another “PayPal” scam (PP-ACC.html)

4Oct2009 Filed under: How to tick me off Author: Val

Here’s a new one. This came as an email from vleptn@paycal.com with subject “read…”
The text read:

You Have One New Private Message.

To view your message, please download the form attached to this email and open it in a web browser.

Thank you, Pay,Pal.

And a file – PP-ACC.html – was attached.

There’s no virus in the file or anything like that but if you download it and run it, you’re presented with a contact form, of sorts:

So it looks pretty professional, but it’s running from your hard drive and if you fill out the form and submit it, it uses http://sosetephpone.com/tmp/bar-on.php or possibly http://sosetephpone.com/tmp/netsol-form.php to process. So if you send the form through, you’re sending all your info to those people – then you’re redirected to PayPal’s About Us page. (I did send the form through with false information telling them how much they sucked after removing the verification part of the code from the html so it would send through whatever I want. Otherwise, it tries to prompt you to enter in a valid pin, etc.)

Of course, we know from the email itself that this is NOT from PayPal. Remember, you can always tell right away because PayPal will ALWAYS ALWAYS address you as Dear First Name Last Name….

If you got this email, just spam it and/or delete it. And don’t fret, they don’t have your info already!

This has been another public service announcement, brought to you by the letters S, F, and the number 4.

Tags: paypal, scam, scammer, spam

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “another “PayPal” scam (PP-ACC.html)”

Amelie
October 5th, 2009 at 2.48 pm

It’s highly likely that the owner of that domain doesn’t know those files are on her site… Seems a lot of the time hackers and scammers just upload files to any old site that has badly set permissions. And even if that was the joker, I’d be prepared to bet that’s not their real info!
Val
October 5th, 2009 at 3.16 pm

Well and that could be – but she should keep watch over her site if that’s the case :P
Vixx
October 6th, 2009 at 2.15 pm ♥

Yeah, I was gonna say what Amelie said. Hackers are getting more and more conniving, and it may even be a stealth exploit that the domain’s owner doesn’t even know/wouldn’t be able to trace the vulnerability. The only reason I know this is because it happened to me; a hostee on my server was using effing Greymatter, and that compromised every site I had (and then some). Consequently, my site was hacked – but it was nothing to do with me or anything I had personally done.

Did you email to ask if they know about it?

V xx
Val
October 6th, 2009 at 2.18 pm

No, I didn’t. Any time in the past I’ve tried to do something like that it’s either bounced back or the person doesn’t deny it.
Ok ok ok, I’ll remove the info :P
Vixx
October 6th, 2009 at 2.20 pm ♥

Aw, honey – didn’t mean to guilt you! lol But as someone’s who had a problem when it wasn’t my fault (and I gave notice to all hostees there and then!) I just think the benefit of the doubt may be prudent. ;)
Val
October 6th, 2009 at 2.27 pm

lol yeah I don’t usually post that stuff unless I’m sure – guess I was cranky!

Entries (RSS)
Comments (RSS)

I'm Valerie, late 20's, from Missouri. I'm married... with children: a young boy and a baby girl. I enjoy many things including photography, candle making, videography, history, and mythology. Baby Girl was born 11 weeks early after my water was broken for 8 weeks - she's my little miracle - so you're bound to hear a lot about her progress here. I am also a second generation homeschooler, that's bound to come up as well.

Recent Comments
Recent Articles

Now Reading

The Treasury of Oz: The Wonderful Wizard of Oz, The Marvelous Land of Oz, Ozma of Oz, Dorothy and th
L. Frank Baum
The Favored Child : A Novel
Philippa Gregory

spoken for