I originally had this over at FW OT, but someone suggested I post this over here. I guess this is Finance related now that the finance situation is in question... more like "How To Unscrew Yourself?"
SCAMMED! By:Azurik Date:January 29th, 2005.
My girlfriend is what most people would consider to be internet savvy. I got her started on the whole eBay business this past December (I feel like a karate master passing his wisdom for generations to come, haha). A couple of minutes ago, my girlfriend IMed me with the following:
Meghan: babe tomorrow will you help me with my paypal account Azurik: what about it? Meghan: i have gotten hour emails saying that i have limited access because their security team found that the social security number on it wasnt mine or something Meghan: after the first email i tried to go through the steps to fix it, but apparently it didnt work because i still got them Azurik: you didn't click on the link did you? Meghan: what, i already did Azurik: sh*t Meghan: shooot, i gave out all my info because it looked just like paypal Meghan: i did it like wed/thurs Meghan: i thought i was doing it all myself without your help Azurik: check the e-mail again Azurik: scroll over the link with your mouse Azurik: it's not a paypal.com address right? Meghan: no Meghan: f*ccccccck Azurik: what did you fill in? Meghan: i gave them everythng Azurik: like what? Meghan: social security, credit card number, pin number address (PayPal security questions, PayPal password, bank account # and routing #)
I went into her PayPal account and changed the security questions she gave to them, along with the password. I also sent the balance of her PayPal account to me to safeguard it and also as a penalty to her
She's also in the process of reissuing a new credit card # along with cancelling her bank account and debit card on Monday. It's a college account with only $50 left in it anyway, and she was going to deposit $500 more!
I went into the scam site itself and inputted a bunch of wrong data too, just to flood their database. It forwards itself to an Asian e-mail address.
EricGo said: Does she use the same name/password for other accounts ?
No, she doesn't EricGo. Here is what I have done:
Closed her bank account and credit card and they are reissuing new ones. PayPal password and security questions have been changed. She's calling the credit agencies tomorrow to place a fraud alert on the accounts and ask them to verify with her ALL new accounts being opened. I will monitor her SS # statement to see if anyone is working under her name, etc.
What I am afraid of is that somehow, I am missing something and a loophole will come back and ruin her financially.
I've been to similiar sites such as those before. The thing is, identity theft HAS NOT happened yet. Those sites are useful when it does - how to file police reports, file affadavits with the credit agencies, reporting to the FBI, etc. However, a crime hasn't been committed yet. I guess this is pre-crime prevention, sorta like that movie with Tom Cruise
file fraud alerts with the bureaus, if they have her SSN and enough othe rinfo they can start opening accounts
EricGo
Senior Member - 2K
posted: Jan. 31, 2005 @ 12:37a
SIS's comment made me think about bank accounts. Can a fraud alert be placed on Chex21 (I think that is the name of the info clearing house that the banks use).
More generally, I would think a bit more about how the information might be used to create, rather than abuse already created IDs and Services. If any vulnerabilities still exist past what you have already done, my guess would be toward that direction.
Glad I heard about fishing before I got one of those emails. They are a lot better than the typo filled Citibank ones that alerted me. That site would have fooled me too. Good luck Gene
Shows you how good they're getting. And its getting worse, with WiFi evil twins and Host File redirection - so that even typing in the right web address redirects you to them.
I recommend that you check out DragonsLore's thread in the Computer Forum. Then install Spyware Blaster, Spybot Search and Destroy, Ad Aware SE, and DragonsLore's host files.
ellory said: Shows you how good they're getting. And its getting worse, with WiFi evil twins and Host File redirection - so that even typing in the right web address redirects you to them.
I recommend that you check out DragonsLore's thread in the Computer Forum. Then install Spyware Blaster, Spybot Search and Destroy, Ad Aware SE, and DragonsLore's host files.
dawhim said: sandybutt said: My Firefox just redirects me to the real paypal site Its got built-in anti-phishing
last time I decided to quick on those fake paypal site. then, I got freak out because my FF redirected to me the real paypal site.
Yes, and its very freaky too, because it might make you think that a firefox bug has been found. There is an internet explorer bug which can allow a web site to display in incorrect URL in the web browser. So you go to www.abc.com but internet explorer will display www.xyz.com in the URL bar. The web site in that link uses that very exploit. Having Firefox redirect to the correct paypal site without any type of warning might make people think that firefox has a vulnerability too.
Or even worse, if you click on the link in firefox and it goes to the correct site, then when you later use the link in IE and it goes to a site that says paypal.com, you might think it's safe.
tehlorax said: FYI, no email can write to your HOSTS file...
I wouldn't be so confident about that statement. There have been more than enough bugs in Outlook that have allowed email messages to run arbitrary code, and that could include code which modified the hosts file.
MaeJaun
Senior Member
posted: Jan. 31, 2005 @ 8:34a
Ditch Internet Explorer and switch to FireFox. IE is the reason for a lot of problems you encounter on the internet.
This only happened to girlfriends, we being boyfriends would not fall into such traps!
To be frankly, I received the Paypal scams like OP posted every few days. I always deleted them right the way, so I can't post an example. I will, however, when I receive the scam again. It won't take long though!
