Slashdot Mirror
Fake PayPal Site
CharlieG writes: "Just a friendly warning as a followup to all the PayPal talk of yesterday. It seems that there is a scam going on based out of South Ural, Romania. They have created a site that looks exactly like Paypal, but is PayPai.com." Much more harmful than all the Slashdot typo sites (those only cause me to get dozens of flames a week for framing Slashdot: this one could actually steal your credit card!)
Because the interest they earn on holding your money for two days...generates alot of money.. There is additional hold on that money, if the payee (seller) wants a check sent, instead of having that money direct deposited in an individuals bank account. Think about it... Overnight lending rates are about 12% ...... the fee that MC/VISA charges is around 3.5 % ... Amex is around 4.2 % .... It seems that PayPal generates 3 times the amount of profit!!! What a racket
A friend tried to talk me into using it to send him money for the computer he built me. But I looked at the site and was pretty suspicious. How can they charge my credit card $2500 and give him $2500 -- when credit card companies always charge a commission??? Ads certainly can't pay for all that.
The only thing I can think of is they share all kinds of personal information with all kinds of evil companies. I sent my friend a check.
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Some elite kid is probally going to get some free porn off using your account
Dammit. Someone else always takes the good ideas... I guess I'll just stick to the free sites.
I give whoever did it credit for creativity though...
---
GoogIe.com is also taken... watch out for them fake searches. (actually, it looks nothing like Google, and the name is probably just a coincidence... but WTF is a "googie"?)
Actually, MS-NBC is not down (as far as I can tell). Rather, the page keeps reloading in the background, appending "&cp=1" or somesuch to the URL,about once every four seconds. I think it's because Junkbuster snips the cookies. If I have Javascript enabled, I get to see the URL growing in the Location: field. If I have it disabled, it just looks like the page is taking forever to load, but careful observation of the status line on the bottom of the screen reveals that browser is ping-ponging between two webservers with a period of about 4 seconds.
Same thing happens on the last MeSs-NBC article I tried to read. I figure if they're site is broken, I'm not in a hurry to fix it for them.
--Joe--
Program Intellivision!
s/they're site/their site/
Ooops.
--Joe--
Program Intellivision!
No, that'd be MICROS~1.COM
--Joe--
Program Intellivision!
I wonder if these people could arrested for fraud in Romania. I don't know but Pay Pal move quickly so no one gets hurt.
You can also use http://www.x.com/ to get there too .. saves typing in paypal, paypai .. or whatever.
www.paypal.com redirects to www.x.com anyway.
--
Delphis
To summarize: while long known as Rumania, and so spelled on independence from the Ottoman empire in 1859, the official spelling has been Romania since around 1945. It took until the 1960s for many Western references to be updated.
The spelling Rumania is believed to be a reflection of the name for Rome and Romans in Turkish (Ottoman) dialects, and as such, some modern Romanians actually find it offensive. (Whoops.) But the Roman origin is also considered controversial, and may be more legend than fact.
It's described in much more detail than anyone on
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
Not getting interest sucks, but on the other hand the user doesn't have to pay credit card access fees, so for me it comes out about even. This is as opposed to the state of Illinois, which will let you pay your taxes by credit card but charges you for the privilege.
Your right to not believe: Americans United for Separation of Church and
Jesus trolls? That's a new one.
What's PayPal?
Actually, I saw that by going to paypai... oops paypal.com. Just making that comment because I have idea what was meant by "all the talk of yesterday about Paypal" as I didn't see any.
magic
> On the other hand, it's pretty smooth. And maybe this will help break down the widespread confusion between address and content that everyone complains about whenever the TLD fiasco comes up.
Heh heh heh. Someone needs to set up a c0rinthians.com to route unsuspecting soccer fans back to the religious materials.
--
Sheesh, evil *and* a jerk. -- Jade
> I think all those hackers out there could punish sites like this by breaking in and trashing them.
Yeah, and steal all the credit card numbers while they're at it.
That way the hacker can enjoy an expense-paid vacation to Hawaii, and the scammers will get locked in the honky for it.
--
Sheesh, evil *and* a jerk. -- Jade
Yeah - I did. I just copied it into the form poorly. (Look at the long line *sheepish grin*)
Give a man a match, you keep him warm for an evening.
Light him on fire, he's warm for the rest of his life
;-)
First, what does that have to do with the PayPaI article?
