reason I suggest that everyone who uses aggressive spam filtering checks for false positives every couple of days. Spam filtering is a nasty hack that would never have been required if the designers of the SMTP mail protocol had taken authorisation into account.
They key to keeping an address spam-free is to be very sparing in its use. I have various email accounts (at least six, ranging in age from a few months to six years, plus my university account), some which receive quite a lot of spam and others which don't. If I don't trust someone, I give them an untrusted email address (which simply forwards to my usual inbox). If that starts receiving spam, I either kill it entirely, or (if too many people have it) after a lengthy phase-out period I switch it over to an autoresponder that requests that anyone who uses it should contact me on a different address.
My very best (most memorable) address is reserved for personal friends. If you've received messages from me on that address, it means I trust you.
David
|
|
|
|
|
|
|
|
|
Thanks, David!
Ah, but how many *wanted* messages did you never receive?
Sorry (blushing), I don't know. My email provider offers a control panel which shows statistics for webpage activity only. I have asked them about it and am awaiting their reply. Your question is highly relevant, of course.
About multiple email addresses we think along the same lines, with a number of untrusted and one trusted address.
|
|
|
|
|
Goto Forum:
|
] 
A Place of Safety
Search
Help
Register
Login
Home
