[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

Re: Warning: Trolling for Dollars, Scammers hard at work {was: forged Failure Notice}

Subject: Re: Warning: Trolling for Dollars, Scammers hard at work {was: forged Failure Notice}
From: "Robert Holmgren" holmgren@xxxxxxxx
Date: Fri, 18 Jul 2003 23:44:56 -0400

** Reply to message from "J. R. Fox"  on Thu, 17 Jul 2003
21:58:29 -0800


>>> I would think that PayPal could track the sender down and prosecute them.

>> Lotsa luck! The Email sent to me reported to a Russian "free mail" server
>> (hotbox.ru) disguised as a ".net" address.

> You have a major starting advantage over 98 % of the computer users
> out there, in that you can readily decipher things like this.

Not really. It's simple stuff. This was the URL:

http://www.paypal.com:ac=NebgWNy9Zzcq7LCO1NKutw09h@xxxxxxxx?cNqopjdFwtCk2KjBYKIJ~holmgren@xxxxxxxx

If you look at it, what you see is a standard
 username:password@web_address?[any_$tring]~passed_argument
format for entering a password-protected site (although both username and
password are ignored and unnecessary in fact). The username is
"www.paypal.com". The password is "ac=NebgWNy9Zzcq7LCO1NKutw09h". The actual
site address is "gaewu.pisem.net". The rest is phony baloney, ending with
passing my Email address to the target page. So, OK: try going straight to
"gaewu.pisem.net": lo and behold, there's the "Update Your Profile" page, sans
my name. Then try something like this:
http://gaewu.pisem.net/?x~phony@xxxxxxxx
Now we're updating Phony's private bank info. So what's the domain?
Obviously, pisem.net -- a domain name of hotbox.ru, which offers, "[a]part from
mailboxes[, that] you may register free third-level domain names, and thus host
a virtual web server on the Internet free of charge."

Norman said:
> They could set up a honey pot by replying to the message with an artificial
> account. If the spammer actually gets any money, they could track the
> transaction down. Money transfers have a better audit trail than web pages.

True, but I think the last thing they're going to do is try to get money via
PayPal. You can buy a credit card embosser for $1500 (I own one, for making
metal tags with tree identification data -- they're amazing machines), you go
to an ATM, and you've got the requisite PIN to withdraw cash.

-----------------------------
Robert Holmgren
holmgren@xxxxxxxx
-----------------------------

Prev by Date: Re: Warning: Trolling for Dollars, Scammers hard at work {was: forged Failure Notice}
Next by Date: Re: waking up
Previous by thread: Re: Warning: Trolling for Dollars, Scammers hard at work {was: forged Failure Notice}
Next by thread: Warning: Trolling for Dollars, Scammers hard at work {was: forged Failure Notice}
Index(es):
- Date
- Subject