Second, isn't that a story in and of itself?
Folks, I know the Urals are in Russia - It was a quick cut and paste job from the MSNBC site. I should have put in the (sic) but I didn't.
Sorry
Charlie
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
-----------
"You can't shake the Devil's hand and say you're only kidding."
paypao, paypak, paypap
Why, one could make a beowuli clustei.
Ryan
Why not just have a group of hackers that goes vigilante and goes after the bad guys. Ruin their credit ratings, put their picture in the FBI Ten Most Wanted lists, etc. Or maybe I'm just watching too much A-Team.
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
I don't get it. Saying that they're giving away up to $10 for every new recruit, and then going on to comment that they "might actually make a profit"? Unless they start selling their services to businesses, who would willingly pay to have this automate their various money operations, they're not gonna turn a profit right now just by giving cash away.
They hope to act like a real bank, and hope that people keep a balance in their accounts.
Paypal would make interest on the balance, their customer's wouldn't, and if the aggregate balances are enough, PayPal makes a profit.
George
An E-money site that let's you buy things with an online account, or your credit card.
Sign up now and get $5.00.
Say you got referred and the referree gets $5.00.
This is a web based business that might actually make a profit.
George
Remeber the old AMI bios password screens?
I made a gwbasic program to mimic that for one of
my teachers. I put it on a 360K disk for her 386. Booted up. She put in the bios password. Then of course, it asked again. Simple write out of the chars till it got to 13(enter). Bang, wahlah, u got a password.
Granted, it got me banned from computers at the school when a "friend" ratted on me. Lesson learned: trust no one. hmmm, why am i telling you this again?
Better yet, stick it in a frame or new window that turns off the URL window and fool even more people.
I remember going to newgrounds.com(note spelling), and ended up getting a ton of pop-up ads wanting to steal the thundering popularity of newgrounds.com
There's also hanspring.com, but that's more of a joke.
I meant to type newgruonds.com
dude! u stole my +1! :)
yes i know what time it is..no i have nothing better to do
With lucida font...the difference is about
:D
a pixel in height.
In fact, I cannot tell the difference.
What evil trickery
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Interesting you mention this.
What is the legality of nullrouting a specific
address or network block. Although we may
have our reasons...are those actions (even if
the intent is good natured) protected from
lawsuit?
I believe the Rebel spam system is going through
such a contest of justice currently...
If someone takes the law into thier own hands...
and dispenses justice... would this vigilante
be safe from prosecution?
Really I guess it comes down to whose right is it
to police the internet. Is it the justice
system in the region they connection from? Is
it our right as administrators to dispense
justice?
Mind you, on a weekly basis, as an administrator
I dispense justice for actions that in some
cases are legally wrong...but these wrongs will
never see a courtroom. (Usually with the
termination of the offenders account).
Whose right is it and who is protected?
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
It's that bastard Signal 11! Or is it Signai 11? Signal II? SignaI ll? Exploiting the L/l/I/i/|/1 similarity is among the lowest of the low. You should be ashamed of yourselves.
www.poak.net
why bother, just make a CGI that databases MSIE cookies from people when they visit your site...then plug them in your browser and use those...
JediLuke
JediLuke
-Do or Do Not, There is no Try
Sea Monkeys are not a scam! I resent that!
http://www.duke.edu/~bdk3/seamonk.html
Yep, definitelly not a romanian name but a russian one. But what you can expect from M$N an M$-nbc. Remember: the M$-Earth spins the other way around and the Ural mountains (which divide europe and asia) are in romania (like 2000km away).
+++ATH0
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
Finally a site that should be slashdotted gets it... :) Way to win one for the little people!
Here again we have further evidence that the internet needs a global court system of some kind to allow justice of some sort to be served in instances like this. Wouldn't the United Nations be the perfect establishment for some sort of review panel or judicial board regarding internet law?
We must respect evil, and we must make evil respect us.
Ok. It might say PayPaI Inc.
If you are fooled by the difference between an I and an l in the domain name, there is no reason that you wouldn't also be fooled by the same when presented with information about the security.
The romanian consulate in Chicago has been notified. Who knows, they may even make a statement and demand a retraction (I hope so)
DB
The local name for Romania is.... Romania.
The history of the name comes from New Rome
Roma = Rome
nia = neo = new
Basically, Romania is what's left of a heavily colonized Roman province after the troops pulled out.
