Slashdot Mirror
Fake PayPal Site
CharlieG writes: "Just a friendly warning as a followup to all the PayPal talk of yesterday. It seems that there is a scam going on based out of South Ural, Romania. They have created a site that looks exactly like Paypal, but is PayPai.com." Much more harmful than all the Slashdot typo sites (those only cause me to get dozens of flames a week for framing Slashdot: this one could actually steal your credit card!)
Follow the link to the article, and read!
I wasn't claiming any knowledge of geography, but merely quoting msnbc.com; talk to them, I couldn't care less.
Incidentally, how was my post (#11) Redundant? Anyone, please point me to the earlier post that said what I did. Please.
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
Well, given that they have started to sell premium services to buisnesses....
Also, they make money on interest. When you've been paid via PayPal, but have yet to transfer the money to you own bank account, it sits in PayPal's accounts, and they get the interest on it. Add a bank-like normal rate of "abandoned" accounts with some cash in them, the fact that the bonuses can be written as customer acquisition/marketing expenses, and a plan to eventually abandon the bonuses when the customer base grows sufficiently....
It doesn't seem they'll turn a profit soon, but it does look like a plausible buisness model.
Steven E. Ehrbar
Their scam has nothing to do with making people type in the URL, they just need people to click the hyperlink in the email they've been spamming people with. Then they arrive at the paypai site, which basically looks like Paypal. Sorry for pointing out the obvious...
First off, I don't think the MSNBC columnist was saying they WERE in Romania. He said their registration data SAID they were in Romania, which, based on the name "South Ural", was pretty unlikely.
(I did check to see if there was a city like "Ural" in Romania, anyway. Mapquest says no.)
Second, it could be his confusion (or somebody else's along the line) between RUssia and ROmania (whose local name is RUmania). I've see people assume RU = Rumania all the time. Two letter country codes are easy to confuse.
Third, what Russian or Rumanian would use the English word "South" in their city name anyway? If they really lived there they would have registered it as "Yuzhniyuralsk" or something like that. No, this registration address info is about as bogus as saying "123 Easy St., Anywhere, USA".
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
What's up with this?
.com, .net, and .org domains can now be registered
> whois paypai.com
[rs.internic.net]
Whois Server Version 1.1
Domain names in the
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: PAYPAI.COM
Registrar: EASYSPACE LTD
Whois Server: whois.easyspace.com
Referral URL: www.easyspace.com
Name Server: NS1.EASYPOST.COM
Name Server: NS3.EASYPOST.COM
Updated Date: 18-jul-2000
>>> Last update of whois database: Fri, 21 Jul 00 03:09:41 EDT whois paypai.com@whois.easyspace.com
[whois.easyspace.com]
No match for 'PAYPAI.COM'.
Give a man a match, you keep him warm for an evening.
Light him on fire, he's warm for the rest of his life
I don't get it. Saying that they're giving away up to $10 for every new recruit, and then going on to comment that they "might actually make a profit"? Unless they start selling their services to businesses, who would willingly pay to have this automate their various money operations, they're not gonna turn a profit right now just by giving cash away.
(Personally, I wish the referral bonus was still $10.)
For more information, click here.
You just reinvented banking. Quick, patent it!
Don't piss off The Angry Economist
IlIlIlIlIlIlIIllIlIIllIIlIllIllIllIlllIIIllII
http://www.paypal.com
http://www.paypaI.com
See? The point is not that people will *make* a typo, but that they won't recognize a wrong URL.
-russ
Don't piss off The Angry Economist
sites down..anyone gotta mirror?
:)
sorry..couldnt resist
This attempt at stealing user's PayPal logins points up a very disturbing point:
How many of us use just *one* login/password combination for every free site under the sun?
A smart-but-unscrupulous fella (or gal, be fair) could open a web site with a wonderful little gimmie or gimmick, provide the service, then look through their *user-supplied* password/user name pairs and try them at more *interesting* sites like PayPal, myMortgage.com, PornoPreview.com, 401K.org, BankMe.com or even *gasp* Slashdot.
Just a warning to search yourself carefully, and stop using that one secret password that no one would ever guess in a million years: A secret password that you've entered anywhere is no longer a secret.
www.PayPal.com
vs.
www.PayPaI.com
for somereason this fooled people b/c the emails were sent in italics.
/* Half alive and half dead too, work is for suckers and the sucker is you. - "Half-life" by Local H*/
Okay, this is definitely bad. Fraud and theft. Debases society, robs us of the civility that lets us act like humans, spreads paranoia and hatred.
On the other hand, it's pretty smooth. And maybe this will help break down the widespread confusion between address and content that everyone complains about whenever the TLD fiasco comes up. Maybe it will call attention to the need for encrypted site certificates. Maybe it will get people -- and software -- to pay more attention to fake links, like this one to goatse.cx.
- Michael Cohn
-----
Go ahead, blame me... I voted for Nader!
It was mentioned under the Finding the right online credit card merchant story from yesterday.
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)
http://slashdot.com
http://zanyantics.com
http://slashdork.org
http://smashdot.org
http://crashdot.org
http://splashdot.org
http://splashdot.org
http://hashdot.org
http://slapdash.org
http://slashnot.org
http://slashrot.org
http://slashpot.org
http://slashbot.org
http://hotgrits.org
http://slashroot.org
http://slashback.org
http://smokedot.org
http://crackdot.org
Those are the ones I've found so far anyways...
Assuming these guys even had SSL certificates protecting www.paypai.com, people should have verified them. If people would start verifying the details in the SSL certificates (i.e. just look for the details in this case) nobody would be fooled. Just seeing the "lock" icon in the browser isn't an indication of security. Sadly, this is way over the heads of the common folk. Perhaps a dialog box should pop up that displays all the security details of a SSL-enabled site.
