Re: PayPal Fraud...?

[Kris Tilford]

On Sep 13, 2008, at 12:31 AM, Carl Nygren wrote:

> I was going to log on to PayPal now, but a site popped up asking for
> name, address, credit card number, CVV2, date of credit card expiry,
> bank account info, and Social Security Number.
>
> What bothers me is a) Why would PayPal ask for this, and b) I live in
> Sweden and I am a Swedish citizen. :)
> I do not have a Social Security Number - since I do not live in the
> US.
>
> I did not submit any info at all.
> I did however send an email to PayPal asking how exactly they are
> expecting me to fill out this form.
> I've had to deal with their stupid tech support earlier and made it
> very clear that I am not a citizen or resident of the United States,
> that I have no such thing as a SSN, and that I am concerned about
> this. What if it is a scam?
> I submitted the email under the category "Password Problem" which was
> the most related category I could find.
>
> So what I'm trying to ask here is: has anyone else outside the States
> run into this?
> Is it a scam or is PayPal going nuts?

Scam.

> I know this is not related to Macs, but I figured I'd ask the smartest
> list first :)

> So Listers - what do you think of this?

You were smart enough to figure this, but scammers are getting pretty  
creative. Anytime PayPal emails you they always have your entire name,  
never "Dear PayPal User". Any email without your entire name is a  
spoof and should be reported to [EMAIL PROTECTED] As for a spoof popup  
window, this could be any number of things. Is it repeatable? Did you  
go directly to PayPal's secure login screen, the one that starts  
"https" rather than "http"; or did you use a link provided on another  
site? I think you've been spoofed for certain, and doubt it's  
repeatable (links may be in your browser history). Likely you made  
some type of error along the way and fell into a trap that you've  
successfully avoided. Gold star!




--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---

Re: PayPal Fraud...?

[Len Gerstel]

On Sep 13, 2008, at 1:31 AM, Carl Nygren wrote:

>
> Hello all,
>
> I was going to log on to PayPal now, but a site popped up asking for
> name, address, credit card number, CVV2, date of credit card expiry,
> bank account info, and Social Security Number.
>
> What bothers me is a) Why would PayPal ask for this, and b) I live in
> Sweden and I am a Swedish citizen. :)
> I do not have a Social Security Number - since I do not live in the
> US.
>
> I did not submit any info at all.
> I did however send an email to PayPal asking how exactly they are
> expecting me to fill out this form.
> I've had to deal with their stupid tech support earlier and made it
> very clear that I am not a citizen or resident of the United States,
> that I have no such thing as a SSN, and that I am concerned about
> this. What if it is a scam?
> I submitted the email under the category "Password Problem" which was
> the most related category I could find.
>
> So what I'm trying to ask here is: has anyone else outside the States
> run into this?
> Is it a scam or is PayPal going nuts?
>
> I know this is not related to Macs, but I figured I'd ask the smartest
> list first :)
>
> So Listers - what do you think of this?
>
> Carl

Sounds like a phishing site. Did you type in https://www.paypal.com in  
your browser? If not, what did the address in your browser bar say?

The phishers are getting more ingenious nowadays. They are setting up  
their sites so that the links for support and etc all lead to the real  
paypal site so you get a warm fuzzy feeling and click the back button  
to go back top their site instead of continuing on on the real site.

Just remember, anytime you are asked for any important information,  
make sure you know what site you are on, and that you are where you  
are supposed to be and not at www.paypal,com.support.help.cn, which  
would be a  phishing site registered in China.

MacLife has a 6 page article in the current issue about Mac security,  
and my favorite quote is from a bigwig at Symantec. I am rewording it  
completely to use what I tell people all the time, and while he was  
talking about all personal computers, it really applies to Macs with  
their very minimal amount of malware in the wild.

The main security threat nowadays is the PEBKAC virus. PEBKAC- Problem  
Exists Between Keyboard And Chair.

In other words, things like entering information on a phishing site,  
responding to the money laundering scams, or responding yes to install  
the "special" video codec to watch the latest Brittany and JLo  romp  
all need approval from the user, and these are what gets you in trouble.

Len


--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---

Re: PayPal Fraud...?

[insightinmind]

I've gotten those type things "from Paypal".

They're simply not from Paypal if they ask for your credit card info, 
birthdate, SSN, or other personal credit information.

They do look real, don't they?

Good advice to send it to [EMAIL PROTECTED] They actually respond after 
checking the fraudulent e-mail with a thank you, and you actually feel 
like its not a form letter ... but it is ...

Bill Connelly
Musician and Painter
artsite: http://mysite.verizon.net/moonstoneartstudio/
myspace.com:  http://www.myspace.com/moonstoneartstudio


--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---

Re: PayPal Fraud...?

[Mel]

It is most likely a scam.

