# Security Warning!



## Bob Hubbard (Feb 19, 2006)

I'm noticing a lot more fishing attempts going on as of late.

Please note:
Under NO circumstances will PayPal, Ebay, your local Bank, Amazon, etc email you and ask you for your account information.

Under NO circumstances should you fill in the forms, etc.

Login to your account NORMALLY! (That means Paypal.com or ebay.com, etc, not the nice 123.123.123.123 or whatever address in the email you got)
Then contact their support normally.

Be forewarned, be safe.


----------



## Xequat (Feb 19, 2006)

Thanks for that, Bob.  I've never responded to one of those, but I have gotten a couple of them before.  Do you know if there is somewhere we can send the IP address if we believe that it's a fake?  FBI or something?


----------



## Carol (Feb 19, 2006)

www.cybercrime.gov/reporting


----------



## Jonathan Randall (Feb 19, 2006)

Thanks for the heads up. I almost fell for a PayPal attempt a couple of years ago. :whip:


----------



## Xequat (Feb 19, 2006)

Yes, thanks Bob and lady kaur.


----------



## Bob Hubbard (Feb 19, 2006)

Paypal stuff you can send to spoof at paypal.com


----------



## BrandiJo (Feb 19, 2006)

i keep getting an email from paypal saying i had another email address added to my account ...except i dont have a paypal account to start with ...would this be what you are taking about?


----------



## Andrew Green (Feb 19, 2006)

BrandiJo said:
			
		

> i keep getting an email from paypal saying i had another email address added to my account ...except i dont have a paypal account to start with ...would this be what you are taking about?



Yup, although they can get a lot more complex and believable.

I've even heard of people getting your credit card number, calling you with it and trying to get other info from you.

I saw one that was a bank account one, they had a site up that looked like the banks and if you looked at your address bar it would show the bank until you scrolled it to the right.

Like this:
http://bankname.com?agdcnw01343&asd01=asdh973ydb038rq.....@23.14.67.123

everything before the "@" basically gets ignored and it takes you to the address after that, which is not vissible without scrolling the address bar over.


----------



## Bob Hubbard (Feb 19, 2006)

The one I got today was interesting. The address was something like 0x16.0x10.0x10.0x10  which I've never seen.  The page on the other side was sneaky. It looked like paypal. You "login" and it brings you to another page asking all sorts of info, including your debit card PIN. Once you enter that, it "logs you out" and takes you to paypals site to log back in. Everything looks right in there, links etc would goto paypal.com. There's no reason however for Paypal to ask for your information in this manner, or especially to ask for your PIN.

Of course, I used false info, of a rather rude nature.


----------



## Kreth (Feb 19, 2006)

Normally, these scam sites are simple database front-ends that collect your login info, then show a login failed message before forwarding you to the real site. Most people will assume that they misspelled their password and login again. Personally, I like to login to their sites with madeup login info. The more people that do this type of thing, the less use they get from their database of stolen info. You just have to be up-to-date on your browser security patches and anti-virus dat files.


----------