DB
To be more accurate, the ov ending indicates a possible slav connection. Given the totality of the situation, my bet is Bulgaria
DB
If you're posting from the US, call up your nearest consulate and ask them to request a retraction.
DB
Actually, I wasn't joking. The company I'm working for is actually pitching the new consulate in Chicago so they know me a bit.
DB
Your etymological construction would change new rome (roma + nia) to land of the romans (roman + ia) and is a difference without much of a distinction. There's a longstanding linguistic shoving match over the whole issue mostly provoked by hungarians who are still pissed about the treaty of Trianon which broke hungarian power over transylvania and allowed them to attach to Romania in 1918.
As for the location of the original province of Dacia, the archeological evidence is pretty clear that it was in present day Romania. If you have an unbiased source otherwise, feel free to post.
Your further claims that "it is thought that... Romanians moved there from somewhere else" are very fevered dreams distilled from irredentists. The 'somewhere else' theories never seem to get their stories straight and the locations are pretty varied as to where Romanians supposedly came from. The fact that latin based languages survive in former Roman provinces is no surprise and their common ancester is also a no-brainer, it's latin!
DB
Why is this redundant when i was the first person to post that it was down (see the message number)
I think slashdot needs to have a crash course in moderation for new moderators (those randomly chosen).
That message was not redundant for those who click "read more" and check comments before going to the sites themselves.
First of all, I'm glad that no one has reported being ripped off yet.
:-)
But the idea of chamaeleons has always interested me. I remember back in grade 9 or something I wrote a cheesy QBasic program that mimicked the old Novell login screen (the one with the blue background and huge IBM in white blocks). It looked just like you were logging in, but then it would report some falsified network error and request that you try another machine.
Granted, initially it was running from my account, but after getting the first account saved in a handy-dandy text file, I ran it from there. I'm sure if we had better sys-admins they could've tracked me.. but oh well... I remember getting the typing-teachers password about 8 times in a row as they tried to figure out what the network error was!
Don't believe everything you (think you) see
(ONly barely On topic, I know)
'Whe muh haha muh!"
no - there's some sounds with 'b' in there.
/* Half alive and half dead too, work is for suckers and the sucker is you. - "Half-life" by Local H*/
Is to have domain names be a combination of characters that don't resemble each other. The set could consist of {smiley face, boot, crescent moon, a dog head, a tulip, a sword, tic-tac-toe board, crown}.
Of course, we'd need more. This would also eliminate all problems with domain trademark disputes.
Hmm, weird that I didn't check this first, but GeekIife.com is also available for any enterprising scammer hoping to grab some Geeklife.com email logins and passwords.
-----
Soooooo... it's South Ural, RUSSIA, actually... Oh, well, gotta remember, I'm reading Slashdot :)
Seriously, anybody who doesn't inspect all of their bills for errors doesn't deserve to have a credit card. Heck half the people in the USA don't even deserve credit cards to begin with. Credit may offer wonderful benefits, but most people are too ignorant to harness and control them and, instead, abuse them.
Don't forget about hotmial.com. If you send an email to there (at any user name, I believe) instead of the hotmail.com, you get a handy reply telling you you've made a typing error, but would you like to visit our porn site, thanks! If they forwarded your email to the intended recipient @hotmail.com, then that would be pretty spiffy.
Yeah, but the people who aren't paying attention to url's probably aren't reading /. either.
South Ural here most probably just means SU, or Soviet Union. Registration information definitely suggests someone who knows last years russian Net folklore.
-1 Troll / Flambait if you ask me.
Thad
Thad
How come that would be spam? That wouldn't really be nice thing to do.
--
when everyone gives everything,
when everyone gives everything, then everyone everything will get
Looks like the site has already shut down.
If it was a clean scam though they've already cleared out any logs of what accounts they have. Pay Pal users beware. Some elite kid is probally going to get some free porn off using your account.
You're absolutely right. But the SSL certificate also states the company who owns the web site. If it doesn't say "PayPal Inc." but instead some Romanian company's name, I'd really start to get suspicious. Of course, it takes 4 clicks of the mouse to see these certificate details from IE 5 and I guess this hassle outweighs the benefit of not having your credit card ripped off. It never fails to amaze me how lazy we are as humans!
