 
User0101
Premium
join:2002-12-12
S-ZZ9-PZA
clubs:  | Phishing With The Wrong Bait Why anyone would follow a link sent to them through EMAIL "to update their account" after so many repeated phishing attacks over the years truly surprises me.
I feel sorry for the victims and I'm sure that this will be a tough lesson learned. | |
|
 | 
AnonProxy
Proxy of Anon
Premium
join:2001-05-12
ß
| Re: Phishing With The Wrong Bait The reason these thing work is because people are STUPID.
At this point and time NO ONE with half a brain should even respond to anything of the like.
If you are so stupid to respond to an e-mail from "paypal" (jesus just look at the headers if unsure) stay of the "interwebs". | |
|
| | brianiscool
join:2000-08-16
Miami, FL | Re: Phishing With The Wrong Bait Some people have no sense of intelligence. | |
|
| | | attsbcisgay
join:2003-03-18
Beverly Hills, CA
|  Re: Phishing With The Wrong Bait
said by brianiscool  :Some people have no sense of intelligence. Some people are very intelligent.
You're looking at one. | |
|
| | 
technick
Premium
join:2000-12-16
Loganville, GA
1 edit | said by AnonProxy :The reason these thing work is because people are STUPID. At this point and time NO ONE with half a brain should even respond to anything of the like. If you are so stupid to respond to an e-mail from "paypal" (jesus just look at the headers if unsure) stay of the "interwebs". It's great that these "web consultants" were schooled... The web is full of idiots... I wonder how much these phishers make in a year. If it wasn't for these stupid people, phishers would exist and the international lotto / off shore fund transfers wouldn't exist.
--
"Our greatest glory consists not in never falling, but in rising everytime we fall." - Confucius
Bellsouth Free Since 10/05 - To Hell With Bellsouth
Advocatus Diaboli | |
|
| | 
CJ
join:2000-07-18
USA
| I like how people are quick to say others are stupid and whatnot. I guess the ones that do are perfect and have never made a mistake or done anything stupid themselves. Tons of new people join the internet everyday and are not savvy enough to distinguish a legit or fake email. You think an internet noob would even know what a header was, or an IP address for that matter.
You know what they say about people living in glass houses. | |
|
| | | jsouth
Jsouth
join:2000-12-12
Wichita, KS
| Re: Phishing With The Wrong Bait Well with all the warnings that are on the news, in the papers and even on companies web sites that warn customers about these things, they still go right ahead and click on those links and blindly put in personal info? Yes those are idiots. I especially love the morons who give personal info to phishers who send attempts to them with misspellings and some phishes from companies that the customer doesn't even have an account with. I've made mistakes, but I have to call a spade a spade too.
--
BTK is guilty!!!! | |
|
| | | |
CJ
join:2000-07-18
USA
| Re: Phishing With The Wrong Bait I am sure that a lot of the public is like myself and rarely watches TV. I prefer to be more productive than a vegetable in front of the tube. Other than on DSLR, I don't see a whole lot about it on the internet either. At least not to the amount at which it would stick in my head.
I am having a hard time seeing how one is stupid for falling for this scam. Some of the ones I have actually gotten seem very legit and if not informed I could have easily fallen for it. I could see if you fell for it more than once or if you had actually read something on it then fell for it. But to call someone stupid because they fell for something they had no clue about is a little ignorant itself. To call them misinformed or uninformed would be a better term IMO. | |
|
| rammjet
join:2003-08-27
West Palm Beach, FL | What if someone created a bunch of eBay pages with Buy Now prices that were too good to be true?
Then the link to Paypal was bogus? | |
|
| 
conchchowder
@comcast.net
| Many graduating college seniors don't know how to fill out a form, create an email account, operate an mp3 player, or know what Thomas Jefferson is famous for. Read this and bawl. »baltimorechronicle.com/jul03_soapbox.shtml These same seniors become the lawyers and engineers this thread is referring to. | |
|
| | 
operagost
join:1999-08-02
Spring City, PA | Re: Phishing With The Wrong Bait Well heck, even this college professor doesn't know that the amendment awarding women suffrage passed in 1920, not 1922! | |
|
| 
Fluker
join:2005-04-07
West Lafayette, IN
| I have stressed so so many times to so many people that the correct way to deal with sites asking for attention of any kind is to simply delete any emails from them and then go to the site. Payal ebay etc all have message centers that will tell you if something is up.
