Fake PayPal Site 134
CharlieG writes: "Just a friendly warning as a followup to all the PayPal talk of yesterday. It seems that there is a scam going on based out of South Ural, Romania. They have created a site that looks exactly like Paypal, but is PayPai.com." Much more harmful than all the Slashdot typo sites (those only cause me to get dozens of flames a week for framing Slashdot: this one could actually steal your credit card!)
Re:How does PayPal make money??? (Score:1)
How does PayPal make money??? (Score:1)
The only thing I can think of is they share all kinds of personal information with all kinds of evil companies. I sent my friend a check.
Re:How does PayPal make money??? (Score:1)
So they'd only get a tiny fraction of a percent in interest per day, but still have to pay out 3-5%.
sIashdot.org (Score:1)
--
Re:Already Shut Down (Score:1)
Dammit. Someone else always takes the good ideas... I guess I'll just stick to the free sites.
I give whoever did it credit for creativity though...
---
Re:Some Are Still Available! (Score:1)
No, it's a broken website. (Score:1)
Actually, MS-NBC is not down (as far as I can tell). Rather, the page keeps reloading in the background, appending "&cp=1" or somesuch to the URL,about once every four seconds. I think it's because Junkbuster snips the cookies. If I have Javascript enabled, I get to see the URL growing in the Location: field. If I have it disabled, it just looks like the page is taking forever to load, but careful observation of the status line on the bottom of the screen reveals that browser is ping-ponging between two webservers with a period of about 4 seconds.
Same thing happens on the last MeSs-NBC article I tried to read. I figure if they're site is broken, I'm not in a hurry to fix it for them.
--Joe--
Pre-emptive Grammar Counter Attack (Score:1)
s/they're site/their site/
Ooops.
--Joe--
Re:How many domains do I need to register now? (Score:1)
No, that'd be MICROS~1.COM
--Joe--
This a shame (Score:1)
PayPal Real Site (Score:1)
www.paypal.com redirects to www.x.com anyway.
--
Romania vs. Rumania [offtopic] (Score:1)
To summarize: while long known as Rumania, and so spelled on independence from the Ottoman empire in 1859, the official spelling has been Romania since around 1945. It took until the 1960s for many Western references to be updated.
The spelling Rumania is believed to be a reflection of the name for Rome and Romans in Turkish (Ottoman) dialects, and as such, some modern Romanians actually find it offensive. (Whoops.) But the Roman origin is also considered controversial, and may be more legend than fact.
It's described in much more detail [hungary.com] than anyone on
----
Re:PayPal (Score:1)
Not getting interest sucks, but on the other hand the user doesn't have to pay credit card access fees, so for me it comes out about even. This is as opposed to the state of Illinois, which will let you pay your taxes by credit card but charges you for the privilege.
Re:Clever... (Score:1)
Hunh (Score:1)
Re:PayPal (Score:1)
The final problem in security... (Score:1)
magic
Re:Clever... (Score:1)
Heh heh heh. Someone needs to set up a c0rinthians.com to route unsuspecting soccer fans back to the religious materials.
--
Re:Site Hackers could take this out (Score:1)
Yeah, and steal all the credit card numbers while they're at it.
That way the hacker can enjoy an expense-paid vacation to Hawaii, and the scammers will get locked in the honky for it.
--
Re:Registration? (Score:1)
Wrong-way Gates (Score:1)
What's with the graphic? (Score:1)
First, what does that have to do with the PayPaI article?
Second, isn't that a story in and of itself?
Re:Hunh (Score:1)
-russ
Yes, I KNOW it's Russia (Score:1)
Sorry
Charlie
Re:Some Are Still Available! (Score:1)
-----------
"You can't shake the Devil's hand and say you're only kidding."
Redundancy & scalability (Score:1)
Why, one could make a beowuli clustei.
Ryan
Re:Again (Score:1)
Why not just have a group of hackers that goes vigilante and goes after the bad guys. Ruin their credit ratings, put their picture in the FBI Ten Most Wanted lists, etc. Or maybe I'm just watching too much A-Team.
Re:PayPal (Score:1)
They hope to act like a real bank, and hope that people keep a balance in their accounts.
Paypal would make interest on the balance, their customer's wouldn't, and if the aggregate balances are enough, PayPal makes a profit.
George
PayPal (Score:1)
Sign up now and get $5.00.
Say you got referred and the referree gets $5.00.
This is a web based business that might actually make a profit.
George
Re:The joys of Chamaeleons (Score:1)
I made a gwbasic program to mimic that for one of
my teachers. I put it on a 360K disk for her 386. Booted up. She put in the bios password. Then of course, it asked again. Simple write out of the chars till it got to 13(enter). Bang, wahlah, u got a password.