I completely agree. It amazes me that not a single browser has a way to "save" a particular certificate and associate it with a web page. That way you'd only have to check once for a valid cert, and then your browser would alert you if it changed upon subsequent visits. In this case, that would at least protect established paypal users. New users would have to demonstrate a small amount of care and not blindly give out their CC number to anyone who asked. I realize that's probably too much to ask for.
Slashdotted again. I never get to see these cool sites. Oh well I'm off to hotmial.com to check my email before I go to yahhoo.com to get the latest news.
Phear my l33t homepage.
Exactly why I always keep my status bar displayed. Hate sites that turn it off for me, it's that whole shite happening behind your back stuff that really gets me....
Oh well, at least privacy statements at least try be honest ("we will only provide your email address and account information to people that we are affiliated with, but will never sell it...")
Lemure, wtf! Don't you mean Lemur?
It said Russia not Rumania! Hasn't anybody noticed that yet? How about a correction?.. South Ural in Rumania... Yeah right..
Thank you.
//Frisco
--
"No se rinde el gallo rojo, sólo cuando ya está muerto."
$HOME is where the
-- silver_p
You would hope that the URL would be enough. You can bet that when most people use their credit card online, they don't verfiy certificates; it's just point click enter your info click again and your done. Credit card fraud is not a new thing, but neither is the idea that you should know to whom you give your CC#, ssn, phone #, etc.
The scam site doesn't appear to be there any more (I get a nice 'document not found error') I wonder what the recourse is for those that willingly gave their CC# to a scam site. Sure most CCs have some sort of fraud protection, but I'm willing to bet the number of people who actually read the charges that appear on their monthly bill is so low that even if you did look, you wouldn't notice. caveat emptor
It's still news because it could happen again, and if people paid attention to urls more, it could happen less.
In the forum where I originally read about paypai.com, someone claimed that they checked the SSL certificates, and they appeared to be running through secure.paypal.x.com. I could not verify this, because the site was already down. Perhaps the person running the scam considered this and found a way to fool IE? Another possibility is that the person checked the certificate after he was redirected to PayPal. Anyway, the post that I am referring to is here
South Ural is in Russia (as the linked article says), not in Romania.
Jul 21 12:55:00 sam named[538]: Lame server on 'www.paypai.com' (in 'PAYPAI.COM'?): [216.167.71.24].53 'NS3.EASYPOST.COM'
Jul 21 12:55:00 sam named[538]: Lame server on 'www.paypai.com' (in 'PAYPAI.COM'?): [216.167.71.20].53 'NS1.EASYPOST.COM'
Jul 21 12:55:01 sam named[538]: ns_forw: query(www.paypai.com) All possible A RR's lame
I want to delete my account but Slashdot doesn't allow it.
This sounds like a job for Site Hacker Man.
I think all those hackers out there could punish sites like this by breaking in and trashing them. That would at least put their talents toward some useful purpose.
Of course, since the site has since disappeared, this may already be the case.
Now should sites also register look-a-like domain names? Should MS grab mlcrosoft.com? How about siashdot.org (hmm, thats not as effective). Maybe SLA5HDOT.ORG?
Do we need a law preventing this type of copycatting? I don't think so. Shouldn't copywrite law handle this?
Everything in this post is false.
I wonder if they could get a PayPai certificate from verisign or if Verisign would recognize this blatant attempt at fraud and refuse to issue them a certificate?
The one thing I've kind of worried about is what would happen if someone hacked into one of the DNS repositories like register.com and doled out their address in lieu of PayPal.com.
Again, SSL would come to the rescue, but only if you pay attention to the security warnings as they come across as they would have to forge a certificate and it wouldn't be from one of the certificate authorities accepted by defaults in most browsers.
Has anyone heard of stuff like happening?
-- Good judgement comes with experience. -- Experience comes with bad judgement.
(go Duke!)
Get Veiled
I don't know if you're joking or not, but I have actually emailed the guy.
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
Come on, I'm Romanian, there's no such thing as Sout Ural in Romania. The Ural mountains are in Russia, they actually represent the formal border between Europe and Asia. And the name mentioned on MSN, Birykov, is russian as well. Another journalist who doesn't check the facts.
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
You heard it here trolls! Head on over to SIashdot.org and you too can get F1R57 P057! Even better, you can get F1R57 P057 3V3R!!!
SIashdot.org News for trolls, stuff that no one else gives a shit about.
