PAYPAL USERS BEWARE

[Miramonti]

I think these scammers are trying to be wise by spamming people with a legitimate http web address so people let down their guard for the next time a bogus login alert goes out with a bogus web address.

 

[stevef]

thanks for the heads up

 

[rahvin]

There was a recent report that because ICANN is allowing unicode domain registrations it is possible to have a domain that looks identical to a known domain but is in fact not the same domain because it is using unicode charactersets instead of ANSI. For example, you could register, www.paypal.com using a unicode letter used in another alphabet. This domain would look identical to the ANSI version but the domain would not be the same. This could be the first exploit of that vulnerability.

This was reported on slashdot about a month ago.

 

[rbhawcroft]

Originally posted by: rahvin
There was a recent report that because ICANN is allowing unicode domain registrations it is possible to have a domain that looks identical to a known domain but is in fact not the same domain because it is using unicode charactersets instead of ANSI. For example, you could register, www.paypal.com using a unicode letter used in another alphabet. This domain would look identical to the ANSI version but the domain would not be the same. This could be the first exploit of that vulnerability.This was reported on slashdot about a month ago.

thats pretty much what I meant, but didnt know you could do it with that many other letters, jeez, there are going to be a few scams on that, thats why I still think paypal should use client software not web pages.

 

[Damon]

Hi,

This is not a PayPal email. Whenever in doubt, please simply log in at www.paypal.com only. It will convert to https://www.paypal.com.

 

[Nocturnal]

or i was thinking maybe this guy forgot to change his domain name? lol

like maybe it was paypall or something but he forgot to add/change the letter.

moron.

 

[goodoptics]

Originally posted by: Paypaldamon
Hi,

This is not a PayPal email. Whenever in doubt, please simply log in at www.paypal.com only. It will convert to https://www.paypal.com.

I tried that but it didn't convert to https://www.paypal.com but http://www.paypal.com

Also, are both of the following urls (Their layouts are slightly different) legit paypal website/homepage? Thanks.
http://www.paypal.com
https://www.paypal.com

 

[andylawcc]

if http://www.paypal.com is fake, why can't the real paypal shut it down?

 

[Magus42]

http://www.paypal.com just redirects me to https://www.paypal.com

What are you people smoking that think those are two different sites? The http or https does not change the IP address that the name resolves to.

 

[Skyclad1uhm1]

Was it an HTML email, and if so, may the real link have pointed elsewhere instead? Maybe they are checking which email adresses worked with confirmation of reading or something?

 

[snooker]

I still do believe this to be an email from paypal. Did you check the email header to see if it came from a paypal email server or not?


I followed the link and all it does is forward to https://www.paypal.com/cgi-bin/webscr, which is 100% paypal.

As for the paypal CSR you spoke to, I would not really take anything they say to heart, after all, they are probably minimum wage help answering phones and they only know what is on the paper in front of them.


If someone is trying to get peoples usernames and passwords to paypal accounts, they aren't doing a very good job by sending the people to the real paypal site......

I dunno though, it could be a disgruntled employee of paypal who sent it...who knows

 

[Damon]

Hi,

I do have to repeat that the email that the user received IS NOT a valid PayPal email. I also need to warn users that another scam going around is stating that you have received 250.00 and that you need to add an email address to your account.

Typing www.paypal.com (http://www.paypal.com will convert to https://www.paypal.com in your browser window).

 

[Double Trouble]

Anyone who reads that email and thinks it's "legit" is nuts. It's obviously written by some 13 year old trying to pull some sort of scam.

>>If it's not a password stealing scam, I'm a monkey's uncle

Agreed!

 

[joinT]

Originally posted by: tagej
Anyone who reads that email and thinks it's "legit" is nuts. It's obviously written by some 13 year old trying to pull some sort of scam.

>>If it's not a password stealing scam, I'm a monkey's uncle

Agreed!

Agreed~! :disgust: Man, I'm SOOO done with paypal after seeing those 2 links that Jmmsbnd007 posted. HORRIBLE. Buh-Bye Paypal.

 

[apoppin]

Originally posted by: Paypaldamon
Hi,

I do have to repeat that the email that the user received IS NOT a valid PayPal email. I also need to warn users that another scam going around is stating that you have received 250.00 and that you need to add an email address to your account.

Typing www.paypal.com (http://www.paypal.com will convert to https://www.paypal.com in your browser window).

Not in my browser window (IE 5.5). It isn't till I follow a link to sign up that I get the secure site.

Please explain.