Database Info

FRAUD PAYPAL EMAIL SAMPLE: BE CAREFUL !!!!!

I have a Paypal account and I buy a lot of stuff from eBay. My account is connected to my Yahoo email; it used to be with my office email but sometimes our firewall treats Paypal emails as spam.
Anyway, I checked my Yahoo account yesterday and there was a notice that I sent payment of 395.85USD to someone for buying an Omega Constellation Watch (must've been a fake watch that one ). Scrolling down the message there was an area which asked if this transaction is not authorized; I should click on the Problem Resolution Center. I clicked on it and the website appeared which definitely looked like Paypal. It asked me to log in; which I did. The next step was that it asked for my First Name, Last Name, Credit Card info, etc. This actually struck me as being strange. Since I had a Paypal account, logging in automatically tells the website who I am and what my personal details are.
What I did was immediately logged out. I then logged in again and changed my password and secret question (when you forget your password this one prompts you). Logged out again, then logged in and checked my history or activity. It showed that there was no purchase done on the said date (when I supposedly bought a watch). I forwarded the suspect email to: 'sp[email protected]' for them to clarify and investigate for me. I also checked with my credit card company and thankfully they said that there was no activity related to the case I described.
This morning I checked my Yahoo email and Paypal responded saying that they have verified the email to be a fake. The first point is that Paypal will never address you as "Dear Member or Dear Paypal Member". The second point is that there was a difference in the URL used by the fraud link. For those of you who use Paypal; please take some time off and read a little more on this. There's a "Contact Us" section, from there you can type "Fraud" in the search field. A topic saying "How do I differentiate between a fake and authentic email from Paypal" (or something like that).
Lastly, Paypal said that if I did fill out the information requested by the fraud URL; chances are my credit card info would have been obtained and who knows what can happen. I'm sending you a copy of the email I received. PLEASE TREAT THIS AS REFERENCE ONLY. DO NOT COPY OR CLICK ON ANY LINKS.
Cheers
Rob
------------------------------------------------------------------------
--------------------------------------------------------------------------
PayPal <[email protected]>" <[email protected]> Add to Address Book Add Mobile Alert
Subject:
Your payment has been sent to [email protected]
Date:
Tue, 10 Jan 2006 20:20:01 -0700
Dear PayPal Member,
This email confirms that you have paid OMEGAMOVE ([email protected]) $395.85 USD using PayPal.
This credit card transaction will appear on your bill as "PAYPAL OMEGAMOVE".
--------------------------------------------------------------------------------
PayPal Shopping Cart Contents
Item Name:
Omega Constellation Men Watch - mint
Quantity:
1
Total:
$380.85 USD
Cart Subtotal:
$380.85 USD
Sales Tax:
$15.00 USD
Cart Total:
$395.85 USD
--------------------------------------------------------------------------------
Shipping Information
Shipping Info:
James Dickinson
184 Hadley Dr.
Chicago, IL 60614
United States
Address Status:
Unconfirmed
--------------------------------------------------------------------------------
If you haven't authorized this charge, click the link below to cancel the payment and get a full refund.
Dispute Transaction
--------------------------------------------------------------------------------
Thank you for using PayPal!
The PayPal Team

First: check on which domain you are checked.
Most fraud email don't link to real sites.
However: you see good link for example http://www.paypal.com/authorize.html in email, but when you hover over the link, below your good email client you can see real link in status bar, for example http://paypal.proof.nu/auth/login.php or so. Or strange ipnumber http://12.31.78.2/paypal/auth.html.
(links are not real - just for example, no need to clicking!!!!)
Yes, don't look blindly on words on the email. Look always behind the emails: which real links are here used? Is there not extra words used, is grammar okay, and looks altijd first on official sites if there is indeed happens. If there is indeed such information available then you can look further. If there is warning about fake emails, trash the email immediately or forward to paypal site for examining fraud links.
Such strange links are not linked to www.paypal.com. That is why you must always check the real links where you going to.
And when the fraud email links real to www.paypal.com site, then is fraud email useless.
Full image fraud emails are almost fake. You can always trash them.

