Ironworks Gaming Forum - View Single Post - RE: Fake Paypal E-mail

Thoran · 03-22-2004, 02:13 PM

One little problem here guys...
https://www.paypal.com/accountcleanup/
is a valid paypal site... unless someone has hijacked paypal's domain name and duplicated it exactly (pretty darn unlikely). Either that or they've got a keylogger or somthing running on your system and they've sent the email to get you to enter your paypal info (also very unlikely).

HOWEVER, I'm as cynical as the rest of you and trust NOTHING I get by email. If I were you I'd call paypal and ask them about the mail... as a way to verify it's validity.

My gut feel is that this is valid. As I said above, unless the entire domain has been hijacked there is no way for anyone outside of paypal to profit from you going to the paypal site and logging in. Since it's a secure connection there's no way to intercept the data sent either (except at your machine). Even if the hacker was sophisticated enough to pull this off, it doesn't make much sense to me, he's not going to get a better hit rate than using a run of the mill almost the same dn type attack. (www.paypals.com or something along those lines... changing one letter)

[ 03-22-2004, 02:23 PM: Message edited by: Thoran ]

03-22-2004, 02:13 PM	#11
Thoran Galvatron Join Date: January 10, 2002 Location: Upstate NY Age: 57 Posts: 2,109	One little problem here guys... https://www.paypal.com/accountcleanup/ is a valid paypal site... unless someone has hijacked paypal's domain name and duplicated it exactly (pretty darn unlikely). Either that or they've got a keylogger or somthing running on your system and they've sent the email to get you to enter your paypal info (also very unlikely). HOWEVER, I'm as cynical as the rest of you and trust NOTHING I get by email. If I were you I'd call paypal and ask them about the mail... as a way to verify it's validity. My gut feel is that this is valid. As I said above, unless the entire domain has been hijacked there is no way for anyone outside of paypal to profit from you going to the paypal site and logging in. Since it's a secure connection there's no way to intercept the data sent either (except at your machine). Even if the hacker was sophisticated enough to pull this off, it doesn't make much sense to me, he's not going to get a better hit rate than using a run of the mill almost the same dn type attack. (www.paypals.com or something along those lines... changing one letter) [ 03-22-2004, 02:23 PM: Message edited by: Thoran ]