Jump to content

Beware PayPal Virus

studiot

By studiot
in The Lounge

 Share

Recommended Posts

studiot

studiot

Posted
Posted

Received this Email, this evening

 

 

Dear Customer,

Your PayPal account has been limited because we've noticed significant changes in your account activity. As your payment processor, we need to understand these changes better.

This account limitation will affect your ability to:

- Send or receive money
- Withdraw money

Also, you won't be able to:

- Remove any bank accounts
- Remove credit cards
- Close your account

What to do next

Please log in to your PayPal account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further limited.

Login here {code removed by studiot}

 

Thank you for your understanding and cooperation.
Sincerely,

PayPal
-------------------------------------------------------------------------

This Is An Automatically Generated Email, Please Do Not Reply
You Are Receiving This Email Because You Are A Registered Member Of PayPal
Read Our Privacy Policy,Security and Protection If You Have Any Questions
Copyright © 1999-2017 PayPal All Rights Reserved.

 

 

Please be aware of this scam as it is highly realistic.

 

Except for the fact that PP have never had the particular email address they sent it to.

1
Link to comment
Share on other sites
koti

koti

Posted
Posted (edited)

Click the link and see where it takes you without entering your username and password ofcourse. Then report that domain to paypal fraud report. Thats what I always do to let paypal know who is trying to screw with their clients.

BTW this is not a virus, its a classic example of "phishing"

 

https://en.m.wikipedia.org/wiki/Phishing

Edited by koti
Link to comment
Share on other sites
StringJunky

StringJunky

Posted
Posted

Received this Email, this evening

 

 

 

Please be aware of this scam as it is highly realistic.

 

Except for the fact that PP have never had the particular email address they sent it to.

Rule 1: Never login to an important account through an email link, always use a proper link.

Link to comment
Share on other sites
Sensei

Sensei

Posted
Posted (edited)

Click the link in e-mail (....)

NEVER EVER click any such link!!!

 

That's rule 1.

 

First, URLs have appended personalized suffixes.

Each e-mail has different suffix, with code unique to e-mail.

So they (whoever they are, spammers or hackers) will know that somebody with e-mail clicked it.

Which means they will confirm their e-mail arrived, and e-mail address is active and verified, and could be sold to ad-spammers.

 

Second, after clicking there is revealed which browser is used, with what operating system, IP address, and other details.

Which means they will be able to make more personalized attack using vulnerabilities of particular OS or web browser.

After scanning ports they will learn what things you're hosting (services/daemons), what ports are open and listening.

 

Third, page can contain viruses that will intercept your system immediately. There are OS-es which have broken f.e. handling of images, and artificially made image file, can contain code allowing intrusion.

Edited by Sensei
2
Link to comment
Share on other sites
koti

koti

Posted
Posted

NEVER EVER click any such link!!!

 

That's rule 1.

 

First, URLs have appended personalized suffixes.

Each e-mail has different suffix, with code unique to e-mail.

So they (whoever they are, spammers or hackers) will know that somebody with e-mail clicked it.

Which means they will confirm their e-mail arrived, and e-mail address is active and verified, and could be sold to ad-spammers.

 

Second, after clicking there is revealed which browser is used, with what operating system, IP address, and other details.

Which means they will be able to make more personalized attack using vulnerabilities of particular OS or browser.

After scanning ports they will learn what things you're hosting (services/daemons), what ports are open and listening.

 

Third, page can contain viruses that will intercept your system immediately. There are OS-es which have broken f.e. handling of images, and artificially made image file, can contain code allowing intrusion.

I wasnt clear. Right click and copy the link to send it to paypal.

Link to comment
Share on other sites
studiot

studiot

Posted
  • Author
Posted

This thread was meant as a warning.

 

Even the most competent can be caught out.

 

Yes you can do some of these things if you feel competent, but there is code associated with the link in some cases and as Sensei +1 points out simply arriiving at the link address from your own IP is useful information to a hacker.

 

If you feel competent and want to investigate, you would be safer taking the address to a public net service, they are free in the EU and UK, and protected by a reset protocol such as Deep Freeze.

 

We should all work together to combat those who subvert innocent folks.

Link to comment
Share on other sites
Mike Smith Cosmos

Mike Smith Cosmos

Posted
Posted (edited)

This thread was meant as a warning.

 

Even the most competent can be caught out.

 

Yes you can do some of these things if you feel competent, but there is code associated with the link in some cases and as Sensei +1 points out simply arriiving at the link address from your own IP is useful information to a hacker.

 

If you feel competent and want to investigate, you would be safer taking the address to a public net service, they are free in the EU and UK, and protected by a reset protocol such as Deep Freeze.

 

We should all work together to combat those who subvert innocent folks.

.

 

Strikes me .. The Internet is Not a Safe Place to be , anymore ,

 

Unless you are a computer wiz kid ? Or the major providers MAKE IT A SAFE PLACE TO BE

 

.... and tell us when they have done in , only by world wide media coverage .

 

Mike

 

Ps Perhaps someone should warn the world that PAYPAL may be contaminated , or a dangerous place to operate with your money ( at the moment ) ? I do not think it can be me, or I will end up in concrete Wellington Boots !

Edited by Mike Smith Cosmos
Link to comment
Share on other sites
Sensei

Sensei

Posted
Posted (edited)

Strikes me .. The Internet is Not a Safe Place to be , anymore ,

Before Internet, viruses were spreading via diskettes..

There were boot viruses intercepting boot sector. Once you put such diskette to drive, virus was intercepting computer, and infecting the all files.

There were/are viruses attaching to files. Their code is executed prior the real executable file code (loader).