Granted, it got me banned from computers at the school when a "friend" ratted on me. Lesson learned: trust no one. hmmm, why am i telling you this again?
Re:PayPai? (Score:1)
I remember going to newgrounds.com(note spelling), and ended up getting a ton of pop-up ads wanting to steal the thundering popularity of newgrounds.com
There's also hanspring.com, but that's more of a joke.
Re:PayPai? (Score:1)
Re:/. effect (Score:1)
yes i know what time it is..no i have nothing better to do
Re:PayPai? (Score:1)
a pixel in height.
In fact, I cannot tell the difference.
What evil trickery
Re:yikes! (Score:1)
What is the legality of nullrouting a specific
address or network block. Although we may
have our reasons...are those actions (even if
the intent is good natured) protected from
lawsuit?
I believe the Rebel spam system is going through
such a contest of justice currently...
If someone takes the law into thier own hands...
and dispenses justice... would this vigilante
be safe from prosecution?
Really I guess it comes down to whose right is it
to police the internet. Is it the justice
system in the region they connection from? Is
it our right as administrators to dispense
justice?
Mind you, on a weekly basis, as an administrator
I dispense justice for actions that in some
cases are legally wrong...but these wrongs will
never see a courtroom. (Usually with the
termination of the offenders account).
Whose right is it and who is protected?
Signai 11! (Score:1)
Re:How to collect passwords (Score:1)
JediLuke
Re:Why are you so shocked? (Score:1)
http://www.duke.edu/~bdk3/seamonk.html
Re:"South Ural" is not a romanian location! (Score:1)
+++ATH0
Re:PayPal (Score:1)
Say in one day paypal transfers $5,000 (not unreasonable... I believe it is actually a lot more)... people leave the money at paypal for a while because they just do... if I had money at paypal I'd leave it there... paypal can then get interest off of that money I would assume. And that would be a lot of interest. Granted they would have to get other money somewhere but that would be a good source of money. According to the article there are 2.6 million users. If everybody has $1 in there account then that's 2,600,000 dollars... at even 2% interest that's a lot of money... even accumulated monthly...
Slashdot... of course it had to be slashdot... (Score:1)
Again (Score:1)
Re:Look at the SSL certs (Score:1)
Re:Look at the SSL certs (Score:1)
Re:Again (Score:1)
DB
Re:"South Ural" is not a romanian location! (Score:1)
DB
Re:.RU vs. .RO? (Score:1)
The history of the name comes from New Rome
Roma = Rome
nia = neo = new
Basically, Romania is what's left of a heavily colonized Roman province after the troops pulled out.
DB
Re:This is NOT a romanian location/name/whatever!! (Score:1)
DB
Re:South Ural? Romania? LOL (Score:1)
DB
Re:South Ural? Romania? LOL (Score:1)
DB
Re:.RU vs. .RO? (Score:1)
As for the location of the original province of Dacia, the archeological evidence is pretty clear that it was in present day Romania. If you have an unbiased source otherwise, feel free to post.
Your further claims that "it is thought that... Romanians moved there from somewhere else" are very fevered dreams distilled from irredentists. The 'somewhere else' theories never seem to get their stories straight and the locations are pretty varied as to where Romanians supposedly came from. The fact that latin based languages survive in former Roman provinces is no surprise and their common ancester is also a no-brainer, it's latin!
DB
Re:Gone.. (Score:1)
I think slashdot needs to have a crash course in moderation for new moderators (those randomly chosen).
That message was not redundant for those who click "read more" and check comments before going to the sites themselves.
The joys of Chamaeleons (Score:1)
But the idea of chamaeleons has always interested me. I remember back in grade 9 or something I wrote a cheesy QBasic program that mimicked the old Novell login screen (the one with the blue background and huge IBM in white blocks). It looked just like you were logging in, but then it would report some falsified network error and request that you try another machine.
Granted, initially it was running from my account, but after getting the first account saved in a handy-dandy text file, I ran it from there. I'm sure if we had better sys-admins they could've tracked me.. but oh well... I remember getting the typing-teachers password about 8 times in a row as they tried to figure out what the network error was!
Don't believe everything you (think you) see
(ONly barely On topic, I know)
Re:OT: RE: Sig (Score:1)
no - there's some sounds with 'b' in there.
A simple solution.... (Score:1)
Of course, we'd need more. This would also eliminate all problems with domain trademark disputes.
Re:Some Are Still Available! Like Mine. (Score:1)
-----
It's RUSSIA, guys! (Score:1)
Re:It's gone -- whom do I sue? (Score:1)
Re:Abusers of Fonts (Score:1)
Re:Old news -- Still news (Score:1)
Re:"South Ural" is not a romanian location! (Score:1)
moderation (Score:1)
-1 Troll / Flambait if you ask me.
Thad
Re:Abusers of Fonts (Score:1)
--
when everyone gives everything,
Already Shut Down (Score:1)
If it was a clean scam though they've already cleared out any logs of what accounts they have. Pay Pal users beware. Some elite kid is probally going to get some free porn off using your account.
MSNBC is whacky! (Score:2)
I wasn't claiming any knowledge of geography, but merely quoting msnbc.com; talk to them, I couldn't care less.
Incidentally, how was my post (#11) Redundant? Anyone, please point me to the earlier post that said what I did. Please.
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Re:PayPal (Score:2)
Also, they make money on interest. When you've been paid via PayPal, but have yet to transfer the money to you own bank account, it sits in PayPal's accounts, and they get the interest on it. Add a bank-like normal rate of "abandoned" accounts with some cash in them, the fact that the bonuses can be written as customer acquisition/marketing expenses, and a plan to eventually abandon the bonuses when the customer base grows sufficiently....
It doesn't seem they'll turn a profit soon, but it does look like a plausible buisness model.
Steven E. Ehrbar
Re:PayPai? (Score:2)
.RU vs. .RO? (Score:2)
(I did check to see if there was a city like "Ural" in Romania, anyway. Mapquest says no.)
Second, it could be his confusion (or somebody else's along the line) between RUssia and ROmania (whose local name is RUmania). I've see people assume RU = Rumania all the time. Two letter country codes [netscape.com] are easy to confuse.
Third, what Russian or Rumanian would use the English word "South" in their city name anyway? If they really lived there they would have registered it as "Yuzhniyuralsk" or something like that. No, this registration address info is about as bogus as saying "123 Easy St., Anywhere, USA".
----
Registration? (Score:2)
> whois paypai.com
[rs.internic.net]
Whois Server Version 1.1
Domain names in the
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: PAYPAI.COM
Registrar: EASYSPACE LTD
Whois Server: whois.easyspace.com
Referral URL: www.easyspace.com
Name Server: NS1.EASYPOST.COM
Name Server: NS3.EASYPOST.COM
Updated Date: 18-jul-2000
>>> Last update of whois database: Fri, 21 Jul 00 03:09:41 EDT whois paypai.com@whois.easyspace.com
[whois.easyspace.com]
No match for 'PAYPAI.COM'.
Re:PayPal (Score:2)
(Personally, I wish the referral bonus was still $10.)
Re:PayPal (Score:2)
Re:PayPai? (Score:2)
http://www.paypal.com
http://www.paypaI.com
See? The point is not that people will *make* a typo, but that they won't recognize a wrong URL.
-russ
/. effect (Score:2)
sorry..couldnt resist
How to collect passwords (Score:2)
How many of us use just *one* login/password combination for every free site under the sun?
A smart-but-unscrupulous fella (or gal, be fair) could open a web site with a wonderful little gimmie or gimmick, provide the service, then look through their *user-supplied* password/user name pairs and try them at more *interesting* sites like PayPal, myMortgage.com, PornoPreview.com, 401K.org, BankMe.com or even *gasp* Slashdot.
Just a warning to search yourself carefully, and stop using that one secret password that no one would ever guess in a million years: A secret password that you've entered anywhere is no longer a secret.
Re:PayPai? (Score:2)
vs.
www.PayPaI.com
for somereason this fooled people b/c the emails were sent in italics.
Clever... (Score:2)
On the other hand, it's pretty smooth. And maybe this will help break down the widespread confusion between address and content that everyone complains about whenever the TLD fiasco comes up. Maybe it will call attention to the need for encrypted site certificates. Maybe it will get people -- and software -- to pay more attention to fake links, like this one to goatse.cx [jesus.org].
- Michael Cohn
Re:PayPal (Score:2)
Slashdot parody sites. (Score:2)
http://slashdot.com [slashdot.com]
http://zanyantics.com [zanyantics.com]
http://slashdork.org [slashdork.org]
http://smashdot.org [smashdot.org]
http://crashdot.org [crashdot.org]
http://splashdot.org [splashdot.org]
http://splashdot.org [trashdot.org]
http://hashdot.org [hashdot.org]
http://slapdash.org [slapdash.org]
http://slashnot.org [slashnot.org]
http://slashrot.org [slashrot.org]
http://slashpot.org [slashpot.org]
http://slashbot.org [slashbot.org]
http://hotgrits.org [hotgrits.org]
http://slashroot.org [slashroot.org]
http://slashback.org [slashback.org]
http://smokedot.org [smokedot.org]
http://crackdot.org [crackdot.org]
Those are the ones I've found so far anyways...
Look at the SSL certs (Score:2)
Re:Blame Fonts (side note on e.e. cummings) (Score:2)
Side note: knowing this adds an interesting element to the following e.e. cummings poem:
l(a
le
af
fa
ll
s)
one
l
iness
Note the interesting ambiguity created by the character that may be either alpha or numeric.
