Behind the scenes of a Paypall Scamm.

You should not believe everything you see on the internet. If we did most of us would be rich beyond our dreams, own a PHD in Philosophy, be a genuine priest, have been known to help free a prince in africa and of course have A phallus thats three meters long with stamina to match. You know what I mean.. Most of this crap of course comes from Spam. They offer you Viagra, Nigerian 401 scams and of course more of that stuff. Now these things are pretty easy to spot. Most of these adds come from shady email addresses and the emails themselves are so cut up to avoid spam filters its even hard to read them.

A different sort of Spam is what we call the phishing attacs. Beside the fact that nobody on the planet actually knows how to pronounce it ('Phishing ? Fishing ? Fysing ?) they are actually a lot more tricky to spot. They LOOK like they are coming from for instance the PAYPALL site. An email stating that you should update your account information or your account is going to be scrapped. Rule nr one is of course : NEVER give your password and login accounts via email to anyone. If you are a bit skeptical you KNOW paypall would not start closing of accounts cause people don'"t read their email. They want the bloody customers. So this little email is obviously a scam. Some lowlife is trying to get your paypall acount and go pornshopping on your behalf. But how do you know whats real or not ? 

Well first off :  A little common sense. If somebody walks up to you in the street and asks if he can have your housekeys to "get them cleaned for you, for free" and then asks for your home address to "drop them off when they are done".. you have to be pretty stupid to fall for it. On the net its all the same. So don't believe everything you read.  " But the email adress says it comes from paypall  ?" I hear you mutter. Yes it might look that way, but there is a pretty easy way to find out. The SMTP protocol has an option that you can actually enter just about ANY "from" address that you would like. So you COULD make it appear that your email is coming from "george@whitehouse.com" while in fact its coming from "Sissypaul@barbie.com". This is called "spoofing" and you can find our whether or not the address is genuine by looking at the entire "header" of the mail. This will tell you where the email comes from. If the outgoing mail server is not the same one as the domain name of the sender, something might be off. ( But you can learn all about this matter when you listen to this great episode of security now.)

Why am I telling you this ? Cause I got the lamest spoof mail you could believe. Lets go through my Gmail inbox shall we ?

gmail

Now, whoever thought this little sceme up is not to bright a person : The whole "give me your login or we shut down your account thing'" is a classic way to spot some foul play here. But the who most obvious mistakes this person made are the "sender" address : Looks like paypall is short on money and seems to be using Gmail servers to get their stuff around ? I hardly think so.. Not even a good 'address spoof' here. But this DOES give them the advantage that they got through the Gmail Spam filter. Then : The link you have to click : They don't even bother to "hide" the link behind some text saying 'click here" that has the link embedded. No .. they just give you the url as plain as day. Pretty dumb BUT check out the address. Tomsimmons.net ? Has paypall run dry of funds and do they have to host their content on some 3rd party website ? Lets just find out WHO this Tom Simmons might be. Time to enter the website address into dnsstuff.org and to a "whois" search.

whois

 This "WHOIS" search will help you find out WHO owns an internet domain. Everybody who registers a domain has to give his address and his phonenumber so people can find them. You can do this "publicly" giving out everything or use a "private" registration (where you let your hosting provider be the one to enter HIS data on your domain name registration" Its amazing how many people use the "public' listing and make a direct connection between their website and their home address ( Stalking anyone ?) So not so wise. But our little Whois operation has some result.

whois
 

There you go : Our Tom Simmons. We can pay him a visit to give him our account details, we might even ring him up. It could not be this obvious could it. Believe me : Its not. To find out what was behind the whole scheme I did something you kids should NEVER EVER DO … I clicked the link ( In a Virtual machine system, running on Ubuntu Linux, No Windows based trojan or virus can touch me ! ) 

tom
 

Our Scammer is .. A comedian ? Doesn't add up does it ? This is obviously one of those cases where the trail of breadcrumbs is to obvious. Nobody would be this stupid. And luckily .. nobody is. Our Tom is a good old stand up comedian and he has his own little website. What probably happened is that his website got hacked and somebody added a little bit of code to form this "button" you have to click on (the one that the link in the email points to). When you CLICK this button your pc is probably infected by some kind of virus, trojan or what have you .. Or you are redirected to some hackers site. Not good right ? Luckily Tom got the punchline before the joke was on him and his site was "cleaned up", removing the "bad piece" of code (as you can see by the dead link).

Epilogue ? I just wanted to show you guys who you can trace back emails to their source. That you should not believe everything you read and even be skeptical about the results you get when you digg around.  … So now that you read this you need to email me your visa number and pinncode otherwise your wallet will burst into flames in the next 40 minutes ..  🙂 …  

Links :

Email spoofing according to Wiki. 

The engine behind email : SMTP by Wiki. 

WHOIS by Wiki. 

How to read Email Headers

Dnsstuff.org.  

Funny Tom Simmons

Related Posts

  • No Related Posts

Leave a Reply

Your email address will not be published.