In your instance, if you were going to log onto PayPal, just do so and ignore 
what the alleged PayPal site wants from you

When in doubt, don't give information to anyone who asks you unless you know 
them.

Mel

PS: I gave up on PayPal over five years ago for similar reasons that have 
displeased you.

--- On Fri, 9/12/08, Carl Nygren <[EMAIL PROTECTED]> wrote:
From: Carl Nygren <[EMAIL PROTECTED]>
Subject: PayPal Fraud...?
To: "G3-5 List" 
Date: Friday, September 12, 2008, 10:31 PM

Hello all,

I was going to log on to PayPal now, but a site popped up asking for
name, address, credit card number, CVV2, date of credit card expiry,
bank account info, and Social Security Number.

What bothers me is a) Why would PayPal ask for this, and b) I live in
Sweden and I am a Swedish citizen. :)
I do not have a Social Security Number - since I do not live in the
US.

I did not submit any info at all.
I did however send an email to PayPal asking how exactly they are
expecting me to fill out this form.
I've had to deal with their stupid tech support earlier and made it
very clear that I am not a citizen or resident of the United States,
that I have no such thing as a SSN, and that I am concerned about
this. What if it is a scam?
I submitted the email under the category "Password Problem" which was
the most related category I could find.

So what I'm trying to ask here is: has anyone else outside the States
run into this?
Is it a scam or is PayPal going nuts?

I know this is not related to Macs, but I figured I'd ask the smartest
list first :)

So Listers - what do you think of this?

Carl




--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---

Re: PayPal Fraud...?

[Len Gerstel]

On Sep 13, 2008, at 9:33 AM, Mel wrote:

>
> --- On Fri, 9/12/08, Carl Nygren <[EMAIL PROTECTED]> wrote:
> From: Carl Nygren <[EMAIL PROTECTED]>
> Subject: PayPal Fraud...?
> To: "G3-5 List" 
> Date: Friday, September 12, 2008, 10:31 PM
>
> Hello all,
>
> I was going to log on to PayPal now, but a site popped up asking for
> name, address, credit card number, CVV2, date of
>  credit card expiry,
> bank account info, and Social Security Number.

> snip
>
> So what I'm trying to ask here is: has anyone else outside the States
> run into this?
> Is it a scam or is PayPal going nuts?
> Carl
>
>
> It is most likely a scam.
>
> In your instance, if you were going to log onto PayPal, just do so  
> and ignore what the alleged PayPal site wants from you
>
> When in doubt, don't give information to anyone who asks you unless  
> you know them.

NO!!!

He was at a fake site. If he logged on from there, he has given them  
his paypal account information. Whenever in doubt, close your current  
browser tab or window (to be extra safe or paranoid, quit and  
relaunch your browser), create a new window or tab and manually type  
in the address you were going to.

>
> Mel
>
> PS: I gave up on PayPal over five years ago for similar reasons  
> that have displeased you.

That is up to you, but it is not paypals fault. They are just an easy  
target for the scammers who know that it is always September on the  
net and are looking for the easily fooled newbies and careless  
experienced users. Have you also given up prescription drugs because  
of all the fake sites and spam?

Len


--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---

Re: PayPal Fraud...?

[Mel]

I didn't advise logging on to that site but initiating a new log on independent 
of that apparent scam. You've either misread my intent or I wasn't clear enough.

As for "but it is not paypals fault." - Good grief.  How you inferred from  
what I wrote that is was PayPal's fault is beyond my ken.  I referred to "I 
gave up on PayPal over five years ago for similar reasons that have displeased 
you." not to PayPal itself.  The key object is not PayPal but the "similar 
reasons that have displeased you."

Mel

--- On Sat, 9/13/08, Len Gerstel <[EMAIL PROTECTED]> wrote:
From: Len Gerstel <[EMAIL PROTECTED]>
Subject: Re: PayPal Fraud...?
To: g3-5-list@googlegroups.com
Date: Saturday, September 13, 2008, 7:17 AM



On Sep 13, 2008, at 9:33 AM, Mel wrote:

--- On Fri, 9/12/08, Carl Nygren <[EMAIL PROTECTED]> wrote:
From: Carl Nygren <[EMAIL PROTECTED]>
Subject: PayPal Fraud...?
To: "G3-5 List" 
Date: Friday, September 12, 2008, 10:31 PM

Hello all,

I was going to log on to PayPal now, but a site popped up asking for
name, address, credit card number, CVV2, date of
 credit card expiry,
bank account info, and Social Security Number.

snip

So what I'm trying to ask here is: has anyone else outside the States
run into this?
Is it a scam or is PayPal going nuts?
Carl


It is most likely a scam.

In your instance, if you were going to log onto PayPal, just do so and ignore 
what the alleged PayPal site wants from you

When in doubt, don't give information to anyone who asks you unless you know 
them.