So one such file on disk, and you have virus back again. It scans the all executable files, and modify them to add virus code at the beginning.

There are viruses encoding files.

 

Unless you are a computer wiz kid ?

Do you want to remain in XX century, or want to enjoy XXI century.. ?

 

There is never late (age) to buy C/C++ book, download free Visual Studio Community/Express, and jump in a bit higher level of knowledge.

Are not you retired? You have plentiful of free time to learn new things. It's just up to you.

 

Or the major providers MAKE IT A SAFE PLACE TO BE

They cannot know which file, hosted on some server, or send by e-mail as attachment, from your true friend (virus after infecting computer is searching for e-mail address book), contain some kind of virus in executable.

Edited by Sensei
1
Link to comment
Share on other sites
Mike Smith Cosmos

Mike Smith Cosmos

Posted
Posted (edited)

Before Internet, viruses were spreading via diskettes..

 

Do you want to remain in XX century, or want to enjoy XXI century.. ?

 

 

 

One of my daughters runs her entire life by PayPal and other electronic trading sites . Private life and Business life .

I need to get hold of her to warn her . ,

 

Mike

Edited by Mike Smith Cosmos
Link to comment
Share on other sites
studiot

studiot

Posted
  • Author
Posted (edited)

One of my daughters runs her entire life by PayPal and other electronic trading sites . Private life and Business life .

I need to get hold of her to warn her . ,

 

Mike

 

 

That was the purpose of this thread - Spreading the Good News.

 

 

Malicious code needs to spread to be worthwhile to its originators.

 

We can all collectively fight this by broadcasting the antidotes.

Edited by studiot
Link to comment
Share on other sites
Sensei

Sensei

Posted
Posted (edited)

One of my daughters runs her entire life by PayPal and other electronic trading sites . Private life and Business life .

I need to get hold of her to warn her . ,

 

Studiot incorrectly titled thread "PayPal virus". He should call it virus pretending PayPal legit e-mail.

It does not have to be "PayPal" at all. It can be any widely used service, f.e. pretending it's mail from bank, or other financial institution, or government.

It could be pretending YouTube, Google+, Facebook, Twitter, Vimeo, and so on, so on, the next time..

Virus creator takes message normally sent to user, to notify about some event, just to force him/her to click the link in the post.

Edited by Sensei
1
Link to comment
Share on other sites
Mike Smith Cosmos

Mike Smith Cosmos

Posted
Posted

That was the purpose of this thread - Spreading the Good News.

 

 

Malicious code needs to spread to be worthwhile to its originators.

 

We can all collectively fight this by broadcasting the antidotes.

So what exactly do we as ordinary members of the public need to DO or WATCH OUT FOR .?

 

 

Mike

Link to comment
Share on other sites
koti

koti

Posted
Posted

So what exactly do we as ordinary members of the public need to DO or WATCH OUT FOR .?

 

 

Mike

Get somebody who knows their stuff to help you keep your devices safe.

Link to comment
Share on other sites
Lord Antares

Lord Antares

Posted
Posted

One of my daughters runs her entire life by PayPal and other electronic trading sites . Private life and Business life .

I need to get hold of her to warn her . ,

 

Mike

 

Sensei is right. You don't have to warn her of anything other than not clicking on spam e-mails.

This has nothing to do with paypal. It does not mean that PayPal is unsafe (and it really isn't unsafe). It's simply a site pretending to be PayPal. It's like if I dressed as a police officer and scammed someone out of some money. It does not mean that the police are corrupted, since I wasn't the police in the first place, right?

 

I fell for something like this a few years back when I was playing Dota 2. Basically, what you need to know that there are some cosmetic items in the game which can be traded for other items with players on a place called Steam Community, which is a part of the massively popular website ''Steam'' (basically of comparable repute as PayPal).

 

I was going to trade some items with a person who sent me a link to his Steam Community profile. Only, it wasn't really a steam community page, it was a similar domain made to look EXACTLY like the steam community page. Basically, it had something like ''steamconmunity'' in the address bar, instead of ''steamcommunity''. If you don't spot a detail like that, you might get fooled into thinking it is the legitimate page.

So when I typed my username and password in the corresponding places, I wasn't actually logging in anywhere, I was sending that information to the person who made the fake page. Thus, he logged in with my account and transferred all of my items to his account.

 

Similarly, clicking on that ''paypal'' mail would, I assume, lead you to a site login which looks exactly like the one on the PayPal page and upon typing your information, it would be sent to the person who sent you the mail, instead of logging in anywhere.

 

That's what phishing is. It has nothing to do with the level of safety of either PayPal or Steam or any other site. It's a site made to look like other sites.

2
Link to comment
Share on other sites
StringJunky

StringJunky

Posted
Posted (edited)

So what exactly do we as ordinary members of the public need to DO or WATCH OUT FOR .?

 

 

Mike

1. Don't click on a link to a banking site etc in an email.

2. Put important links in your address bar that you know are good and use them every time.

3. Check that the web address of important and sensitive sites starts with 'https' not 'http' eg 'https.www.americanexpress.com/login'. This is the secure version of the address.

4. Use HTTPS Everywhere which forces the browser to look for and use the secure version of a website. This can help against getting sent to spoofed websites that make phishing attempts.

 

i use a separate browser (Firefox) from my casual browsing (Chrome) that is set to remember nothing with all the important links in the bookmarks bar but Firefox does not remember passwords, it is disabled. It has HTTPS Everywhere and Adguard adblocker. Opera is probably better as your ''financial' browser because you can enable VPN in the settings which adds another layer of encryption. i would certainly use it if I was out and about using public wifi.

Edited by StringJunky
1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.