PDA

View Full Version : New email scam PaypaI


Roadeater
31-01-2011, 01:37 PM
Just a warning to you guys, I was very nearly fooled.

I received an email from what I presumed to be Paypal entitled 'Receipt for Your Payment to 'AU-AdCommerce-EOM@ebay.com'. On closer inspection the domain name that it came from was actually <service@paypaI.com.au> . Notice it says paypaI.com.au ? When the email is opened it looks like a very legitimate copy of the receipt that you usually get from Paypal, colour (tan writing in headline), format, and most of all the link at the bottom of the page entitled 'Issues with this transaction?'! THAT LINK IS DEADLY! Fortunately my antivirus blocked whatever was there. Of course the scam is designed to make you panic about a transaction that you did NOT make (mine was for the sum of AU$137.07) and hit that link to report it.

My advice is to check out the name of the domain it comes from! Again it is <service@paypaI.com.au> , NOT <service@paypal.com.au> with the l in paypal being swapped out for an I. Stay safe people.

cherryZ
31-01-2011, 01:48 PM
Thanks for the heads up.

unv300zx
31-01-2011, 02:14 PM
thanks for that i have been hitting ebay hard lately trying to find zx parts never thought to check the receipts for anything like that but.

gmbrezzo
31-01-2011, 02:31 PM
Thanks for the warning. I'll pass that along to my clients.
You are be comming a very valued member here

ugame
31-01-2011, 03:03 PM
awwww come on! I'm just trying to make a living people!

I've got 5 Nigerian kids to feed :D

ugame
31-01-2011, 03:05 PM
You are be comming a very valued member here

lol that sounds sooooo creepy :D
http://cdn.mqstatic.com/files/truthcontrol/imagecache/preview/images/106.gif

mafi-zed
01-02-2011, 08:11 AM
you can always check internet banking to see if anything has come out as well

black baz
01-02-2011, 10:29 AM
Just a warning to you guys, I was very nearly fooled.

I received an email from what I presumed to be Paypal entitled 'Receipt for Your Payment to 'AU-AdCommerce-EOM@ebay.com'. On closer inspection the domain name that it came from was actually <service@paypaI.com.au> . Notice it says paypaI.com.au ? When the email is opened it looks like a very legitimate copy of the receipt that you usually get from Paypal, colour (tan writing in headline), format, and most of all the link at the bottom of the page entitled 'Issues with this transaction?'! THAT LINK IS DEADLY! Fortunately my antivirus blocked whatever was there. Of course the scam is designed to make you panic about a transaction that you did NOT make (mine was for the sum of AU$137.07) and hit that link to report it.

My advice is to check out the name of the domain it comes from! Again it is <service@paypaI.com.au> , NOT <service@paypal.com.au> with the l in paypal being swapped out for an I. Stay safe people.
good call, 99 .... !!!!

Roadeater
01-02-2011, 11:53 AM
Whoever is behind it has done their homework and knows their stuff as the quality of it is VERY passable and convincing. Whats also of concern is it appears to be circulated from inside Australia because of the domain names. Shame on them!

Here is a screenshot of what mine looked like, I have no qualms about showing you this because it is a FAKE email!

http://i836.photobucket.com/albums/zz283/heavydutydestroyers/PaypaI.jpg

Circled in red is the BAD link. Clever little #^&*er's hey.

MoulaZX
01-02-2011, 11:56 AM
Only you ugame... only you, lol. Hows life in 350Z land? :)

MoulaZX

Roadeater
01-02-2011, 12:22 PM
You are be comming a very valued member here I dunno. I'm like a daddy long legs spider; harmless, sitting in the corner keeping the fly numbers down :rolleyes:

lol that sounds sooooo creepy :D
http://cdn.mqstatic.com/files/truthcontrol/imagecache/preview/images/106.gif

http://i836.photobucket.com/albums/zz283/heavydutydestroyers/300px-not_illuminati.jpg

2012 is when we make our move :D

Speaking of Illuminati, this is fail on a fair scale :rofl:

Clickster the Illuminati (http://www.geekologie.com/2009/11/youre_doing_it_wrong_superrich.php)

gmbrezzo
01-02-2011, 01:36 PM
You are be comming a very valued member here

lol that sounds sooooo creepy :D
http://cdn.mqstatic.com/files/truthcontrol/imagecache/preview/images/106.gif
Only you ugame... only you, lol. Hows life in 350Z land? :)


:eek:...so he's a 350 driver....that explains it all ! :rofl: :rofl:

Madcow
01-02-2011, 03:19 PM
i suspect the site has been taken down, unable to ping it, or go to that address?


but for your reading pleasure: http://whois.domaintools.com/paypai.com

CHILI
01-02-2011, 03:25 PM
The link you have highlighted has "paypal" spelled correctly.
Where did you find the incorrectly spelled link?

Good work for reporting this anyway.

Madcow
01-02-2011, 03:34 PM
i looked up the address they had listed, its for some real estate broker in the USA. the phone numbers dont match, anyone care to give them a call? :D

Roadeater
01-02-2011, 04:38 PM
The link you have highlighted has "paypal" spelled correctly.
Where did you find the incorrectly spelled link?

Good work for reporting this anyway.