NO!!!  
He was at a fake site. If he logged on from there, he has given them his paypal 
account information. Whenever in doubt, close your current browser tab or 
window (to be extra safe or paranoid, quit and relaunch your browser), create a 
new window or tab and manually type in the address you were going to. 

Mel

PS: I gave up on PayPal over five years ago for similar reasons that have 
displeased you.

That is up to you, but it is not paypals fault. They are just an easy target 
for the scammers who know that it is always September on the net and are 
looking for the easily fooled newbies and careless experienced users. Have you 
also given up prescription drugs because of all the fake sites and spam?
Len






--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---

Re: PayPal Fraud...?

[David Boyles]

Carl: It's obviously some kind of scam; no reputable company would do this; and 
you were smart not to give any info. It's possible that you typed something 
"close" to the PayPal address and you got the scam site. For example, I belong 
to Earthlink, and if I slightly mistype and type something like Earthink 
(leaving out a letter) I end up getting something called "Earthlink" but it's 
not the real Earthlink. Good luck. -- db

-Original Message-
>From: Carl Nygren <[EMAIL PROTECTED]>
>Sent: Sep 12, 2008 10:31 PM
>To: G3-5 List 
>Subject: PayPal Fraud...?
>
>
>Hello all,
>
>I was going to log on to PayPal now, but a site popped up asking for
>name, address, credit card number, CVV2, date of credit card expiry,
>bank account info, and Social Security Number.
>
>What bothers me is a) Why would PayPal ask for this, and b) I live in
>Sweden and I am a Swedish citizen. :)
>I do not have a Social Security Number - since I do not live in the
>US.
>
>I did not submit any info at all.
>I did however send an email to PayPal asking how exactly they are
>expecting me to fill out this form.
>I've had to deal with their stupid tech support earlier and made it
>very clear that I am not a citizen or resident of the United States,
>that I have no such thing as a SSN, and that I am concerned about
>this. What if it is a scam?
>I submitted the email under the category "Password Problem" which was
>the most related category I could find.
>
>So what I'm trying to ask here is: has anyone else outside the States
>run into this?
>Is it a scam or is PayPal going nuts?
>
>I know this is not related to Macs, but I figured I'd ask the smartest
>list first :)
>
>So Listers - what do you think of this?
>
>Carl
>
>
>>


--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---

DNS server exploit (was Re: PayPal Fraud...?)

[Bill Christensen]

At 10:31 PM -0700 9/12/08, Carl Nygren wrote:
>Hello all,
>
>I was going to log on to PayPal now, but a site popped up asking for
>name, address, credit card number, CVV2, date of credit card expiry,
>bank account info, and Social Security Number.
>
>What bothers me is a) Why would PayPal ask for this, and b) I live in
>Sweden and I am a Swedish citizen. :)
>I do not have a Social Security Number - since I do not live in the
>US.

They didn't.  See below.

>
>I did not submit any info at all.

This is good.

>I did however send an email to PayPal asking how exactly they are
>expecting me to fill out this form.

This could be worse than spam.  If you typed the address in your 
browser, it's probably DNS Cache poisoning.  (if you followed a link 
in an email, it probably was a common phish and not what I describe 
below.)

In early August a security hole in the Domain Name System (the 
"traffic cop" part of the internet that changes the name you type in 
to your browser such as 'paypal.com' into an IP address of a specific 
machine) was discovered.  Not all domain name servers have been fixed 
yet, though patches exist for most of them.

The exploit involves taking advantage of the fact that Domain Name 
Servers typically do not change the port they talk on with each new 
query.   As a result, it becomes possible for someone to hit a domain 
name server with requests in a way that allows them to 'piggyback' a 
payload of bogus data which gets cached along with the real stuff. 
(I'm not going into the details here, for obvious reasons).  The 
patch causes the server to assign ports in a random sequence, which 
greatly reduces but does *not* eliminate the threat.

Using such a technique someone could hack a DNS server such that a 
legitimate request for the location of "www.paypal.com" by someone 
using that server (ie, a user like you) would point to their phishing 
server.

To test whether the DNS server you use is safe from threats of this 
type, use the DNS tester at . 
Everyone should perform the test.

If your DNS server(s) don't pass the test, contact your ISP and 
demand at least one that does.

For more info, see 
 and follow 
the links.


-- 
Bill Christensen


Green Building Professionals Directory: 
Sustainable Building Calendar: 
Green Real Estate: 
Straw Bale Registry: 
Books/videos/software: 

--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---

Re: DNS server exploit (was Re: PayPal Fraud...?)

