update.paypal-verifications.net is a scam

Filed under The Web by adam | November 8, 2004 | 5024 hits | 3 comments

I got an email this morning asking me to update my ebay account information (or my account would be frozen). I was suspicious, of course. My text-based mailreader mutt rendered the link as http://www.paypal.com/cgi-bin/webscr?cmd=_login-run, but when I inspected the HTML it actually points to update.paypal-verifications.net.

A google search on “paypal-verifications.net” gives almost no results.

It’s obvious now that this is a scam, because paypal doesn’t own “update.paypal-verifications.net.” If you go to the domain, you’ll see a look-alike PayPal login screen, which presumably is there to collect your paypal login and do nefarious things with it, like steal money.

So I thought I’d do my little part by making it clear that update.paypal-verifications.net is a scam, and someone should shut down that website ASAP. In the meantime, at least this bit of information should show up in google searches soon.

As a general matter, for the less fraud-savvy of you out there, always beware of emails along these lines. I’m not sure there’s any bright line test to immediately recognize fraud, but at least pay attention to the actual URL, and ask yourself whether the whole thing makes sense.

Update: Someone who read this entry contacted the abuse division of afraid.org, the (free) DNS provider for paypal-verifications.net. The domain name has now disappeared from the DNS.

3 comments

  1. Jamie Jan 28

    Also, I don’t know how much this actually does, but you can forward these spoof emails to spoof@paypal.com. I guess they keep records of the abuse and also try to shut down such websites. I think ebay and citibank also have similar spoof email addresses.

  2. none Jan 28

    Notification of Limited Account Access – Security Measures ?

    Can anyone explain e-mails with the subject of:
    “Notification of Limited Account Access – Security Measures “

    and links going to:

    http://www.paypal.com.wscm.tk/us/webscr/Loginx.php

    http://www.paypal.com.cgi-bin.wsst.tk/us/webscr/Loginx.php

    Is this what this blog is talking about in regards to spoof e-mails ?

    Name: http://www.paypal.com.wscm.tk
    Address: 216.81.70.151

    OrgName: Vortech Inc.
    OrgID: VTC1
    Address: 106 S. Semoran Blvd.
    City: Orlando
    StateProv: FL
    PostalCode: 32807
    Country: US

    NetRange: 216.81.64.0 – 216.81.79.255
    CIDR: 216.81.64.0/20
    NetName: VORTECH-BLK-2
    NetHandle: NET-216-81-64-0-1
    Parent: NET-216-0-0-0-0
    NetType: Direct Allocation
    NameServer: DNS.ANONYMOUS-SERVERS.COM
    NameServer: DNS2.ANONYMOUS-SERVERS.COM

  3. Another Victim Jan 28

    Are these PayPal Spoof web sites ?

    Bogus emails with the subject:
    “Notification of Limited Account Access Final Notice”

    http://www.paypal.com.tmsn.tk/us/webscr/Loginx.php

    http://www.paypal.com.tmsk.tk/us/_auth/webscr-cmd-_login-run.htm

Leave a Reply

(Markdown Syntax Permitted)