Just a friendly warning

I have just had my account hacked due to me being sloppy when recieving emails

PayPal Security Team [security@paypal.com] if you receive any emails from this address forward them to spoof@paypal.com asap and delete the email

I did not and followed the intructions which takes you to a secure page and asks you to validate your account by entering all your paypal details

then the next thing you will know is that you Paypal password and security questions have been changed and a new email address added

Don't make the same mistake I did, cos I now have to change all my Paypal security details and cancel my credit card that is linked to the account and wait for a new one.


Regards A Stupid Manic

http://www.homestarrunner.com/sbemail12.html

Thanks Baz!!

Had one of those today. It is scarily authentic until you look at the links involved. I can see this one catching out thousands of people!

We need more providers to support SPF. Stopping the spoofing would stop this sort of scam in it's tracks, or at least make it a lot harder.

Originally posted by Wizzo
Had one of those today. It is scarily authentic until you look at the links involved. I can see this one catching out thousands of people!

We need more providers to support SPF. Stopping the spoofing would stop this sort of scam in it's tracks, or at least make it a lot harder. not really, there are always going to be a ton of stupid people that fall for emails coming from things like support@securepaypal.com
Alot of people who fall for the paypal scams fall for the "so and so just sent you $500, sign up here to recieve it" emails and have no actual idea what an official paypal email address is.

The best one I saw was one that had the standard fake url, but when you went to the site it did some weird stuff in ie to close the address bar, and re-drew it's own address bar showing a proper paypal address.

It's partly because of scams like these that I always sign up for sites as site-randomnumber@mydomain.com I know exactly who has started spamming me, and can also tell genuine from fake emails with no effort.

However, SPF is quite a way off (no matter what anyone says...)

In the short term... start evangelising and get people to stop using the browsers and email clients that make all the phishing possible.

Just install Firefox/Thunderbird wherever you go :)

http://www.spreadfirefox.com/community/images/affiliates/Buttons/180x60/safer.gif (http://www.spreadfirefox.com/?q=affiliates&id=0&t=59)

Firefox is just win. That's all. No Ifs, no Buts, it's just win.

Well, the same goes for every single end user I speak to, stop using IE, its a biohazard waiting to go wrong. I changed over to firefox a few months ago, and its saved me from crap loads of stuff...

- Popup blocker, what a saviour tbh...
- All those dodgy scripts just don't work.

The list goes on.

I agree with Joolz on this one, stop using IE, those hoax things are a joke, I've got a string of them ranging from Visa, to TSB, to Ebay, and as you've said above PayPal.

When i was at $previousjob there were a few machines which got compromised and had the site data for a "fake" mock up, it wasn't really very clever at all.. They just stored your user info and owned you with

Anyway.

/me drops his £0.02 into the pot.

No magic pills exist.

But right now, Firefox is as close to one as we get.

INSTALL IT.

gg.

wp.

I had one this morning tellimg i need to change the log-in details to my Halifax account. Shame i don't have one!!!

I've been in evangelist mode for Firefox for a while now. I've converted most of my family and quite a few of my freinds over to it without much discomfort. In fact I'm reinstalling a mate's system and when he gets it back, IE won't be visible to him.

Take all the warning labels off everything. Let the problem take care of itself.

exactly :D

ps. I don;t like thunderbird...although I do use FF :p:

Thers also an ebay account one going around recently.


Cd

Heh, there's ALWAYS an Ebay account one going round. My dad usually forwards me a copy to ask if its authentic because he has had one before which was (someone guessed his password and logged in to cause trouble :rolleyes: ).

First time PC users should be forced to do a few hours of internet training before they're allowed to start using it. Just the basics on how to recognise scams, how to tell the difference between system alerts and fake browser pop ups, the importance of not replying to spam email or clicking the unsubscribe links, etc.

I got one from Citibank which is

a. an American bank
b. I have never had an account there

Phishing - its a mugs game

:D

Originally posted by alipuk
I got one from Citibank which is

a. an American bank
b. I have never had an account there

Phishing - its a mugs game

:D
you just know there's a ton of people out there though that will have got them from every bank under the sun apart from their own, ignored them thinking "hmm, i don't have an account with them" and then one of their bank will pop into their inbox and they'll just be "wtf!! best go change my details! *click link*"

Human stupidity never fails to suprise me.

I got the same e-mail this morning

I don't like thunderbird's filtering system. Thunderbird has a bloaty hotmail plugin. I use thunderbird at work and I'm glad it's only hooking into one account.

However on the subject of browsers. Schools in particular may not have any choice about using the said offenders.

I'm happy using the usual suspects coz I've got a clue > 0

If I asked someone to rebuild my system and IE was missing I'd slap them down big time (no offence Z - I know its for a good reason). I have to use it to test 'compatibility'.

Can you believe people are still using netscape 4.7 ?? (yes 4.7)

Also Mozilla is an alternative free browser (free as in freedom).

At the office at about 11:00 am we recieved a fax asking to tick a box, Yes continue to fax me or No delete from database.

The fax came from Spain ffs with an address. and a return fax number of 09058-050403, who do they take me for, an idiot.

At the bottom of the fax it says in small print:

Provided by FAX4u, San Pedro, Alcantara 29542, marbella spain. call uk 1.50.

yea, our school can't use firefox, apparently it makes things "too easy" for the GNVQ IT students or something :confused:

Thats the kind of thing that could only come from a school.

It is a clear sign that they require a beating with this.
http://www.phobe.com/tp/cluestick.jpg

There's nothing stopping me converting all the machines at work (a school) to an alternative browser, but i'm not going to.

It may be trivial to most users of these boards, but I know that most of the students, and essentially all of the staff would be just unable to cope with a different window style, buttons in different place, a different look - stuff like that. They just wouldn't know what to do, panic and go into "accept every message box instantly and blind clicking all over the place" mode.

It's just not feasable. :)

well, according to the admin of our school computers, he would shove FF on, although I do know what you mean bout people panicking, I mean, I had to help a girl in year 7 fill in a form for a yahoo email account a few weeks ago :/

Originally posted by GeeDee
I know that most of the students, and essentially all of the staff would be just unable to cope with a different window style, buttons in different place, a different look - stuff like that. School and college is about learning - and it's more important to learn basics, and how to use tools and use them properly, than how to achieve results with those tools. I would suggest that the "challenges" created for your users would actually be beneficial to their education.

Teachers have MORE than enough work cut out for them taching the curriculum, let alone additional stuff on top.

It takes a good 10 minutes usually to get a class logged on and then some more to open up whatever application they need. More so with a lower ability set. Most of them can get on with using IE. Changing browser would just be far FAR too much. They are supposed to be using the internet to research information which they can (kinda) cope with using IE. Having to add the teaching for using an alternative browser before the research could happen, there just isn't the time for.

Well its all down to education - paypal/ebay/your bank will never send you an email asking you to authenticate yourself.

These are the exact same sort of people that will give their pin number out over the phone - they deserve all they get for basically being stupid.

And its pretty obvious when you get an email and hover over one of the links which then goes to http://xx.xxx.xx.xxx.

I use IE and have no problems - infact Firefox has a whole load of problems with scripting.

Originally posted by Er00
well, according to the admin of our school computers, he would shove FF on, although I do know what you mean bout people panicking, I mean, I had to help a girl in year 7 fill in a form for a yahoo email account a few weeks ago :/

Whats so bad and panicky about a 11/12 year old asking for help filling out an online form? At that age you won't have much experience of form filling as your parents normally see to it. Everyone starts somewhere. Had it been a peer then it would have been different.
It always helps to have someone proof read a form (eg passport, CRB etc..) before you send it off because they can spot mistakes or show you something you may have missed out.

:rolleyes:

It was more the fact that she was unable to fill in a form which required name, D.O.B and required email addy :p:

Guess what - I had all of my account emptied out.I wasn't so lucky.I Panicked and went along with it's instructions.
Ended up being a mirror site of PayPal.
Be careful.Do not log into it with your password or e mail address or all your money will be emptied out in seconds.
I have had to block my credit card account,my other nationwide account that paypal stored and I had to change my paypal secret question,password,hint and e mail address.
I have reported it to PayPal.They responded with a warning that now they will keep sending me e mails for a while to trick me on impulse.

This e mail is meant to make you panic and think that someone has gone into your account and then added an e mail address to it.You instinctively then click on the link in the e mail so that you can log in immediately to cancel the bogus e mail address.Once you log in and find that there is no bogus e mail address,you then realise youv'e been scammed,and you then realise how youv'e just logged in - through their e mail link !
Quickly you get the phone numbers like nobody's business to block every account you have.Because the bogus e mail asked you to confirm your credit card details.So you logged in,then gave them the credit card details as well,to confirm your account with.
They don't even need to transfer money from paypal.Now they just empty your credit card roof / limit.
Warn anyone else you know
Beware of the https and the padlock at the brhs of the screen.
ALWAYS BOTH need to be present
This site has the https in the url address in your browser but no padlock.BEWARE
When you panic and you will when you get this e mail out of the blue - you will believe you are just logging in - You are not - You are giving your logging in details away.
Don't think you are immune because of your intellect.
If you are resident in the UK avoid logging in to the .com site. Go to PayPal.com/uk/ and then open another new window then type in https://www.PayPal.com/uk/ then watch out for the padlock in the bottom rhs of your desktop

thanks for the warning Dinamite


I have to admit there have been times where i've very nearly fallen for some schemes sent through e-mail


only a policy of "dont click any link in an e-mail unless you know FOR SURE it's genuine" and certasinly dont give out any details from links found in random e-mails sent to you

if it's genuine you should be able to go to the proper website and login to your account to sort it out, rather than direct from the e-mail

I thought that if you went to a https:// site, it automatically encrypted the data...

It does encrypt the data, but you're still sending the data to whatever site is on the other end of the connection.

All the https:// is mostly false security - your data being encrypted means that no-one can listen in between you and the person you are speaking to - but in reality such a tiny TINY amount of crime happens this way it's almost not worth worrying about (I'm not particularly bothered about https:// URLs for sending confidential info).

The only other purpose it serves is to verify the identity of the site you are browsing, but this is almost pointless due to DNS attacks, phishing, bogus certificates etc. etc.

I had a similar email yesterday asking me to confirm my ebay account information as well. Be careful.

best thing to do is to enter stupid things in the link and if it tells you that the details are wrong then you know it's a proper e-mail. I have done this a number of times to e-mails and they were all fakes.

This is what someone produced to show what they could do with firefox. However, all this has now been fixed...

http://www.nd.edu/~jsmith30/xul/test/ssht.png