Not really a new issue, though -- many typewriters did without a 1 (numeric one) key for years: if you needed a 1 (numeric one) you typed l (alpha lower-case L).
Side note: knowing this adds an interesting element to the following e.e. cummings poem:
l(a
le
af
fa
ll
s)
one
l
iness
Note the interesting ambiguity created by the character that may be either alpha or numeric.
Pretty cool.
* * *
It is a dada story -- it has no moral.
Now it's not just a matter of phonetic problems, as in corinthians.com vs. corinthiao.com, but apparently we now have to lump "visual phonic" problems into the mix.
--
Have fun: Join D.N.A. (National Dyslexics Association)
Really though, I doubt you'd ever see this taken to court. Even the RBL is only just now being (possibly) challenged in court, and that's much more likely to ever see legal action than some private nullroute you implement on your own network.
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
Definitely not something to inspire general confidence in interent commerce either. You decide if that's a bad thing:)
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
On the other hand, Russia is definitely ground zero for credit card scams right now.
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
Although they wouldn't get all this publicity...
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
Wait a second... Ural is in Russia! And Birykov (from "Birykov Inc.", the owner of Paypai.com) appear to be a russian name (but i'm not sure) - anyway, it is NOT a romanian name. Damn Network Solutions... they eat whatever you give them...
"X.com has notified law enforcement of the fake site and efforts to steal password information. We have taken steps to prevent this person from withdrawing money from the PayPal system. It is important to note that user credit card and bank account information CANNOT be viewed by people accessing the system even if they have the correct login code and password. Most importantly, NO PayPal user will lose ANY money as a result of this incident. X.com will absolutely guarantee that."
Before it died I got a good look at the source. I also logged in using a paypal account I made with no credit card info or cash in it or anything, so no problems there. :)
Anyway, all the login info was routed through paypai.com, then it returned the paypal.com webpage. Worked essentially like a proxy, but probably logged the passwords. But the front end of the page was copied directly from paypal.com and had the paypal references changed to go to paypai.
Interesting method of attack. I wonder if this is going to become more common. Makes you wonder how you can secure against this kind of scam from the viewpoint of the website designer. Okay, admittedly, if you can get a user to give out a password, he's boned, but still.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Read the article. They sent out e-mails with the domain name containing a capital "I" (which looks a lot like a lowercase "l" in most fonts, especially the sans-serif fonts that companies like AOL use by default). Click the link, and you're presented with a PayPal look-alike. Log in, and your username (just your e-mail address) and password are forwarded to the phony site.
For more information, click here.
Don't worry about it... looks like the slashdot
/.
effect already took care of the problem.
All we have to do is keep a quick link at
on hand to make sure they don't get back up.
By the time our loyal crowd of slashdot readers
get tired of constantly crushing...er revisiting
the deciteful paypal site they will be out of
revenue.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Remember the fuss a while ago about the Network Solutions' license
agreement concerning domains. (The one that says they are free to do
nearly anything, include reposses your children and pets.)
Has anyone ever tried contacting the registar of a domain and report
such fraudulent abuse of a domain name. Network Solutions is fairly quick
about protect mother corporate.
Although PayPai.com uses something named EasySpace, I am sure the power
of being a domain registar has already corrupted those in charge there
and they would be more than insanely happy to be Registar cops.
Will it soon be, Registar to the rescue? Instead of going through the
proper authorities...especially when the business in question is located
in some far off land or a floating oil rig with no internet law.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Is this so that Lucky Charms can have their url contain purple horseshoes, blue diamonds, green clovers, etc...
Disclamer - Opinion of Person
I'm going for the full effect, I'm pretending I'm getting scammed, and I'm pretty pissed off. I'm going to call my credit card company right next.
Hey, SIashdot.org and .com are still available for any one trying to grab some slashdot passwords out there. Boy, that'd be useful.
NetworksoIutions.com on the other hand is taken, though not by anything useful.
-----
First, they used a lure that was not only false, but that could be readily verifiable by the user. Big chunk o' cash waiting? I'll go see! Hmm, not there... uh oh! Using a less-effective lure (please click here to be removed from the paypaI.com mailing list) would not have generated as many hits, but would have kept him under cover much longer.
I also think it was a bit untidy of him/her to use paypai.com as the main site. Personally, I look at the URL quite a bit. Seeing "paypai" would set me off instantly. Instead, he/she could have used something else, like "login.paypalcom.net" or even "welcome.to/paypal", and one might just assume they're expanding their service and changing server names (like Hotmail likes to do a lot).
Even better (if it's possible), after recording the login and password, it could have spat the user to a "login failed" page with a "please try again" link, or maybe "server error, please try a different server, sorry for the inconvenience" page, that then redirected the user to the REAL PayPal site.
I have to admit - as illegal and unethical as this scam was, it was a fairly bright idea. Good thing for PayPal users that they didn't think it all the way through.
Mr. Ska
Yeah, i've been getting spammed by somebody who's got an address at hotmaiI.com and they are trying to do the same sort of thing. What they are doing is abusing the fact that a lot of GUI based users run their systems with all-but-unreadable proportional spaced slick fonts, and a capitol 'I' is often only one pixel different from a little 'l', and often their font anti-aliasing smoothes that out to a 25% tone difference on one pixel, and who'd be the wiser...
I happened to notice this because i use a high contrast decent-sized courier font on my machine, and i run PINE in an KDE terminal window, so it stuck out like a sore thumb.
As always the user is the weakest link in security...
---
Play Six Pack Man. I
Here's a mirror for PayPai.com. Just go to http://www.paypal.com. :)