Pretty cool.
Re:Registration? (Score:2)
whois paypai.com@whois.easyspace.com
to get the entire info
Blame Fonts (Score:2)
Now it's not just a matter of phonetic problems, as in corinthians.com vs. corinthiao.com, but apparently we now have to lump "visual phonic" problems into the mix.
--
Re:Clever... (Score:2)
Exactly why I always keep my status bar displayed. Hate sites that turn it off for me, it's that whole shite happening behind your back stuff that really gets me....
Unfortunately even that doesn't always work. A few lines of JavaScript can put any text you want in the status bar, including a faked URL. You'd have to right-click the link to make sure it's really what it says it is, or look at the source. Or, turn of JavaScript altogether.
--
"Better dead than smeg."
Re:yikes! (Score:2)
Really though, I doubt you'd ever see this taken to court. Even the RBL is only just now being (possibly) challenged in court, and that's much more likely to ever see legal action than some private nullroute you implement on your own network.
sig:
yikes! (Score:2)
Definitely not something to inspire general confidence in interent commerce either. You decide if that's a bad thing:)
sig:
Re:"South Ural" is not a romanian location! (Score:2)
On the other hand, Russia is definitely ground zero for credit card scams right now.
sig:
Re:How many domains do I need to register now? (Score:2)
Although they wouldn't get all this publicity...
sig:
"South Ural" is not a romanian location! (Score:2)
IMPORTANT INFORMATION from X.com regarding PayPai (Score:2)
Technical info (Score:3)
Anyway, all the login info was routed through paypai.com, then it returned the paypal.com webpage. Worked essentially like a proxy, but probably logged the passwords. But the front end of the page was copied directly from paypal.com and had the paypal references changed to go to paypai.
Interesting method of attack. I wonder if this is going to become more common. Makes you wonder how you can secure against this kind of scam from the viewpoint of the website designer. Okay, admittedly, if you can get a user to give out a password, he's boned, but still.
---
Re:PayPai? (Score:3)
Slashdot Effect Saves The Day (Score:3)
effect already took care of the problem.
All we have to do is keep a quick link at
on hand to make sure they don't get back up.
By the time our loyal crowd of slashdot readers
get tired of constantly crushing...er revisiting
the deciteful paypal site they will be out of
revenue.
Registar.Cops? (Score:3)
agreement concerning domains. (The one that says they are free to do
nearly anything, include reposses your children and pets.)
Has anyone ever tried contacting the registar of a domain and report
such fraudulent abuse of a domain name. Network Solutions is fairly quick
about protect mother corporate.
Although PayPai.com uses something named EasySpace, I am sure the power
of being a domain registar has already corrupted those in charge there
and they would be more than insanely happy to be Registar cops.
Will it soon be, Registar to the rescue? Instead of going through the
proper authorities...especially when the business in question is located
in some far off land or a floating oil rig with no internet law.
Re:A simple solution.... (Score:3)
Re:/. effect (Score:3)
"They have created a site that looks exactly like Paypal"
I guess you could go to paypal.com and pretend you're getting scammed. I just did, and I'm pretty pissed off and calling my credit card company right now.
Re:Here is a mirror. (Score:3)
Some Are Still Available! (Score:3)
NetworksoIutions.com [networksoiutions.com] on the other hand is taken, though not by anything useful.
-----
Could have been worse/brighter (Score:3)
First, they used a lure that was not only false, but that could be readily verifiable by the user. Big chunk o' cash waiting? I'll go see! Hmm, not there... uh oh! Using a less-effective lure (please click here to be removed from the paypaI.com mailing list) would not have generated as many hits, but would have kept him under cover much longer.
I also think it was a bit untidy of him/her to use paypai.com as the main site. Personally, I look at the URL quite a bit. Seeing "paypai" would set me off instantly. Instead, he/she could have used something else, like "login.paypalcom.net" or even "welcome.to/paypal", and one might just assume they're expanding their service and changing server names (like Hotmail likes to do a lot).
Even better (if it's possible), after recording the login and password, it could have spat the user to a "login failed" page with a "please try again" link, or maybe "server error, please try a different server [boo.hoo], sorry for the inconvenience" page, that then redirected the user to the REAL PayPal site.
I have to admit - as illegal and unethical as this scam was, it was a fairly bright idea. Good thing for PayPal users that they didn't think it all the way through.
Abusers of Fonts (Score:4)
I happened to notice this because i use a high contrast decent-sized courier font on my machine, and i run PINE in an KDE terminal window, so it stuck out like a sore thumb.
As always the user is the weakest link in security...
Here is a mirror. (Score:5)