Navigation: Home · Paying Sites · Scam List · Testimonies · Business News
Google

Tuesday, March 25, 2008

Phishing Attack!

Actually, this is not something new, you might had already heard this from other sites, heck, you might hear this over and over again. Fighting cyber criminals has been going on for years now, yet, they are still here, it just shows that some online scumbags simply don't know when to give up. You see, just this morning, I received an email (spam type) from someone who claims himself/herself as Paypal (ehem, my ass), and messaged me in a Paypal fashion way... see picture below...



Click on picture to enlarge it


They say that my Paypal account had been accessed by an unauthorized third-party, and that, as a means of protecting my account, they had temporarily disabled some of its features. Furthermore, they told me to login into my Paypal Account so that I can verify and restore my account access.

OK, let's see.. it does sound like Paypal.. however, if you look at the email's header, the sender was not paypal.com, but megapath.net. Out of curiosity, I decided to trace the source, and guess what.. it's from a Chinese website.

These idiots hide behind the domain Uni-Mon.com, they then redirect you to another site hosted by Yashlek.com, where you can find the Paypal website clone. This is how it looks..



Click on picture to enlarge


I decided to try, but before that, I had my PC's defenses set to high. I thought I should do that since I'm in a hostile environment, and you never knew, there could be malicious scripts running around the site. Once I had my PC secured, only then that I gave it a try. I put a dummy account..



Click on picture to enlarge


It gave me an error because I inserted an account with a very long password, and just like the original paypal system, it also checks for errors in the input field. So I put it another dummy account. The one that's acceptable.. only then was I able to login, but the fact is, they got my username and password upon logging in. With that, they can now access my Paypal Account.. But, of course, since it's a dummy account, it contains nothing.. Suckers!

Notes to Remember

Hackers are always looking for holes in defenses. They know they can't penetrate Paypal, so they target those who are prone to attacks - the users. To avoid getting hacked.. Do not display your email ad on just any websites, as spam robots can automatically crawl them and add it to their list. You should not open spam emails, most especially those that claim they are from Paypal. Always check the email's header to make sure that it's really from who they claim to be, however, on some occasion, spammers use email spoofing to conceal their true identity, nevertheless, always check the links before clicking them. Do not click if you are not familiar of the url anchored on that particular link.



No comments: