Skip to page content or skip to Accesskey List.
Search evolt.org
evolt.org login: or register

Work

Main Page Content

PayPal Users Beware

Posted on April 29, 2002

in News

by Jeff Howden (Jeff Howden)

Rated 3.96 (Ratings: 8) (Add your rating)

Log in to add a comment
(6 comments so far)

Want more?

 
Picture of Jeff Howden

Jeff Howden

Member info | Full bio

User since: December 13, 1998

Last login: June 22, 2011

Articles written: 21

PayPal has generally been very good about security, even going so far as to warn users upon practically every visit to the site to never share their password with anyone. However, this latest scam involving PayPal could fool even the most clued-in of Internet users.

The scam arrives in your inbox appearing as an email from PayPal support. Here's how it reads (all spelling, punctuation and grammar errors were present in the original email):

From: "Paypal.com"
To:
Subject: Your Paypal.com Account is on HOLD
Date: Wed, 1 May 2002 08:48:51 +0500
Reply-to: "Paypal.com"

Dear Sir,

We regret to inform you that due to system failure we have lost our backups of all accounts, so most of accounts are on HOLD status, including yours, if you want to continue our service without any trouble, then you are advised to please go to following Paypal.com page and enter your information, so that we can update your account information.

Please go to: http://www.paypal-inc.com (New window will open)

If you do not want to enter information, then your account will be automatically DELETED after 3rd May 2002

We really appreciate your help in this mater.

Regards,

David John
Head Customer Support Department
Paypal.com

I performed a WHOIS of the domain in the link itself (notice it's different than the one in the text) and found that the owner of the domain co-inc.com is based in Hong Kong. If you follow this link, you'll notice that the page is a very close duplicate of PayPal's home page. In fact, the scam artists simply saved PayPal's homepage using Internet Explorer's "Save complete webpage" feature, put the images up on a Brinkster.com account, and changed the layout of the fake page slightly to give their own login form more prominence. Any unsuspecting visitor would unknowingly be sending their information to these scammers who are bound to transfer any funds they find to another account.

Just goes to show that we should all pay very close attention when dealing with these matters online.

.jeff

Jeff Howden (.jeff) is a web developer working for Vos & Howden, LLC in Portland, Oregon where he's partnered with long-time colleague, Anthony Vos. His skills include ColdFusion, JavaScript, CSS, XML, relational databases, and much, much more. His biggest professional accomplishments include, but are not limited to:

  • building a ColdFusion-based e-commerce solution for Mt. Bachelor that transacted over $1.62 million dollars in September 2001 with 0 (yes, that's zero) ColdFusion errors and then an almost completely rebuilt version transacted $2.86 million dollars in September 2002.
  • being asked to be a Technical Editor for the ColdFusion MX book, Inside ColdFusion MX from New Rider's Publishing company.
  • being asked by BrainBench to perform quality control on their JavaScript 1.5 certification test after receiving the highest beta test score out of 200 testees.
  • managing the server that hosts evolt.org and withstanding a slashdotting that brought over 1,000,000 hits to the site, over 10 gigs of data transfer, and an average in excess of 2300 unique visitor sessions per hour, all within a 24-hour period and the server never hiccuping once.
6 comments on this article. Log in to add your comment | Rate this article: Rate this node 1 star.Rate this node 2 star.Rate this node 3 star.Rate this node 4 star.Rate this node 5 star.

site closed down?

Submitted by branko on May 1, 2002 - 08:21.

I get an error when visiting http://www.paypal-inc.com or http://www.paypal-help.co-inc.com. I guess it's been shut down. As for using Paypal, there are those that find this bank is not what is cracked up to be: www.paypalsucks.com

login or register to post comments

Criminal liability?

Submitted by mcombs on May 1, 2002 - 09:35.

It shouldn't be tough for authorities to track down the perpetrators through their WHOIS registration. Something like this deserves jail time.

login or register to post comments

Paypal account email addresses

Submitted by cantoni on May 2, 2002 - 17:49.

I'm curious how they obtained the email addresses for the PayPal accounts in the first place. It seems like this is the critical data that must be protected. Once an email address (for Paypal or any similar account) is found, it's easy to get some portion of those people to fall for the trick.

Similar things have been tried for AOL, but I suppose the difference here is that PayPal controls some of your money, whereas your AOL login doesn't necessarily.

Searching around, here's an article on Zdnet from 2000 where a similar scam was floating around: http://news.zdnet.co.uk/story/0,,t269-s2080344,00.html

login or register to post comments

Good point

Submitted by Spyder on May 4, 2002 - 10:08.

Good point Cantoni - I wonder how they collected their addresses. I don't recall getting a scam e-mail like that so they obviously didn't get everyone. Maybe it was quite targeted. Scary stuff anyway.

login or register to post comments

Surely easy?

Submitted by electro on May 6, 2002 - 11:38.

Just type paypal in to any search engine and get page after page of retailers using them. Surely quite easy, no? As for the 1st comment, these sites slaming paypal have been on the go for sometime now. I heard that they were started up by a rich businessman who's account got frozen due to suspected dodgy dealings. Anyway, I suspect that the percentage of people who have bother with PayPal is quite small. I hope :-)

login or register to post comments

Nothing new

Submitted by pbreit on May 11, 2002 - 13:56.

This scam has been around as long as the web itself. It just hasn't presented itself as much in the past because usernames and passwords weren't as valuable until PayPal came along. What is criminal is that the browser makers, Verisign, etc. have done *nothing* to protect users and businesses from this type of scam. The situation has gotten much worse with frames, iframes, etc. which often times hide the server's URL so it's not obvious to users who they are interacting with.

"Finding" PayPal email addresses isn't real difficult. There are the easy ways such as simply looking at ebay auctions. And there are the easier ways such as sending 1000 emails and getting, say a 10% hit rate.

As you can see, these sites get shut down pretty quickly. I'm not sure what action is taken against the perpetrators. By looking at web logs, it's proably easy to identify which users supplied their login information and make sure their accounts are not comrpomised.

The other interesting thing is that, once again, it is clear that most computer break-ins are carried out in a very lo-tech manner.

What is humorous is how lousy the email message is. You would think that by simply crafting a realistic message, the success of the scam would go way up.

login or register to post comments

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.orgEvolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.