hmmm… what?
another “PayPal” scam (PP-ACC.html)
4Oct2009 Filed under: Uncategorized Author: ValHere’s a new one. This came as an email from vleptn@paycal.com with subject “read…”
The text read:
You Have One New Private Message.
To view your message, please download the form attached to this email and open it in a web browser.
Thank you, Pay,Pal.
And a file – PP-ACC.html – was attached.
There’s no virus in the file or anything like that but if you download it and run it, you’re presented with a contact form, of sorts:
So it looks pretty professional, but it’s running from your hard drive and if you fill out the form and submit it, it uses http://sosetephpone.com/tmp/bar-on.php or possibly http://sosetephpone.com/tmp/netsol-form.php to process. So if you send the form through, you’re sending all your info to those people – then you’re redirected to PayPal’s About Us page. (I did send the form through with false information telling them how much they sucked after removing the verification part of the code from the html so it would send through whatever I want. Otherwise, it tries to prompt you to enter in a valid pin, etc.)
Of course, we know from the email itself that this is NOT from PayPal. Remember, you can always tell right away because PayPal will ALWAYS ALWAYS address you as Dear First Name Last Name….
If you got this email, just spam it and/or delete it. And don’t fret, they don’t have your info already!
This has been another public service announcement, brought to you by the letters S, F, and the number 4.
6 Responses to “another “PayPal” scam (PP-ACC.html)”
This is where I talk about random things as well as what interests me: photography, digital scrapbooking, crochet,
Flickr PhotoStream
the Sweet Life Images
- Sarah, Erin, & Harley; product and pet photos in Ste. Genevieve, MOToday we have snow but last Friday was absolutely mahhh-velous out and we took advantage of it. Sarah and Erin were so kind as to model some crochet scarves and hand painted silk scarves for me in the park and we also did some pictures of Sarah and her furrbaby Harley. It was really a […]
- Solomon; newborn photos in St. Louis, MOAs followup from yesterday’s post, here are the newborn pictures of Tara & Andy’s sweet little boy Solomon. […]
Amelie
October 5th, 2009 at 2.48 pm
It’s highly likely that the owner of that domain doesn’t know those files are on her site… Seems a lot of the time hackers and scammers just upload files to any old site that has badly set permissions. And even if that was the joker, I’d be prepared to bet that’s not their real info!
Val
October 5th, 2009 at 3.16 pm
Well and that could be – but she should keep watch over her site if that’s the case :P
Vixx
October 6th, 2009 at 2.15 pm ♥
Yeah, I was gonna say what Amelie said. Hackers are getting more and more conniving, and it may even be a stealth exploit that the domain’s owner doesn’t even know/wouldn’t be able to trace the vulnerability. The only reason I know this is because it happened to me; a hostee on my server was using effing Greymatter, and that compromised every site I had (and then some). Consequently, my site was hacked – but it was nothing to do with me or anything I had personally done.
Did you email to ask if they know about it?
V xx
Val
October 6th, 2009 at 2.18 pm
No, I didn’t. Any time in the past I’ve tried to do something like that it’s either bounced back or the person doesn’t deny it.
Ok ok ok, I’ll remove the info :P
Vixx
October 6th, 2009 at 2.20 pm ♥
Aw, honey – didn’t mean to guilt you! lol But as someone’s who had a problem when it wasn’t my fault (and I gave notice to all hostees there and then!) I just think the benefit of the doubt may be prudent. ;)
Val
October 6th, 2009 at 2.27 pm
lol yeah I don’t usually post that stuff unless I’m sure – guess I was cranky!