Powered by
Movable Type 3.2
Design by
Danny Carlton

Made with NoteTab

October 07, 2005

PayPal spoofers

My cell phone went off at 1:27am. It woke my wife and me up, but I recognized the ring tone as a text message, specifically a text message originating from an automated script I have running on one of my servers. The script checks to see if there are any new emails in a specific account, then send a text message alerting me if there are. I had a new web hosting account—a $20 a month one. Well one of my dozen or so current customers was resetting their account so I assumed it was that one and went back to bed.

My cell phone went off again this morning about 8:45am alerting me to another account being opened. This one a $10 a month account. Nice! The server automatically send emails to new customers letting them know how to access their account. But the trouble was, this new account was using a bogus domain name. There might be a legitimate reason for that. Maybe they didn't want to pay for a domain name and didn't mind the odd looking URL provided for access to the account through the IP. But I was suspicious. A nasty spammer could cause a lot of trouble. I checked out the site, and didn't see anything unusual. The other account, which I assumed was the old account being reset, still had disk space reserved. I was just about to delete it when it occurred to me that I wasn't 100% sure that it actually was the old account holder.

I checked out the site, and noticed a bunch pf scripts related to mail, had been uploaded. I looked at the scripts and found a nice little set up for sending out PayPal spoof emails—the emails that pretend they are from PayPal, and ask the recipient to click on a link and provide their user name and password.

I immediately suspended the account, then checked the other one, and sure enough it had the same stuff loaded. I suspended it, too.

I emailed PayPal and let them know what was going on, and let them know the email addresses of the two PayPal accounts that had been used to set up the two spoof accounts. Then emailed the two new account holders telling the why their accounts were suspended.

So far I haven't heard from anyone, but I have $30 in my PayPal account that hopefully PayPal will let me keep. I wish I hadn't let the first account go so long before suspending it, but in the future I'll pay closer attention. I'm also hoping the spoofers lost money on the deal. If they managed to send out a lot of spoof email, it may cause trouble for the server management, but I imagine stuff like this is pretty common, and can be dealt with quickly.

Anyway...that's why there's not much else posted this morning.

Posted by Danny Carlton at October 7, 2005 11:18 AM

Trackback Pings

TrackBack URL for this entry:


Post a comment

Remember Me?

(you may use HTML tags for style)

Security verification

Type the characters you see in the image above.