Similar thing happened to me with an Amazon spoof site. Of course, the email was in HTML and the link redirected me to another site that asked me to sign in and then give credit card details. It looked very convincing indeed. This was the first time I'd ever received such a thing and it nearly caught me off guard but luckily I realised at the last moment that it was illegal 'phishing' activity. I'm not sure who to report this to though, Amazon, or a more authorative body like the police? See the attached images for what the site/email looked like.
Regards,
Neil.

thanks for the info

PayPal Example
mrdummy - You had some great points.
I just came across an interesting example of a PayPal fraud email.
The email had this from header...
"From: [email protected] ([email protected]) "
If you look at the domain name... [email protected] "ACCOUNTS-PAYPAL.COM", you can see that it's not from paypal.com. That's the best way to determine whether or not it's spam email.
GMail does a great job of helping you determine this. This email wouldn't have even showed up in your spam box since GMail wouldn't have accepted it because it's claiming to be from "paypal.com" and it's actually from "accounts-paypal.com".
Other good email fraud tips.
GMail will also put a little key next to the sender's name if it is a legitamate email... atleast in PayPal's case.

Blackman_X aka The Mobile panda in hiding?

This is a supposidly a VZW insider. ever since late lastnight his tweets went private. he mentioned some TB stuff the othernight then his twitter account now says private. the twitter is black_man_x is this a common thing? i never looked at his postings till now.
Not to add any fire to things but i was told lastweek the date was feb 28th but got moved to thursday - friday. this is coming from my workplace and supposidly inside emails with our Reps but i have not personally seen those emails.

he has had his tweets set to private for the longest time. he must of made them public and then set them back to private. chill out its not the end of the world. all you have to do is send a request to view all his tweets, via trying to view more of his tweets

Spam Sent via Mobile through GMail

I'm currently running CM7 RC2 with various apps, and I woke up to an inability to log into GMail. When trying to log in via my desktop browser, GMail said my account was blocked due to suspicious activity. After completing the steps to fix this problem, I checked the recent connection activity at my account, and noticed something strange:
Mobile Mexico (189.254.89.190) 9:03 am (5 hours ago)
The time matches with when the spam was sent. The actual spam email contained text and a link that redirects to some online pharmacy site. The text was:
.It�s amazing!!!
Click to expand...
Click to collapse
I will refrain from posting the link unless someone PMs and asks for it.
The message headers include:
MIME-Version: 1.0
Received: by 10.229.222.208 with HTTP; Wed, 9 Mar 2011 06:03:24 -0800 (PST)
Date: Wed, 9 Mar 2011 09:03:24 -0500
Delivered-To: <removed>@gmail.com
Message-ID: <[email protected]>
Subject:
From: <removed>@gmail.com>
To: <removed for privacy>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
.It=EF=BF=BDs amazing!!! <link removed>
Click to expand...
Click to collapse
If anyone can help me figure out what's going on and/or what caused this, it would be appreciated. I'd also be curious if anyone else experienced something similar.
Thanks all!

Sounds like someone got your log it. I would HIGHLY doubt it's related to your Android phone or your Cyanogen Mod ROM. If you were you would of got an E-Mail from Google explaining the app situation.

ive actually read either here on xda or on another android forum
that if you download certain apps illegally and then install them on the phone and grant them permissions they do have the potential to "call home" or send emails or text messages as spam
also could it have something to do with all the malware that google just removed from the market? maybe you got a rogue app
so is it possible you did one of these things?

Freek91 said:
also could it have something to do with all the malware that google just removed from the market? maybe you got a rogue app
so is it possible you did one of these things?
Click to expand...
Click to collapse
Didn't Google push an app to get rid of those? So he would've probably gotten an email if it was that.
Sent from my DeLorean using a Flux Capacitor