Good
Ebay: Please log in to update your billing
BAD
Ebay:Your account info is fubar hit this Clicky thing to fix it | |
|
b10010011
Whats a Posting tag?
join:2004-09-07
Bellingham, WA | 1000 idiots
People will never learn!  | |
|
Jason Levine
Premium
join:2001-07-13
USA
| Easy way to avoid Phishing I've gotten the "your account needs to be updated" and the "someone has added an e-mail address to your account" Paypal phishes for quite awhile. Of course, I just junk them, but there's an easy 4 step method for double-checking that it's a phish without falling for the phish.
Step #1: Don't click on any links in the e-mail!
Step #2: Open a new Browser Window.
Step #3: Type "http://www.paypal.com/" in the address bar.
Step #4: Log into your account.
Now if it's a valid warning, there should be some type of warning in your account area as well as a method of fixing the problem. If not (and most likely there won't be), report the phishing attempt to spoof@paypal.com.
--
-Jason Levine
My Gallery | Jason's Toolbox | PCQandA.com | URateit.com | |
|
|
anon11212
@nuvox.net | Re: Easy way to avoid Phishing Step 1: don't use PayPal | |
|
| | rbb
join:2000-09-17
Fairfax Station, VA | Re: Easy way to avoid Phishing I find it amusing that I don't even have a paypal account and I still get the phishing messages... | |
|
rewket
Premium
join:2003-08-21
Longueuil, QC
| obviously This guy is made to be something he isnt on this site
1100 in 2days is very normal, i can point you to 5 msn's of people who get more than that in 1day when they come up with a new idea.
But wow, this scammer sure did some nice work and no im not against phishers.. I like to think that this is natural selection electronic version. Idiots that get phished will
a) quit the internet, hurray!
b) buy lots of protection hence giving money to hopefully a good tech company
c) get educated | |
|
| emptywig
Huh? What?
Premium
join:2002-08-05
Pasadena, TX | Re: obviously So I guess you're not against murder, or robbery, or usury, extortion, either? All natural selection, right? Whoever has the biggest stick and all that? 
wig | |
|
| |
rewket
Premium
join:2003-08-21
Longueuil, QC | Re: obviously no but people getting phished are in the same category to me as these people who got free breast exams at home from a phony doctor and then went to court for sexual assault.
dumb people only learn when they get played. | |
|
| | | 
WileEC
mindtaker, macky cat, etc.
join:2002-02-07
Yonkers, NY
 ·Verizon FIOS
| Re: obviously It has nothing to do with being dumb. What about the elderly and kids? What about the hoards of non-technical people that use the net every day? Should the net only be for people who are up on the latest scam tactics? You sir, are an idiot. May the piano of fate fall hard on you.
--
Experience one of the most beautiful women on earth at PetraCentral! | |
|
| | | |
rewket
Premium
join:2003-08-21
Longueuil, QC | Re: obviously ya my 6 year old cousin uses paypal..
what kind of retarded statement did you just try to pull over my head | |
|
| | | | |
WileEC
mindtaker, macky cat, etc.
join:2002-02-07
Yonkers, NY
·Verizon FIOS
| Re: obviously 1) Phishing is not limited to PayPal. 2) Kids will receive many unsolicited emails just like the rest of us do - some phishing, some pornographic, some viruses, some from sex predators. 3) Kids are not limited to your unfortunate 6-year-old cousin... kids include 12 and 13-year-olds, etc. which is exactly what you sound like. For you to have the audacity to say that whomever is a victim of this scam deserves it, that makes you an idiot (well, technically an assh*le). Congratulations! 
BTW, you need to check yourself. Seek professional help.
--
Experience one of the most beautiful women on earth at PetraCentral! | |
|
| | | | | |
rewket
Premium
join:2003-08-21
Longueuil, QC | Re: obviously Dont insult me virgin, get an other playboy. | |
|
jsuboh
join:2002-06-13
Earlimart, CA
 ·RoadRunner Cable
| Put some of the blame on PayPal I don't blame the victims for being stupid. Paypal still does not implement SPF properly or for that matter any other type of email address verification. Also, many ISP email servers do not verify email address through SPF or other means. Another thing is that PayPal, has been sending out emails to agree to their new terms or your account will be suspended (sounds Phishy to me) similar to what these scums do. So, again I don't blame these people for being stupid | |
|
| 
MDboyz
join:2001-01-11
Silver Spring, MD
| Re: Put some of the blame on PayPal I don't get it. How this Paypal's fault? I don't think Paypal has control over which link its customer clicks on. And I've never received any email from Paypal requires me to click on any link to verify anything or agree to anything.