Just keep in mind: NEVER EVER CLICK THE LINK IN YOUR EMAIL TO ACCESS PAYPAL!!!, esp when you are asked for personal info. If you need to go to Paypal account, type in the address on the browser, http://www.paypal.com, do not follow any given links on your email. Same apply to eBay, Citibank scams. And today, I received a new scam. It's funny. I don't even have an WAMU account! This scam looks professional as there is the WAMU logo link but will prompt you to the same site as below.
To: tazmania99@yahoo.com Subject: Unauthorized access / Restriction for your Washington Mutual account From: support@wamu.com Add to Address Book Date: Mon, 31 Jan 2005 06:54:03 -0600
We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by February 5th, 2005, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. To confirm your Online Banking records click here: https://login.personal.wamu.com/logon/logon.asp?dd=1&Update&Your&Info
Washington Mutual Customer Service
Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.
Copyright 2005, Washington Mutual, Inc. All Rights Reserved.
well if you live in california you can freeze your credit http://www.privacy.ca.gov/financial/cfreeze.htm
NatronsMean
Happy Member
posted: Jan. 31, 2005 @ 10:13a
My wife had something similiar happen 5 years ago or so, with them calling on the phone and pretending to be Discover. She gave out all her info. We put credit protector on, which is a real pain, since you have to confirm every finance related application by mail, and changed her security passwords (it doesn't have to be your mothers maiden name), got new reissued numbers for everything.
Long story short, nothing has happened. Lets face it, if someone was determined enough, they could find your Name, SS, phone, address, DOB, which would probably be enough to open a CC. Just do what you can to make yourself a harder target than the average Joe.
This is a good fatwallet type lesson, but since this happened, I have multiple checking, CC, trading, IRA, etc accounts, all not linked together, in case I had to shut something down, it would have a minimal effect. We used to have just 1 joint account for each thing. I think of this more as risk reduction.
janwad
Senior Member
posted: Jan. 31, 2005 @ 10:54a
OH MY GOD. I have an email today in my hotmail account from paypay:
It has come to our attention that your PayPal Billing Information records are out of date. That requires you to update the Billing Information. Failure to update your records will result in account termination. Please update your records in maximum 24 hours. Once you have updated your account records, your PayPal session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems. Please click here to update your billing records.
Plus logos and disclaimers that make it look so real!
TruthTeller said: Cut your losses my friend. There are plenty of good eggs in the sea She may not deserve the boot for one folly but it's never too early to start evaluating a mate.
A person has what I call "native intelligence" and "synthetic intelligence." NI is what nature and parents give you. SI is what you build up through learning with your own effort. While NI is beyond your control, SI is well within. If a mate's SI does not increase with time, there's a problem. You wouldn't keep money in a CD that gives you back only the principal after 1 year, would you?
Don't worry, her intelligence is not in question. Smart people make mistakes sometimes. We've been together for a couple of years now that I think I know her enough to know this was a one-time bad boo boo.
We regret to inform you that your eBay account has been suspended due to the violation of our site policy below:
False or missing contact information - Falsifying or omitting your name, address, and/or telephone number (including use of fax machines pager numbers, modems or disconnected numbers).
Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This prohibition includes the registering of a new account. Please note that any seller fees due to eBay will immediately become due and payable.
eBay will charge any amounts you have not previously disputed to the billing method currently on file.
If you would like your account to be considered for reinstatement, please click on the link below, and provide us additional information.
Sign In Securely. http://signin.eBay.com//aw-cgi/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:US
eBay treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information. eBay will never ask their users for personal information, such as bank account numbers, credit card numbers, pin numbers, passwords, or Social Security numbers in an email. For more information on how to protect your eBay password and your account, please visit User Account Protection.
This eBay notice was sent to you based on your eBay account preferences and in accordance with our Privacy Policy. To change your notification preferences, click here. If you would like to receive this email in text format, click here.
Copyright ) 2005 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc.
with the link directing somewhere else. be careful out there
joelfreak
Ancient Member
posted: Jan. 31, 2005 @ 2:21p
Believe me, as someone who runs a large hosting company, we get people running these scams 3-4 times a day...always with stolen cc numbers, and basically untracable. I have told my Mom NEVER to follow a link in email unless its from me. Not even from family and friends, because I have seen THEM forward phishes...
sandybutt said: FF1.1 will have a warning about a phishing link in the near future. The browser now just forwards you to the correct website, instead of the scam site.
Thats good. I didn't even know firefox did this. Any idea how the browser determines which sites are phishing sites? I'd presume with a URL blacklist.
The link in OPs post hides the real address bar and uses a JavaScript generated address bar lookalike. Try rt-click on toolbars and re-check the address bar, it now shows the scammers URL.
Wow, I didn't even notice that. That's slick (in an evil sort of way). I just assumed that was another incarnation of that URL with the %01 character or whatever it was last time.
MazdaMP
Senior Member - 1K
posted: Jan. 31, 2005 @ 3:12p
Azurik said: TruthTeller said: Cut your losses my friend. There are plenty of good eggs in the sea
I like this white egg!
pics?
jskirwin
Senior Member
posted: Feb. 1, 2005 @ 1:19p
MaeJaun said: Ditch Internet Explorer and switch to FireFox. IE is the reason for a lot of problems you encounter on the internet.
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
Members of our community may attach files to a post in accordance with the User Agreement. FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Files have *not* been scanned for viruses. Be especially wary of Excel files which may contain malicious content.