Steven
PS Be the first to respond to the story about Penis Birds pulling off Gates willie and win a free session with Natalie Portman! She'll pour hot grits down your pants and then later become petrified for your amusement!
PPS That's right SIashdot.org, now with Beowulf Clusters!
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
I got some spam this morning directing me to www.paypal.x.com. is this a scam too?
I don't remember this x.com from my previous dealings with paypal.com...
anyone know about this already? before I start digging in and whoising/tracerouting all afternoon?
thanks,
:)Fudboy
:)Fudboy
I guess I'm only a Fudboy, looking for that real Transmeta
thank's for clearing it up for me; now i'll not get duped.
Roma = Rome
nia = neo = new
Did you check that in an etymological dictionary? "-ia" is a common roman suffix for placenames, e.g., Hispania, Gallia, Italia, Anglia, Alemania, Dacia, etc.
Basically, Romania is what's left of a heavily colonized Roman province after the troops pulled out.
IIRC, modern Romania is not located where the ancient roman province of Dacia was; it is thought that the ancestors of the Romanias moved there from somewhere else. Witness the fact that there are other languages like Istro-Romanian (in Croatia, IIRC), Aromanian (northern Greece, Macedonia, southern Albania) and Megleno-Romanian (northwest of Salonica). These languages and Romanian are considered to have split from a common ancestor many hundreds of years ago (800? can't remember).
Are you adequate?
If there is a difference between those two URLs you are damn sneaky cuz I don't see one...what is it?
As i said before, "South Ural" is not a romanian location (Ural is in Russia). Birykov (the owner of Paypai.com) is NOT a romanian name, but most likely a russian one (the -ov postfix).
Network Solutions are plain stoopid. If i tell them that i am John Doe Inc., located on Alpha Centauri, they eat it...
Take a geography book and read: Ural is in Russia, not in Romania!
Seems like a site like this would be a perfect target for vigilante hackers who want to use their powers for good instead of evil.
A little DoS or a defacement saying "Hey, this isn't PayPal you morons."
Where's Charles Bronson when you need him?
Brian
Linux News You Won't See on Slashdot
It always amazes me to see how outraged people get over internet scams. (DISCLAIMER: I believe scamming honest people is bad.) It's like any new business model -- if you convince people to give you money, someone will find a way to take advantage of that.
For years we've had scams in newspapers, magazines, comic books (think Sea Monkeys), informercials, special TV offers, telemarketing scams, etc. Is it inethical? -- yes. But is the internet any different?
The internet makes it a lot easier for Joe Schmoe to start up a business. It makes it equally easy for Joe Schmoe's evil twin to start up a scam. As long as there are gullible people, there will always be someone to take advantage of it.
Face it -- there are a lot of dumb people out there.
I can spell. I just can't type.
He/she didn't even care about take a look at the map. If Romania is 'till Urals, now Serbians maybe are selling Coke on Moon. Information _IS_ power but watch out how you use this power.
http://blog.digg.com/?p=74
I was aghast to see that in the default font the glyphs for small ell and capital eye are not just similar, they are identical, pixel-for-pixel! Moreover, changing all the various fonts (menu, title bar, etc) in the Display->Appearance control panel seems to have no effect. Perhaps some magic prefs.js entry does the trick?
Follow the link to the article, and read!
I wasn't claiming any knowledge of geography, but merely quoting msnbc.com; talk to them, I couldn't care less.
Incidentally, how was my post (#11) Redundant? Anyone, please point me to the earlier post that said what I did. Please.
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
Their scam has nothing to do with making people type in the URL, they just need people to click the hyperlink in the email they've been spamming people with. Then they arrive at the paypai site, which basically looks like Paypal. Sorry for pointing out the obvious...
First off, I don't think the MSNBC columnist was saying they WERE in Romania. He said their registration data SAID they were in Romania, which, based on the name "South Ural", was pretty unlikely.
(I did check to see if there was a city like "Ural" in Romania, anyway. Mapquest says no.)
Second, it could be his confusion (or somebody else's along the line) between RUssia and ROmania (whose local name is RUmania). I've see people assume RU = Rumania all the time. Two letter country codes are easy to confuse.
Third, what Russian or Rumanian would use the English word "South" in their city name anyway? If they really lived there they would have registered it as "Yuzhniyuralsk" or something like that. No, this registration address info is about as bogus as saying "123 Easy St., Anywhere, USA".