BEWARE OF SCAM htcsimunlockcode.com

These people are running a scam selling unlock codes that don't work. They are charging tax on their service to people of other states where they do not have an office in. What they are doing is illegal and their refund process is unacceptable. You have to upload a video on youtube with your phones private information for them to see. What kind of return policy is this. I didn't do this of course but below is my email conversation with them and let this show you what kind of business they are running. I ended up getting my full refund processed but I'm sure more people have been burned by these people.
new message from htconlineunlock.com
18 messages
--------------------------------------------------------------------------------
HTC UnlockCode <[email protected]> Thu, Aug 1, 2013 at 6:16 PM
To: Yaniel Acosta <[email protected]>
why you do not want to send us video proof?
--------------------------------------------------------------------------------
Yaniel Acosta <[email protected]> Thu, Aug 1, 2013 at 6:19 PM
To: HTC UnlockCode <[email protected]>
You guys are not listening. How do you want me to send you a video if I don't have another phone to record. What's so hard to understand about that. If I knew that this was your so called no hassle refund policy, trust me I would have to paid for it.
[Quoted text hidden]
--------------------------------------------------------------------------------
HTC UnlockCode <[email protected]> Thu, Aug 1, 2013 at 6:21 PM
To: Yaniel Acosta <[email protected]>
how many time you need to create a proof and send us?
we can wait
[Quoted text hidden]
--------------------------------------------------------------------------------
Yaniel Acosta <[email protected]> Thu, Aug 1, 2013 at 6:23 PM
To: HTC UnlockCode <[email protected]>
I can take a screen shot right now of my IMEI and another one displaying that the code does not work. I can do that.
[Quoted text hidden]
--------------------------------------------------------------------------------
HTC UnlockCode <[email protected]> Thu, Aug 1, 2013 at 6:25 PM
To: Yaniel Acosta <[email protected]>
we need only video proof. we are sending this proof to our supplier he is reviewing it and making refund for us. after that we making refund to customer. this is how it works. so we need only video proof
[Quoted text hidden]
--------------------------------------------------------------------------------
Yaniel Acosta <[email protected]> Thu, Aug 1, 2013 at 6:28 PM
To: HTC UnlockCode <[email protected]>
So you guys don't even provide this service. You have to go through a third party. That's unacceptable. Like I said, how can I send you a video if I have no access to another phone, I just have mine. You understand that issue that I'm dealing with. If I file a dispute with my credit card company they will credit my account and you will loose that money. I can provide you with screen shots as proof so you can see that this code does not work.
[Quoted text hidden]
--------------------------------------------------------------------------------
HTC UnlockCode <[email protected]> Thu, Aug 1, 2013 at 6:31 PM
To: Yaniel Acosta <[email protected]>
ALL unlocking websites in internet buying codes from biggest supplier.
You payed 8.99 for code we can refund this amount to you. But please show us proof
[Quoted text hidden]
--------------------------------------------------------------------------------
Yaniel Acosta <[email protected]> Thu, Aug 1, 2013 at 6:35 PM
To: HTC UnlockCode <[email protected]>
I understand but that is not my problem. If they supplied to you a code that was defective you need to take that up with them. I was trusting you guys in giving you my payment information to receive a working code and that was not the case. I was not charged 8.99 I was charged 13.50 and that's what I expect to be credited back to me.
[Quoted text hidden]
--------------------------------------------------------------------------------
HTC UnlockCode <[email protected]> Thu, Aug 1, 2013 at 6:38 PM
To: Yaniel Acosta <[email protected]>
8.99$ a code and 4.51$ is a tax which we already payed, so we can only refund 8.99 to you after you will show us video proof
[Quoted text hidden]
--------------------------------------------------------------------------------
Yaniel Acosta <[email protected]> Thu, Aug 1, 2013 at 6:42 PM
To: HTC UnlockCode <[email protected]>
You need to refund the tax as well. What you are doing is illegal. You have to refund tax on services or products that are returned back to you.
[Quoted text hidden]
--------------------------------------------------------------------------------
HTC UnlockCode <[email protected]> Thu, Aug 1, 2013 at 6:44 PM
To: Yaniel Acosta <[email protected]>
show us video proof first
[Quoted text hidden]
--------------------------------------------------------------------------------
HTC UnlockCode <[email protected]> Thu, Aug 1, 2013 at 6:48 PM
To: Yaniel Acosta <[email protected]>
its very easy to create it. it will take 3 minutes from your time
[Quoted text hidden]
--------------------------------------------------------------------------------
Yaniel Acosta <[email protected]> Thu, Aug 1, 2013 at 6:48 PM
To: HTC UnlockCode <[email protected]>
Here is the video you are asking for and process my full refund for the amount of 13.50 right now.
[Quoted text hidden]
3 attachments
IMG_0440.MOV
5151K
IMG_0440 (1).MOV
4894K
IMG_0440 (2).MOV
1548K
--------------------------------------------------------------------------------
HTC UnlockCode <[email protected]> Thu, Aug 1, 2013 at 6:54 PM
To: Yaniel Acosta <[email protected]>
you should upload it to youtube and give us a link
[Quoted text hidden]
--------------------------------------------------------------------------------
Yaniel Acosta <[email protected]> Thu, Aug 1, 2013 at 6:55 PM
To: HTC UnlockCode <[email protected]>
I gave you what you needed. Process the refund now.
[Quoted text hidden]
--------------------------------------------------------------------------------
Yaniel Acosta <[email protected]> Thu, Aug 1, 2013 at 6:56 PM
To: HTC UnlockCode <[email protected]>
I'm not going to have my private information out on the web displaying my phone's serial number. This is illegal to request someone as part of a refund to display private information publicly.
[Quoted text hidden]
--------------------------------------------------------------------------------
HTC UnlockCode <[email protected]> Thu, Aug 1, 2013 at 6:58 PM
To: Yaniel Acosta <[email protected]>
choose privacy settings for this video "only for people who have direct link"
so only you and we can see this video
[Quoted text hidden]
--------------------------------------------------------------------------------
Yaniel Acosta <[email protected]> Thu, Aug 1, 2013 at 7:00 PM
To: HTC UnlockCode <[email protected]>
Who do you consider we? I need to know who will be viewing this information. I don't understand why you need me to upload it publicly if you have the video files in the previous email. Please just process the refund.

