[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[atlarge-discuss] Re: PayPal Scam Site Using Legit SSL

To: mspadea@GALAXY.NET
Subject: [atlarge-discuss] Re: PayPal Scam Site Using Legit SSL
From: Jeff Williams <jwkckid1@ix.netcom.com>
Date: Thu, 10 Jul 2003 00:34:47 -0700
Cc: ST-ISC@MAIL.ABANET.ORG, atlarge discuss list <atlarge-discuss@lists.fitug.de>
Delivered-to: mailing list atlarge-discuss@lists.fitug.de
List-help: <mailto:atlarge-discuss-help@lists.fitug.de>
List-post: <mailto:atlarge-discuss@lists.fitug.de>
List-subscribe: <mailto:atlarge-discuss-subscribe@lists.fitug.de>
List-unsubscribe: <mailto:atlarge-discuss-unsubscribe@lists.fitug.de>
Mailing-list: contact atlarge-discuss-help@lists.fitug.de; run by ezmlm
Organization: INEGroup Spokesman
References: <1057756168.3f0c1408d0589@www.galaxy.net>

Mchael and all,

  Thanks for this update.  I got one of these about a month ago
and the ICANNATLARGE.ORG was trying to suggest using
pay pal as a means of verifying identity, which of course is
a very bad and unwise idea.

Michael Spadea wrote:

> >From Internetnews.com
>
> http://www.atnewyork.com/news/article.php/2232421
>
> July 8, 2003
> PayPal Scam Site Using Legit SSL
> By Ryan Naraine
>
> Intrusion detection specialists Internet Storm Center (ISC) on Monday raised an
> alarm for a fake PayPal site using a valid SSL (define) to dupe users into
> giving up personal information.
>
> By using a legitimate SSL certificate to masquerade as a PayPal site, scammers
> are now adopting trickier techniques to perpetuate identify theft that are not
> as easy to spot, the ISC warned.
>
> The SSL (Secure Sockets Layer) protocol is used by Web sites to obtain
> confidential user information, such as credit card numbers in a secure,
> encrypted environment. By convention, URLs that require an SSL connection start
> with https: instead of http:.
>
> PayPal, the eBay-owned online billing/payment firm, uses SSL to secure its Web-
> based interaction with millions of users. By using a legitimate SSL certificate
> to masquerade as a PayPal site, the ISC warns that scammers are now adopting
> trickier techniques to perpetuate identify theft.
>
> "Usually it is the goal of these sites to extract information from users which
> will be used in identity theft or credit card fraud. The page is usually
> advertised via spam and looks just like a regular PayPal/eBay page," the
> monitoring service said, noting that users are usually directed to a Web site
> to confirm billing information.
>
> A standard technique to mask the actual URL and make it look valid, the ISC
> explained, is the addition of username/password prefixes that are prepended to
> the URL.
>
> In most cases, the scam sites are easily spotted because they are not using
> SSL. "Sometimes they attempt to hide this fact by increasing the browser window
> size to push the lower part of the browser window off the screen, so users will
> not see the open browser lock," the monitoring service noted.
>
> However, the latest scam spotted making the rounds in inbox uses a valid SSL
> certificate which makes it tougher to spot the fake. The ISC found that the e-
> mail spam message lures users into going to a URL that looks like a secure
> PayPal site but it actually uses a CGI script to redirect the user to a fake
> page.
>
> To spot the scam, users are urged to be wary of overly long URLs that redirect
> to strange-looking domains, such as
> https://www.paypal.com:ac=alksdjflakdjflkasdjruoiwehjrlkajdf@KI54fT.
> WoRlDiSpNeTwOrK.CoM/i.CgI?billing@yourdomain.com.
>
> Before entering personal information on a Web site, PayPal users were urged to
> pay careful attention to details of the site's URL and look for red flags such
> as an unusually long domain name that contains the "@" sign
>
> The use of SSL certificates is the latest in a long list of scams targeting
> PayPal users.
>
> Last month, electronics retailer Best Buy (Quote, Company Info) became the
> latest victim of scammers using e-mail spam to steal credit card numbers.
>
> The Best Buy scam also used URL redirecting techniques to lure users into
> entering sensitive personal information, including Social Security numbers, on
> a fake Web page.
>
> ---------------------------------------------------
> IMP Webmail brought to you by Galaxy Networks, Inc.
> http://www.galaxy.net
>
> To unsubscribe send the following in the body of a message to
> listserv@abanet.org  - unsubscribe st-isc

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!)
"Be precise in the use of words and expect precision from others" -
    Pierre Abelard
===============================================================
CEO/DIR. Internet Network Eng. SR. Eng. Network data security
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 214-244-3801



---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de

Prev by Date: Re: [atlarge-discuss] Re: OFFLIST Re: [Fwd: Re: [atlarge-discuss] REPORT on VOTE 2003-8 a,b & c]
Next by Date: Re: [atlarge-discuss] Comment from Panelist André Rebentisch
Previous by thread: [atlarge-discuss] No confidence vote
Next by thread: [atlarge-discuss] manipumlatrash
Index(es):
- Date
- Thread