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
What's up with this?
.com, .net, and .org domains can now be registered
> whois paypai.com
[rs.internic.net]
Whois Server Version 1.1
Domain names in the
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: PAYPAI.COM
Registrar: EASYSPACE LTD
Whois Server: whois.easyspace.com
Referral URL: www.easyspace.com
Name Server: NS1.EASYPOST.COM
Name Server: NS3.EASYPOST.COM
Updated Date: 18-jul-2000
>>> Last update of whois database: Fri, 21 Jul 00 03:09:41 EDT whois paypai.com@whois.easyspace.com
[whois.easyspace.com]
No match for 'PAYPAI.COM'.
Give a man a match, you keep him warm for an evening.
Light him on fire, he's warm for the rest of his life
IlIlIlIlIlIlIIllIlIIllIIlIllIllIllIlllIIIllII
http://www.paypal.com
http://www.paypaI.com
See? The point is not that people will *make* a typo, but that they won't recognize a wrong URL.
-russ
Don't piss off The Angry Economist
sites down..anyone gotta mirror?
:)
sorry..couldnt resist
This attempt at stealing user's PayPal logins points up a very disturbing point:
How many of us use just *one* login/password combination for every free site under the sun?
A smart-but-unscrupulous fella (or gal, be fair) could open a web site with a wonderful little gimmie or gimmick, provide the service, then look through their *user-supplied* password/user name pairs and try them at more *interesting* sites like PayPal, myMortgage.com, PornoPreview.com, 401K.org, BankMe.com or even *gasp* Slashdot.
Just a warning to search yourself carefully, and stop using that one secret password that no one would ever guess in a million years: A secret password that you've entered anywhere is no longer a secret.
www.PayPal.com
vs.
www.PayPaI.com
for somereason this fooled people b/c the emails were sent in italics.
/* Half alive and half dead too, work is for suckers and the sucker is you. - "Half-life" by Local H*/
Okay, this is definitely bad. Fraud and theft. Debases society, robs us of the civility that lets us act like humans, spreads paranoia and hatred.
On the other hand, it's pretty smooth. And maybe this will help break down the widespread confusion between address and content that everyone complains about whenever the TLD fiasco comes up. Maybe it will call attention to the need for encrypted site certificates. Maybe it will get people -- and software -- to pay more attention to fake links, like this one to goatse.cx.
- Michael Cohn
-----
Go ahead, blame me... I voted for Nader!
http://slashdot.com
http://zanyantics.com
http://slashdork.org
http://smashdot.org
http://crashdot.org
http://splashdot.org
http://splashdot.org
http://hashdot.org
http://slapdash.org
http://slashnot.org
http://slashrot.org
http://slashpot.org
http://slashbot.org
http://hotgrits.org
http://slashroot.org
http://slashback.org
http://smokedot.org
http://crackdot.org
Those are the ones I've found so far anyways...
Assuming these guys even had SSL certificates protecting www.paypai.com, people should have verified them. If people would start verifying the details in the SSL certificates (i.e. just look for the details in this case) nobody would be fooled. Just seeing the "lock" icon in the browser isn't an indication of security. Sadly, this is way over the heads of the common folk. Perhaps a dialog box should pop up that displays all the security details of a SSL-enabled site.
Not really a new issue, though -- many typewriters did without a 1 (numeric one) key for years: if you needed a 1 (numeric one) you typed l (alpha lower-case L).
Side note: knowing this adds an interesting element to the following e.e. cummings poem:
l(a
le
af
fa
ll
s)
one
l
iness
Note the interesting ambiguity created by the character that may be either alpha or numeric.
Pretty cool.
* * *
It is a dada story -- it has no moral.
Now it's not just a matter of phonetic problems, as in corinthians.com vs. corinthiao.com, but apparently we now have to lump "visual phonic" problems into the mix.
--
Have fun: Join D.N.A. (National Dyslexics Association)
Really though, I doubt you'd ever see this taken to court. Even the RBL is only just now being (possibly) challenged in court, and that's much more likely to ever see legal action than some private nullroute you implement on your own network.
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
Definitely not something to inspire general confidence in interent commerce either. You decide if that's a bad thing:)
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
On the other hand, Russia is definitely ground zero for credit card scams right now.