I wouldn't really trust any site that claims they can unlock your phone quickly and easily. I once gave my email to one of those type of sites and they spammed me for the longest time.

what a mess!
those cheaters.

Sure enough ... scam
Unfortunately, didn't find this post until afterwards ...
Scammers.
- Their 100% satisfaction guarantee is closer to 0%.
- No unlock codes for HTC M8
http colon slash slash www [dot htcunlockingservice [dot] com
Seller's Name: Mustafa Sandal
Seller's Email: [email protected]
Seller's Transaction ID: 13970162502911748
More importantly, HTC M8 can be SIM Unlocked for free, now there's S-OFF.

i got scammed too from this guy Mustafa Sandal
look what he said to meȘ
Dear customer, After you`ve opened a claim, Paypal held an amount and I cant use it, it`s frozen.
This is my only one job, I really need this money, I need to feed my kids, family please sir(madam), close this claim, I`m begging you, I will do everything to help you with unlocking your phone, please close the claim now.
Best regards
off course i opened a case on my paypal account to get my money back

Same here. HTC M8. 14usd for code, wrong code, no money back Opened claim and the answer was ....
"Dear customer,
Please close Paypal claim now.
We sent a second request to carrier server because first un-encryption request
was not correct and thats why your first code did not worked.
Your order is processing on carrier server now. Our PayPal account
connected with carrier server account. It`s very dangerous to
cancel this process by opening claim because your phone will be
permanently locked and no one other unlocking procedure will not unlock it.
We reccomend you to close the PayPal claim now. Your order was on 76%
progress when you opened a claim, now it's on hold. Please close the claim,
your order will be processed correctly and you will receive a code.
Thanks"

so did anyone get his money back?
i´m waiting since a year or so -.-

I tried this site. Tax was ridiculous. That should have been my first tip off. I paid the $13. Now he's coming back and say he needs to use a different tool and wants another $13. No way.
It may end up being a $13 lesson learned, but at least I used my CC thru Paypal so I can dispute it if necessary.
Just an update - I pushed back on the fee. I told them that if they couldn't do it for the price initially paid, then I wanted a refund. He ended up "giving me a discount" and just gave me the codes. He gave me 2. Hopefully one of them will work.

K9mail / Kaiten security issue - tracking

In actual German magazine c't 22/2013 an interesting article was published about tracking and security issues of mail apps:
http://www.heise.de/ct/13/22/links/130.shtml
A link to a test tool was published:
https://emailprivacytester.com/
This tool shows an issue in K9 / Kaiten, tracking by Audio tag was possible over all versions:
Code:
Test - Audio tag
In the <body> of the HTML part, place a tag as follows:
<audio src="http://TRACKING_URL/" preload="metadata" autoplay="autoplay"></audio>
Is it known?
Is there a way to avoid this behaviour?
Thx...

Well, 3-4 days ago I emailed K-9, Kaiten, and [email protected] Mail about this. Only [email protected] Mail has responded so far with:
I'm aware of these issues (there's more than just the audio tag problem).
I do have plans to offer some privacy/security settings that would allow to block certain tags in a html mail. Unfortunately my to do list grows by the day and I can't give you a release date.
Click to expand...
Click to collapse
The other two are silent currently.