[Peter]

On Sep 13, 2008, at 8:38 PM, Bill Christensen wrote:

> In early August a security hole in the Domain Name System (the
> "traffic cop" part of the internet that changes the name you type in
> to your browser such as 'paypal.com' into an IP address of a specific
> machine) was discovered.  Not all domain name servers have been fixed
> yet, though patches exist for most of them.

Many DSNes run Windows, but a real-deal-SEAL DNS which runs under  
Unix is available for free.

Those which don't run Windows for their DNSes run that Unix version.

There really is no excuse running a mission-critical software system  
on something as flimsy as Windows.

I would run it on a System/390 or a z/System.

System/360 ... System/390's and z/System's predecessor ... was  
reliable enough to get us ... the U.S. ... to the Moon and back,  
during Project Apollo, although it ran the Houston-based software,  
not the LEM or CM software, which computer had all of 1K of RAM.

The Houston-based System/360s had a meg or two of RAM, back when a  
megabyte of main storage cost a million dollars, and the largest disk  
drive was on ten 14" diameter platters and had a capacity of 30  
megabytes per module, with a maximum of eight modules per disk  
controller.

I've been programming System/360, System/370, System/390, and the  
various Amdahls which were System/370 and System/390 compatible, for  
nearly 45 years and the code I wrote 45 years ago will still run on  
IBM's latest and greatest with no modifications.



--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---

Re: DNS server exploit (was Re: PayPal Fraud...?)

[John Callahan]

Hello Bill,
Did as you suggested and the following came up: Your name server, at  
24.92.226.9, appears to be safe, but make sure the ports listed below  
aren't following an obvious pattern (:1001, :1002, :1003, or :3, : 
30020, :30100...).

Requests seen for dba2b0069a04.doxdns5.com:
24.92.226.9:59251 TXID=42314
24.92.226.9:36412 TXID=42452
24.92.226.9:7310 TXID=65406
24.92.226.9:47231 TXID=40436
24.92.226.9:33662 TXID=6918
What does it mean/
Thanks
On Sep 13, 2008, at 11:38 PM, Bill Christensen wrote:

>
> At 10:31 PM -0700 9/12/08, Carl Nygren wrote:
>> Hello all,
>>
>> I was going to log on to PayPal now, but a site popped up asking for
>> name, address, credit card number, CVV2, date of credit card expiry,
>> bank account info, and Social Security Number.
>>
>> What bothers me is a) Why would PayPal ask for this, and b) I live in
>> Sweden and I am a Swedish citizen. :)
>> I do not have a Social Security Number - since I do not live in the
>> US.
>
> They didn't.  See below.
>
>>
>> I did not submit any info at all.
>
> This is good.
>
>> I did however send an email to PayPal asking how exactly they are
>> expecting me to fill out this form.
>
> This could be worse than spam.  If you typed the address in your
> browser, it's probably DNS Cache poisoning.  (if you followed a link
> in an email, it probably was a common phish and not what I describe
> below.)
>
> In early August a security hole in the Domain Name System (the
> "traffic cop" part of the internet that changes the name you type in
> to your browser such as 'paypal.com' into an IP address of a specific
> machine) was discovered.  Not all domain name servers have been fixed
> yet, though patches exist for most of them.
>
> The exploit involves taking advantage of the fact that Domain Name
> Servers typically do not change the port they talk on with each new
> query.   As a result, it becomes possible for someone to hit a domain
> name server with requests in a way that allows them to 'piggyback' a
> payload of bogus data which gets cached along with the real stuff.
> (I'm not going into the details here, for obvious reasons).  The
> patch causes the server to assign ports in a random sequence, which
> greatly reduces but does *not* eliminate the threat.
>
> Using such a technique someone could hack a DNS server such that a
> legitimate request for the location of "www.paypal.com" by someone
> using that server (ie, a user like you) would point to their phishing
> server.
>
> To test whether the DNS server you use is safe from threats of this
> type, use the DNS tester at .
> Everyone should perform the test.
>
> If your DNS server(s) don't pass the test, contact your ISP and
> demand at least one that does.
>
> For more info, see
>  and follow
> the links.
>
>
> -- 
> Bill Christensen
> 
>
> Green Building Professionals Directory:  directory.greenbuilder.com>
> Sustainable Building Calendar: 
> Green Real Estate: 
> Straw Bale Registry: 
> Books/videos/software: 
>
> 
John Callahan
[EMAIL PROTECTED]
If there are no dogs in Heaven, when I die I want to go where they  
went.¨
--Will Rogers
extreme positive = (ybya2)


--~--~-~--~~~---~--~~
You received this message because you are subscribed Low End Mac's G3-5 List, a 
group for those using G3, G4, and G5 desktop Macs - with a particular focus on 
Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/g3-5-list?hl=en
Low End Mac RSS feed at feed://lowendmac.com/feed.xml
-~--~~~~--~~--~--~---