Over time, all of us in the web industry have seen scams come and go. However, a new threat, that is probably one of the most dangerous scams to hit the past year.
It's called PayPal "Phishing" and it puts your PayPal account and all of the funds in it, in danger!
Not only does it place your PayPal account and funds in danger, but any host that has the misfortune of having one of these scumbags signup with them, can be in for a nice slap in the face of security.
How it works:
Generally speaking the "phisher," which I will refer to as "the thief" from this point on, will get a hosting account. They signup just like any other client.
Most of the time they will stalk or monitor the host for a short time, to see how the host's signup process works, and how secure it is. Once they realize that they can get on your server quickly, and easily, you'll then become their favorite target for about a dozen more accounts.
Keep in mind that they will typically signup under multiple names, using multiple mailing addresses, and different credit card numbers. Usually the one thing they will have in common is the email address. While this can vary, they know that they need to use a real email address, so that they can receive the confirmation, and details for their account. So they will usually use the same email address from account to account, sometimes switching to a second or third.
Once they get on your system, they'll upload a quick shot multi-mailer. These are usually on a few files, and can be uploaded quickly, and used just as quickly. The account will typically contain either a text file database of names and email addresses, or a MySQL database of the same.
Once they have this in place, they will proceed to recreate the PayPal™ website, complete with login box.
All of this can be done rather quickly, without a domain being attached.
After they have completed this process, they will proceed to send out bulk mail to everyone on their list.
What does the email look like?
The email that the recipients receive, will appear to have come from PayPal, and request that the user click the link, login to their account, and update their account information, to avoid having their PayPal account limited.
Typically they use the following method for linking to PayPal (please click the link to test): https://www.paypal.com/
This gives unsuspecting folks, by first look, the comfort of thinking they are going to PayPal. They'll attempt to login to PayPal, from the thief's site.
The thief then stores that user's PayPal login information in their database, and can now login to their account at will....changing account information, draining the cash out of the account, etc..
The really bad thing about it is, since their mailer uses SMTP, it will appear to come from you after some tracking!
What can you do?
The best advice is to keep an eye on all of your signups closely. The predators are moving rapidly from host to host, trying to find the one host that doesn't catch them. So monitor them closely, even if you do instant signups. Make sure to check out every account that signs up.
When they signup, IMMEDIATELY login to see what they are uploading, if anything. Phishers will typically upload as soon as they get access, using the "hit and run" technique. They want to get on, get done, and get off, before you can catch them.
Monitor your servers outgoing mail.
Suspend them IMMEDIATELY (terminating the accounts also deletes your evidence). Remember that a normal client's first upload won't be a bulk mailer. DO NOT TAKE CHANCES! Not only can you be hit with fraud, but you can have your IPs banned/blocked for spam as well.
One of the most important things you can do is, KEEP YOUR CUSTOMERS AND THE PUBLIC INFORMED. You want them to know what's going on. You want them to know what to expect, etc..
A few other avenues is informing PayPal, as well as the authorities.
While fraud is nothing new. It has been around since people needed money. This is a very serious issue that has been hitting PayPal customers and hosts alike, and hosts need to take action, as we're the barrier between these criminals, and the public we may never know.
It's called PayPal "Phishing" and it puts your PayPal account and all of the funds in it, in danger!
Not only does it place your PayPal account and funds in danger, but any host that has the misfortune of having one of these scumbags signup with them, can be in for a nice slap in the face of security.
How it works:
Generally speaking the "phisher," which I will refer to as "the thief" from this point on, will get a hosting account. They signup just like any other client.
Most of the time they will stalk or monitor the host for a short time, to see how the host's signup process works, and how secure it is. Once they realize that they can get on your server quickly, and easily, you'll then become their favorite target for about a dozen more accounts.
Keep in mind that they will typically signup under multiple names, using multiple mailing addresses, and different credit card numbers. Usually the one thing they will have in common is the email address. While this can vary, they know that they need to use a real email address, so that they can receive the confirmation, and details for their account. So they will usually use the same email address from account to account, sometimes switching to a second or third.
Once they get on your system, they'll upload a quick shot multi-mailer. These are usually on a few files, and can be uploaded quickly, and used just as quickly. The account will typically contain either a text file database of names and email addresses, or a MySQL database of the same.
Once they have this in place, they will proceed to recreate the PayPal™ website, complete with login box.
All of this can be done rather quickly, without a domain being attached.
After they have completed this process, they will proceed to send out bulk mail to everyone on their list.
What does the email look like?
The email that the recipients receive, will appear to have come from PayPal, and request that the user click the link, login to their account, and update their account information, to avoid having their PayPal account limited.
Typically they use the following method for linking to PayPal (please click the link to test): https://www.paypal.com/
This gives unsuspecting folks, by first look, the comfort of thinking they are going to PayPal. They'll attempt to login to PayPal, from the thief's site.
The thief then stores that user's PayPal login information in their database, and can now login to their account at will....changing account information, draining the cash out of the account, etc..
The really bad thing about it is, since their mailer uses SMTP, it will appear to come from you after some tracking!
What can you do?
The best advice is to keep an eye on all of your signups closely. The predators are moving rapidly from host to host, trying to find the one host that doesn't catch them. So monitor them closely, even if you do instant signups. Make sure to check out every account that signs up.
When they signup, IMMEDIATELY login to see what they are uploading, if anything. Phishers will typically upload as soon as they get access, using the "hit and run" technique. They want to get on, get done, and get off, before you can catch them.
Monitor your servers outgoing mail.
Suspend them IMMEDIATELY (terminating the accounts also deletes your evidence). Remember that a normal client's first upload won't be a bulk mailer. DO NOT TAKE CHANCES! Not only can you be hit with fraud, but you can have your IPs banned/blocked for spam as well.
One of the most important things you can do is, KEEP YOUR CUSTOMERS AND THE PUBLIC INFORMED. You want them to know what's going on. You want them to know what to expect, etc..
A few other avenues is informing PayPal, as well as the authorities.
While fraud is nothing new. It has been around since people needed money. This is a very serious issue that has been hitting PayPal customers and hosts alike, and hosts need to take action, as we're the barrier between these criminals, and the public we may never know.