--
My life is on the fast lane ... Verizon FIOS.. | |
|
| | 
n2jtx
join:2001-01-13
Glen Head, NY
·Optimum Online
| Re: Put some of the blame on PayPal said by MDboyz :I don't get it. How this Paypal's fault? I don't think Paypal has control over which link its customer clicks on. And I've never received any email from Paypal requires me to click on any link to verify anything or agree to anything. However, Paypal does send out emails with links to click on to bring up their site. That alone is outrageous. Personally I think all emails from Paypal should have no links embedded and simply give you the address that you need to type into your address bar including the »https://. Of course if you receive an "official" email that tells you to go to something like »www.paypal.scamme.com and you type it in, you deserve what you get.
--
I support the right to keep and arm bears. | |
|
| | jsuboh
join:2002-06-13
Earlimart, CA
·RoadRunner Cable
| said by MDboyz :I don't get it. How this Paypal's fault? I don't think Paypal has control over which link its customer clicks on. And I've never received any email from Paypal requires me to click on any link to verify anything or agree to anything. Below is one of the emails I received and it is legit. The link is click-able, so tell me how is beginner suppose to know the difference. And when I say that it is PayPal's fault - It is they send emails just like those scum bags. Also, the can do thing to prevent phishers from using their email address such as using SPF (properly, if you test their domain name it comes back as a softfail which means that it is possible that a phisher can use their email address).
Dear MyNAME
PayPal's records indicate that you have not yet accepted the updated PayPal User Agreement and Privacy Policy.
Failure to accept the updated PayPal User Agreement and Privacy Policy within 30 days will result in limited access to your PayPal account. If your account is limited, you will no longer be able to receive or send payments.
PayPal values you as a customer and does not want your account to be limited. Please click the link below. On your Account Overview page, click on the New Policy Update link in the left column of the page:
Copy and paste this link in to your browser, log in and click the New Policy Update link on your Account Overview page.
»https://www.paypal.com/us/cmd=_login-run
----------------------------------------------------------------
Thank you for using PayPal!
The PayPal Team
PayPal Email ID PP 878 | |
|
|
| mackjr
join:2006-04-14
Bayonne, NJ | Re: Incontinent? Even more unfortunately, most folks don't know that seeing an IP address instead of paypal.com is a problem. | |
|
| | nonner9
join:2005-10-14
Charlotte, NC | Re: Incontinent? or the ip address has been switched behind the scenes, see my post below | |
|
| |
nonner9
join:2005-10-14
Charlotte, NC
| Part of the problem... Some of these sophisticated schemes will change the HOSTS file in the Windows directory (ie. through holes in IE security)
Once this is done, any calls to an www.paypal.com can be redirected to a IP address without the user seeing the IP or other domain in their web browser. This was one of the main reasons Bank of America phishing scheme duped so many people.
If you remember, the BoA scam was around the time that there was the IE bug with images which allowed malicious access (ie. changing HOSTS file)
If you want to check the file 'hosts':
.\WINDOWS\system32\drivers\etc\
It should look something like this and
99% of the time it should be empty, this is
mainly a carry over from Win NT days, so
if you don't know why an entry is there, it
probably shouldn't be there...
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost | |
|
| 
Rifkinn
join:2005-11-21
Sullivan, IN | Re: Part of the problem... lol, my hosts file is 340kb. hundreds of ad blocking popup stopping love..... | |
|
| | sharksfan3
Premium
join:2004-02-16
Poughkeepsie, NY | Re: Part of the problem... Same here. Empty HOSTS file = Ads, Ads, and MORE Ads! My hosts file clocks in at 364kb... | |
|
| | | nonner9
join:2005-10-14
Charlotte, NC | Re: Part of the problem... What do you put in it to make it so big?
What is the purpose of having a large empty file?
or in other words...
Is there something proactive you can do with your HOSTS file in order to protect it? | |
|
|
louis5555
@vif.net | ya. lets not get angry for nothing! | |
|
GilbertMark
Premium
join:2001-05-02
Gilbert, AZ | Hmm Yet another scam for the stupid to fall victim to. People who actually use their head for more than a hat rack will just ignore it.
--
Just because a word has an S in it doesn't mean it needs an apostrophe too. | |
|
major marco
Res Firma Mitescere Nescit
Premium
join:2003-02-13
Stepford, CA
clubs: | Saving Rubes One Phish At A Time Everytime I get phishing email from Paypal or Citibank or any of them, I make it a point to fwd with full headers to the abuse dpt. of the entity in question.
--
Choose Net Neutrality Now or Lose It: www.savetheinternet.com | |
|
| 
baysoor
join:2002-03-12
San Jose, CA
 ·VoicePulse for Bus..
