Another scam !!

VicS

VicS

Well-Known Member
Joined
13 Jul 2002
Messages
48,739
Visit site
Just got an email apparently from PayPal:



We need your help
----------------------------------------------------------------------
Hello Dear Customer

We need you to solve a problem on your account. the time to solve this problem,
we have temporarily restricted features of your account.
What is the problem?

The card issuer has informed us that it was used without your permission.
We just want to make sure you well recently authorized PayPal payments.

Security Center:
Click here to activate your account
Download the file and open it with firefox or google chrome or Internet Explorer.

File Number: PP-245-675-879
Sincerely, PayPal
----------------------------------------------------------------------
Copyright © 2013 PayPal. All rights reserved​

Mousing over "click here to activate your account" reveals a URL which is not recognizable as anything to do with Pay pal
 
I think that most people have been told never ever click on a link in these emails, always go to the bank, paypal, etc. site directly and login. Still, it is all too easy to forget for a second when busy, especially if it arrives shortly after you've made a payment or purchase.

I think that there are a few other easy things that can be done to help security. e.g.

Passwords:
I wish that people would use different long, secure, random passwords for all purchases, banking and misc. accounts. I think that many people still use one simple password for everything. Just download a password utility and use that, you only need to remember 1 password and the PC (or USB stick) has all the others safely locked up. Password safe is a good example, simple and free (http://passwordsafe.sourceforge.net/). Autotype doesn't work in all sites but drag & drop feature for username and password does.

PC security:
Plenty of free programs out there so no real need to buy anything. I find that Comodo's suite of programs work well but there are plenty of others. I suspect that the majority of people use a PC administrator account every day. Create an administrator account called Admin and switch the normal account to"Limited". Everything should work as before but the account can be returned to "Administrator" level if there are problems.

WiFi:
Use some free VPN software when working on a public Wifi hotspot (e.g. financial transactions or email). It is very easy for someone to monitor traffic and read emails. web-pages etc. and there are more devious things I won't mention.

>Pontification mode = OFF :D :D

Sorry, just spent ages sorting out someone who pretty much made all of these mistakes (and more). His PC has been rebuilt and is working again.
 
Mistroma said:
WiFi:
Use some free VPN software when working on a public Wifi hotspot (e.g. financial transactions or email). It is very easy for someone to monitor traffic and read emails. web-pages etc. and there are more devious things I won't mention.
Click to expand...

And where do you suggest people connect to using this VPN software? Just having the software running will achieve nothing, and most people won't have a secure network to connect to.
 
Grandma, eggs and sucking is probably pertinent to this comment, but PayPal and most (all?) banks always address you by name in emails and they never ask you to enter passwords or pin numbers via an email.
 
I use eWallet by Ilium. I have the program on my phone and on the desktop PC. It needs a password to open. One can sync the phone and the PC. I have all the various passwords stored in the program complete with username and URL. I used when I had a Palm PDA and now on my Android phone. Highly recommended

TudorSailor
 
Tony Cross said:
Grandma, eggs and sucking is probably pertinent to this comment, but PayPal and most (all?) banks always address you by name in emails and they never ask you to enter passwords or pin numbers via an email.
Click to expand...


Almost daily, and from eBay too. Almost all the Banks, threatening to suspend my accounts, which of course I don't have.

My answer long ago was to use a secondary email address for all my financial stuff (internet banking in particular), and almost without exception these spam mails arrive at my main AOL user account. So, without even thinking about them I know they are spam.

My son had his bank account emptied 2 Easters ago when he clicked on one of these bogus email links. They sent it on Good Friday, and, of course, he had to wait until the following Tuesday before he could do anything. He did get reimbursed by the bank.
 
lustyd said:
And where do you suggest people connect to using this VPN software? Just having the software running will achieve nothing, and most people won't have a secure network to connect to.
Click to expand...

Anywhere they'd normally connect to browse, check email and so forth. I'm not talking about the sort of VP stuff I used to work with every day (i.e. Connecting to specific company networks). I was just talking about a free utility such as ExPatShield. It encrypts traffic seen on the local Wifi and through to ExPatShield's system. So more resistant to having someone local monitor what you are doing.

Another advantage is that you appear to be located somewhere else. ExPatShield makes it appear as if you are in the UK.
 
these are now so common and well documented I am amazed anybody ever gets caught out but obviously they catch some folks out or they would not get sent.
One day somebody will invent a tracking system available to police authorties only so the senders can be apprehended. Compared to the invention of WWW itself - just how hard can that be?
At the moment the internet is a just a prize gift to scammers, peodophiles and terrorists. Back tracking is maybe a bit big brother but surely it has to come and can't possibly be beyond out techno geeks to create.
 
blueglass said:
these are now so common and well documented I am amazed anybody ever gets caught out but obviously they catch some folks out or they would not get sent.
Click to expand...
It was because of the context, I was almost caught out. If I had not made such a recent purchase using PayPal, I'd have simply deleted the email without a second thought. It leads me to suspect that my Chinese vendor is in cahoots with the con artists.
 
