Fake Email from PayPal Cloned Sites
Written on July 8, 2008 – 9:29 pm | by admin
Do you enter your paypal emailid and passwords without looking at the URL in your browser? If you are kindly stop doing the same. Here is a very strong reason why I say this:
1. Today I received an email which you can very well see below.
2. It says that your pay pal account has been de-activated and kindly click to activate. When I click on the link it opened a page which looked like below.
3. I thank God that I am more of a net savy and I cared to Check the url of the website opened. It was not https://paypal.com but http://following.ns8-wistee.fr/www.paypal.com/cgi-bin/us/security/update-paypal/service-peyment/update/login.aspx/
4. I again thank God that I was able to see that before I entered my real email id’s. However I decided to proceed with the site, and I entered some random email id and password. You can see the that above.
5. After I entered my email Id and Password I can see the following screen which is exactly what you see at the paypal site.
6. Further this site took me to a page where it asked me to enter all my personal details including Credit Card details. The page was again a ditto of the original paypal page. However I somehow missed to take a screen shot of the same. When I went back to the site to take a screen shot, it showed me the page below.
7. The chaps are I suppose smart enough to recognise if the page is being loaded twice from the same IP Address, as they don’t want users to visit there site the second time. May be one of you can try the same URL from your home.
8. Finally Just be careful while you get any such email from any one.
Here are in short a few key points to check when you get such emails:
- Always check from whom the email has been sent. In my case it was from PaypalSecurity <Paypal@online.net>, which is obviously an invalid email id.
- Next always check to whom has the mail been sent out to. In my case it was undisclosed-recipients , which means it has been sent to a mass of people with all email id’s in BCC. Paypal will never ever send out a mail to you with your email id in BCC.
- Finally check for the URL in your browser. All pages from paypal are https , hence check for the same. Plus the opening page should be always https://paypal.com.
- Also, never ever visit an e-commerce website through a link in your email etc. Always type the address in the address bar manually to be at a safer side.
Kindly spread the word before others get trapped in the loop. I have already reported this to the paypal authorities.
Play safe, its internet and your email id’s are just floating every where like your mobile numbers. 
Tags: PayPalforgery, PayPal clone site, Fake Emails, e-commerce security, e-commerce frauds
--------------------------------------Related Posts
--------------------------------------
24 Responses to “Fake Email from PayPal Cloned Sites”
By Yasser
on Jul 8, 2008 | Reply
Yes, it’s true and I saw myself the fake email which Abhinav received. The site was an exact copy of the original paypal site and I won’t be surprised if it has already tricked a few people. I spend a lot of time on the net but I don’t exactly go about checking the urls and https certificates. Surely this mail has opened my eyes and I would be more careful in the future.
Thanks!
By bhavya
on Jul 8, 2008 | Reply
Hehe i hope it helps some fool like yasser .. (with no disrespect to yasser )
nice find !!
By Yasser
on Jul 8, 2008 | Reply
Stay hungry, stay foolish.
As said by the great Steve Jobs!
By ameo
on Jul 8, 2008 | Reply
i got that e-mail over 5 times and was always detected as spam and as for paypal
all my handling with it is only by typing the site url myself in the address bar i never clicked some donate link or anything like that
but as yasser said . only newbies will fall for that .
By admin
on Jul 8, 2008 | Reply
Yes correctly said, all newbies will easily fall into this trap. No doubt about it.
By Yasser
on Jul 8, 2008 | Reply
God save the newbies!
By Jill Harness
on Jul 8, 2008 | Reply
You should always forward the fraud websites to spoof@paypal.com. They’re hardcore trying to go after the people that do this stuff.
By admin
on Jul 8, 2008 | Reply
Thanks for the info. I have forwarded the same to spoof@paypal.com also.
By Satish Gandham
on Jul 9, 2008 | Reply
We should always check the url while entering sensitive data. I easily tricked all my friends with it.
http://geniushackers.com/blog/2008/06/06/protect-yourself-from-fake-login-pages/
By admin
on Jul 9, 2008 | Reply
Thanks satish, you have a cool demo up thr
By Satish Gandham
on Jul 9, 2008 | Reply
thanq
By Sowmya
on Jul 9, 2008 | Reply
thats an eye opener…thanks a lot for sharing the info
By Barry Snyder
on Jul 9, 2008 | Reply
Reading stuff like this makes me wonder why more people are aware of internet scams
By Mark Aplet
on Jul 9, 2008 | Reply
I used to report phishing attempts to paypal at least 3 times per week. Now I use google’s hosted email for my domain and take advantage of the spam filtering within google. I must say since I moved to google’s hosted service I have not seen a phishing mail land in my inbox. Well worth it (free) http://www.google.com/a/help/intl/en/index.html
By admin
on Jul 9, 2008 | Reply
Yes you are quite true. I currently have close to 4 domains and for all I am using google apps, an excellent package of services for your website and they truly rocks.
Anyways have you ever tried having your email service with Microsoft, even their services and package rocks and its for FREE.
Anyways thanks for your comment
By DG
on Jul 9, 2008 | Reply
It’s grate, you were trapped on the same day, when Gmail announced their alliance with eBay and PayPal for anti-phishing.
Also, the guys were smart but didn’t encrypted links, that’s why you have tracked earlier.
Check out this post on my blog “Google AdWords account pry to scam”
Link: http://www.ditii.com/2008/06/20/google-adwords-account-pry-to-scam/
DG…
By admin
on Jul 9, 2008 | Reply
Yaa got to know about the same…..I can just laugh over that….
Anyways nice blog you have up there
By neeraj
on Jul 10, 2008 | Reply
o_O
that was really nice to put together …
even god cannt save the newbies from these things
By admin
on Jul 10, 2008 | Reply
haha yaa very truly and rightly said. If you see the very first comment on this post, you will find Yasser there. Well he is my roomy and he is always so cautious about using his credit cards on net. He always fear that someone can just simply take his credit card credentials.
I called him when I got this mail and showed him the PayPal login screen without telling him its a fake one. And I could see his reaction.
The first thing he then said is “I am recalling the places I have used my credit card”.
HEHE…so ofcourse with new bie getting this mail, it is certain they are trapped.
By freeringtonesGotimmole
on Jul 30, 2008 | Reply
The site abhinavsingh.com is amazing site, respect, webmaster.
By scanforadwareRulk
on Aug 2, 2008 | Reply
The abhinavsingh.com is good site.
Good job, webmaster.
By Bixawansing
on Aug 3, 2008 | Reply
Hi,
I have been reading this blog for some time now but never bothered to comment until today. Wanted to let you know that I am a fan and enjoy your work.
Thanks
By Andrew R
on Aug 26, 2008 | Reply
Its really easy to send fake emails from websites such as http://fakesend.com
Always make sure you look at the header of every email when opening emails you think are potentially spoofed, and when in doubt, just go straight to ebay.com or paypal.com