I wondered that myself, but if you have a recent receipt from Paypal have a look at the legitimate link that they supply, it's chalk and cheese with the one supplied on this spoof receipt. I'm not that savvy when it comes to how domains and links work, but I can tell you that my anti-virus had a freakin' heart attack when I clicked on the link :eek:, bells and whistles went off everywhere!

Here is a screenshot of the of the senders address, notice how it is an au domain, am I missing something?:

http://i836.photobucket.com/albums/zz283/heavydutydestroyers/Paypai2.jpg

cherryZ
01-02-2011, 06:10 PM
Here is a screenshot of the of the senders address, notice how it is an au domain, am I missing something?:

http://i836.photobucket.com/albums/zz283/heavydutydestroyers/Paypai2.jpg

That one is clearly dodgy

cru1sr
01-02-2011, 06:53 PM
With any web page or email there are what is known as anchor tags.

For a dogdy website, the anchor tags may look like this:

e.g. <a href="LinkToDodgyWebsite"> Innocent Looking Text </a>

In your case, they've put in some innocent looking text which appears to be a link to a paypal website. The actual link is to a dodgy website.

To confirm this, just pass your mouse over the bogus link and see what address pops up. Alternatively right click the address and go to "Properties" to see where it would take you.

Whoever is behind it has done their homework and knows their stuff as the quality of it is VERY passable and convincing. Whats also of concern is it appears to be circulated from inside Australia because of the domain names. Shame on them!

Here is a screenshot of what mine looked like, I have no qualms about showing you this because it is a FAKE email!

http://i836.photobucket.com/albums/zz283/heavydutydestroyers/PaypaI.jpg

Circled in red is the BAD link. Clever little #^&*er's hey.

gmbrezzo
01-02-2011, 07:20 PM
Spot on advice. cru1sr.
The spelling may look correct on the email, but the link underneath no good.

There is also another scam going around as well.
People are doing phone calls telling you that your computer has a virus or running slow.
They direct you to their web site and ask you to click on the "Remote Access" button so they can fix your PC.
During this process they ask you to turn off the monitor for a short time (alarm bells)
Who knows what trojan's or keyboard sniffers they are installing.
Then they ask you to sign up to a subscription to "Keep your PC running smoothly"
These guys are NOT registered with ASIC or ACCC and do not have a legitimate business. No ABN.
I did a backwards trace of their IP address and their server was based in Germany.
A friend in Griffith alerted me to this and when they called me that was a big mistake on their part.

cru1sr
01-02-2011, 08:24 PM
Here's an example of how easy it is to create a bogus link. Just click on my link below (don't worry, it's not going to take you anywhere dangerous).

http://ebay.com (http://gaywheels.com/)

gmbrezzo
01-02-2011, 08:56 PM
Ha Ha HA....I've hear of happy feet :rofl::rofl:

black baz
01-02-2011, 09:01 PM
lol, Cliff ... how gay is that ... good one ...should scare the crap of we laymen ....

Roadeater
01-02-2011, 09:51 PM
lol, Cliff ... how gay is that ... good one ...should scare the crap of we laymen ....

Oh Gawd, do you have to say 'laymen', it seems somewhat inappropriate right now :rofl:

cru1sr
02-02-2011, 08:13 AM
:D I like to think I'm providing a service with my informative posts on internet scams! :p

lol, Cliff ... how gay is that ... good one ...should scare the crap of we laymen ....

Brissie Beauty
02-02-2011, 10:04 AM
I got a good one from Paypal the other week also.
This email came thru to "Dear Customer," Looked suss due to a couple of spelling errors and the pp.au email address, so I didnt click on the link, but went directly to the Paypal website itself.
Paypal will ALWAYS address you by your first and last name or your Paypal username.
There is a Paypal email address to forward scam Paypal emails to -spoof@paypal.com.au - I did just that. :)

Here is my little email from them...
To: hot_n_tempting86@hotmail.com
Subject: Notification Alert !
From: int@pp.au
Date: Mon, 10 Jan 2011 13:52:30 -0600

Dear customer,
Your account has been compromised or limited.

Click here to resolve the problem (this was an icon)

Thank You.
Please do not reply to this email, as your reply will not be received. This is an
automatic notification of new security sistem.
Sincerely,
PayPal Security Department Team.

Roadeater
02-02-2011, 10:30 AM
Now that one is quite obviously a scam, who the hell do they think that would fool? The one that got me was so diabolically convincing that the only way to see it was a scam was the domain name being PaypaI, everything else looked totally legit (refer to screenshots). Yes, as soon as my antivirus went apesh!t I forwarded it to the Paypal spoof@paypal.com.au address.

Polish
10-02-2011, 12:20 AM
This is why I have linked one of those prepaid credit cards you buy from the newsagencies instead of my real account.

dieseldave
10-02-2011, 07:09 AM
They are fun to play with I have had one I have been stringing out for a while over selling my xtrail. I have manage to get a copy of a passport (looks like a stolen id), his home address, a email address that is not a hotmail/gmail account, a phone number, and numerous other things.
Mind you the xtrail has long gone (Sold), I have passed on the details of the passport to the AFP as I think it si a stolen Australian ID, but he is still after a Pay Pal account so he can get the money to me quickly, he needs the car in Malaysia. Classic.