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
Wait a second... Ural is in Russia! And Birykov (from "Birykov Inc.", the owner of Paypai.com) appear to be a russian name (but i'm not sure) - anyway, it is NOT a romanian name. Damn Network Solutions... they eat whatever you give them...
"X.com has notified law enforcement of the fake site and efforts to steal password information. We have taken steps to prevent this person from withdrawing money from the PayPal system. It is important to note that user credit card and bank account information CANNOT be viewed by people accessing the system even if they have the correct login code and password. Most importantly, NO PayPal user will lose ANY money as a result of this incident. X.com will absolutely guarantee that."
Before it died I got a good look at the source. I also logged in using a paypal account I made with no credit card info or cash in it or anything, so no problems there. :)
Anyway, all the login info was routed through paypai.com, then it returned the paypal.com webpage. Worked essentially like a proxy, but probably logged the passwords. But the front end of the page was copied directly from paypal.com and had the paypal references changed to go to paypai.
Interesting method of attack. I wonder if this is going to become more common. Makes you wonder how you can secure against this kind of scam from the viewpoint of the website designer. Okay, admittedly, if you can get a user to give out a password, he's boned, but still.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Read the article. They sent out e-mails with the domain name containing a capital "I" (which looks a lot like a lowercase "l" in most fonts, especially the sans-serif fonts that companies like AOL use by default). Click the link, and you're presented with a PayPal look-alike. Log in, and your username (just your e-mail address) and password are forwarded to the phony site.
For more information, click here.
Don't worry about it... looks like the slashdot
/.
effect already took care of the problem.
All we have to do is keep a quick link at
on hand to make sure they don't get back up.
By the time our loyal crowd of slashdot readers
get tired of constantly crushing...er revisiting
the deciteful paypal site they will be out of
revenue.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Remember the fuss a while ago about the Network Solutions' license
agreement concerning domains. (The one that says they are free to do
nearly anything, include reposses your children and pets.)
Has anyone ever tried contacting the registar of a domain and report
such fraudulent abuse of a domain name. Network Solutions is fairly quick
about protect mother corporate.
Although PayPai.com uses something named EasySpace, I am sure the power
of being a domain registar has already corrupted those in charge there
and they would be more than insanely happy to be Registar cops.
Will it soon be, Registar to the rescue? Instead of going through the
proper authorities...especially when the business in question is located
in some far off land or a floating oil rig with no internet law.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
I'm going for the full effect, I'm pretending I'm getting scammed, and I'm pretty pissed off. I'm going to call my credit card company right next.
Hey, SIashdot.org and .com are still available for any one trying to grab some slashdot passwords out there. Boy, that'd be useful.
NetworksoIutions.com on the other hand is taken, though not by anything useful.
-----
First, they used a lure that was not only false, but that could be readily verifiable by the user. Big chunk o' cash waiting? I'll go see! Hmm, not there... uh oh! Using a less-effective lure (please click here to be removed from the paypaI.com mailing list) would not have generated as many hits, but would have kept him under cover much longer.
I also think it was a bit untidy of him/her to use paypai.com as the main site. Personally, I look at the URL quite a bit. Seeing "paypai" would set me off instantly. Instead, he/she could have used something else, like "login.paypalcom.net" or even "welcome.to/paypal", and one might just assume they're expanding their service and changing server names (like Hotmail likes to do a lot).
Even better (if it's possible), after recording the login and password, it could have spat the user to a "login failed" page with a "please try again" link, or maybe "server error, please try a different server, sorry for the inconvenience" page, that then redirected the user to the REAL PayPal site.
I have to admit - as illegal and unethical as this scam was, it was a fairly bright idea. Good thing for PayPal users that they didn't think it all the way through.
Mr. Ska
Yeah, i've been getting spammed by somebody who's got an address at hotmaiI.com and they are trying to do the same sort of thing. What they are doing is abusing the fact that a lot of GUI based users run their systems with all-but-unreadable proportional spaced slick fonts, and a capitol 'I' is often only one pixel different from a little 'l', and often their font anti-aliasing smoothes that out to a 25% tone difference on one pixel, and who'd be the wiser...
I happened to notice this because i use a high contrast decent-sized courier font on my machine, and i run PINE in an KDE terminal window, so it stuck out like a sore thumb.
As always the user is the weakest link in security...
---
Play Six Pack Man. I
Here's a mirror for PayPai.com. Just go to http://www.paypal.com. :)