 ·AT&T Yahoo
| Re: Saving Rubes One Phish At A Time I do the same but lot of times abuse@ addresses do not work. They want you to go to their website and fill out a lengthy web form.
There should be a standard abuse@ or any other e-mail address making it easy for people like us to send the phishing e-mail. | |
|
| | 
pog
Premium
join:2004-06-03
Kihei, HI
·Hawaiian Telcom
| Re: Saving Rubes One Phish At A Time said by baysoor :... There should be a standard abuse@ or any other e-mail address making it easy for people like us to send the phishing e-mail. There is a standard, I believe... it's just not followed all the time. However, you might have a look at »abuse.net/
--
My Site | |
|
| |
major marco
Res Firma Mitescere Nescit
Premium
join:2003-02-13
Stepford, CA
clubs:
1 edit | said by baysoor :I do the same but lot of times abuse@ addresses do not work. They want you to go to their website and fill out a lengthy web form. I have yet to run into that. If you search thoroughly on the company's site, you will find the email address of the abuse dpt. Sometimes it's abuse@domain.com but sometimes it's spoof@domain.com. I almost always receive phishing scams from Citibank, eBay and PayPal. Barring that, if it's a general scam, I'll research the IP address myself and find the email address of the abuse dpt. of the ISP the f*cker sent it from.
--
Choose Net Neutrality Now or Lose It: www.savetheinternet.com | |
|
Tzale
Proud Libertarian Conservative
Premium
join:2004-01-06
Sweden
·Verizon FIOS
·Optimum Online
| Give me a break People are quick to jump and say people are stupid. The fact is that people JUST DON'T KNOW.... On this website we see people screaming that everyone should get a PC in one thread. The next thread, like this one, we see people saying that people are stupid. Well guess what, NOT everyone needs a PC. This is an example of people who fall for stuff like this. | |
|
disc
join:2005-12-31
Raleigh, NC | Does Federated Identity alleviate/eliminate phishing? Any views out there on Federated Identity addressing/alleviating phishing? Surfing seems to indicate they're aiming for something like that. But I haven't done much study beyond high-level surfing :-(. | |
|
claudeo
join:2000-02-23
Redmond, WA
| Bad examples Chase sends out marketing emails just like that to their customers, with a link back to their web site that of course includes a parameter to check how successful their spam was. And guess what? The last two phishing-like emails I got from Chase turned out to be legit upon close inspection. Marketing overrules sanity. What is the general public supposed to believe? The marketers or the security people? Guess who has more resources to influence people's behaviors? | |
|
matt500
join:2005-10-06
Rochester, NY
| people will never learn... I was in the school on monday. my friend received this email. He opens it and goes to the link.. starts to enter his info. hes lucky that i looked over. I noticed the IP instead of »https://paypal.com.... and I was like "WHOA DUDE WAIT" I showed him the IP and told him it was a scam. He goes "how do you know". Duh, its not secure, its on an IP thats NOT paypal, and paypal woudnt do that.
Some people just shoudn't have access to paypal at all because they are so dumb. | |
|
okieopie
Premium
join:2004-02-06
Alexandria, KY
1 edit | Scam the Phishers The best defense to the phishing crap is to overwhelm them with bogus information. I make it a point whenever I receive a phish (and have some time to kill) to completely fill it out with false information. If EVERYONE did that with these pfishing expeditions, the information they would get would be mostly useless. They wouldn't know which replies were legit and which were fake and it takes much less time for me to enter false information that it does for the pfisher to verify it. I get a mild thrill out of knowing that I caused the jerk on the other end to be disappointed because he ended up being the one who was conned.
After reading the article, I find that the reason this one is so successful is that it automatically authenticates the login information you supply with PayPal. So, apparently I would never get the opportunity to supply them with bogus info. Chalk one up for the phishers -- the bastards! | |
|
fartness
Computersoc Dot Com
Premium
join:2003-03-25
Look Outside
clubs: | Real PayPal I just got a REAL PayPal message and it says to type their address in your address bar (ie. no links to click on). | |
|
Fluker
join:2005-04-07
West Lafayette, IN
| image verification I think Paypal needs to implement some sort of app that requires image verification and then uses a script to feed that image directly to their servers.
I think that would impede this type of attack pretty well as a phisher would need to read and then manually fill in the result of the image.
right? | |
|
inciter
Noobie
Premium
join:2000-08-30
Rohnert Park, CA
| I got like 4 of these One after the other trying to get me to enter info... IE 7beta got each one right. Good old NEW IE...
--
Learning something everyday makes not a Noobie, but a Professional Noobie! Like me... | |
|
|
|
|
Prodigious New Paypal Phishing Scheme