Sorry Elton - I didn't mean to sound patronising and I can see how that could easily happen.
It gets such a pain having to read everything so carefully to avoid the traps. I wouldn't necessarily suspect your chinese seller had any connection. Who ever is sending them they go out in their millions and will inevitably fall on many recipients who have recently used paypal.
 
blueglass said:
One day somebody will invent a tracking system available to police authorties only so the senders can be apprehended. Compared to the invention of WWW itself - just how hard can that be?
Back tracking is maybe a bit big brother but surely it has to come and can't possibly be beyond out techno geeks to create.
Click to expand...
Show me a police not using such system... Everybody can be tracked, no probs.
Only someone would be necessary who wants to catch criminals, actually. Porn, pedophiles, and politically incorrect oppositionists are caught, all the time, no matter what they do to hide.
 
Hmm...that's a lot of people getting the same bit of spam on the same day (myself included). I have loads of email addresses. I only received it on the one I use for signing up to boating forums. Coincidence? I wonder how high information security ranks on the IPC priority list at budget time...
 
Mistroma said:
Use some free VPN software when working on a public Wifi hotspot (e.g. financial transactions or email). It is very easy for someone to monitor traffic and read emails. web-pages etc. and there are more devious things I won't mention.
Click to expand...

Mistroma said:
I was just talking about a free utility such as ExPatShield. It encrypts traffic seen on the local Wifi and through to ExPatShield's system. So more resistant to having someone local monitor what you are doing.
Click to expand...

Are you sure that's a good idea?

Just about every bank protects the connection between itself and the customer's computer using ssl/tls. Any half decent webmail, pop or imap provider these days should do the same. I suggest that the average yachtie has better things to worry about than esoteric attacks on an ssl connection.

There's no technical details about expatshield on their web site so I have no clue if it's a proxy with a potential man-in-the-middle attack involved or simply a vpn which does address translation but I see no reason why anyone would want to do their banking using a browser that had been "enhanced" by some closed-source software downloaded from the Internet, the main purpose of which is, let's face it, deception. I note that the expatshield download is not https..
 
blueglass said:
is it really that easy? So why aren't they instantly closing down all the scammers and child pornographers. How come terrorists can put out their atrocities on the internet, seemingly with impunity.
Click to expand...

No it's not actually easy at all. Most of the spam comes from home PCs which have viruses, so even if they do trace a mail, it would lead to a little old lady who would look very confused at her arrest. The process of starting the mail drop happens in a very distributed way using encrypted traffic and spoofed addresses and so is also almost impossible to trace. Most of the people who have been "caught" doing things on the internet (piracy, child pornography etc.) were doing something to make them easy to catch. For instance the biggest child porn operation in the UK was a result of people paying by credit card, so when the company selling the material was closed down it was fairly trivial to go and lock up all of their customers.
 
Mistroma said:
Anywhere they'd normally connect to browse, check email and so forth. I'm not talking about the sort of VP stuff I used to work with every day (i.e. Connecting to specific company networks). I was just talking about a free utility such as ExPatShield. It encrypts traffic seen on the local Wifi and through to ExPatShield's system. So more resistant to having someone local monitor what you are doing.

Another advantage is that you appear to be located somewhere else. ExPatShield makes it appear as if you are in the UK.
Click to expand...

This is exactly what I meant and why I questioned it. I've just had a quick look at the ExPatShield website and would strongly recommend against using it for any personal information. It's fine for accessing things like iPlayer where you need to use a UK IP address.

When in a web cafe, the problem is that you cannot be certain you're connected to the real wifi network, this is known as a "man in the middle" attack and requires an attacker to set up their own wifi network in the cafe, along with doing rather complex things to your session while you're online. It is very difficult for them to fake the security certificate coming from the website you're connected to, and most bank authentication systems offer further protection by not asking for your whole password each time you log on - even if someone does record your keystrokes they are unlikely to get in on a new session.

ExPatSheild are offering free software to connect for free with unlimited free bandwidth through a service where they sell nothing. If that doesn't scream scam to you then I don't know what would. They have effectively set up a very professional looking man in the middle solution which is now being trusted by people like yourself. I may be missing something, but I see no reason to trust that this site is trustworthy enough to give my bank details to, especially since there is apparently nothing in it for them except huge bandwidth bills and datacenter costs.
 
You must log in or register to reply here.

Share this page

Top