LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 06-09-2007, 10:16 PM   #1
zapcojake
Member
 
Registered: Jan 2005
Location: Joplin Missouri
Distribution: ubuntu/slackware/gentoo
Posts: 44

Rep: Reputation: 15
hundreds of paypal user names/emails


Hello, I received and email from paypal today that was supposed to have information about my account. It instead contained hundreds of usernames and or emails. I have contacted paypal about this but received no response.
 
Old 06-09-2007, 10:31 PM   #2
St.Jimmy
Member
 
Registered: Jun 2006
Location: Boaz,Alabama
Distribution: Ubuntu 10.10 / Windows 7 Pro 64-Bit / Snow Leopard 10.6.4 64-Bit
Posts: 152

Rep: Reputation: 30
are you sure it's from paypal?
 
Old 06-09-2007, 10:38 PM   #3
zapcojake
Member
 
Registered: Jan 2005
Location: Joplin Missouri
Distribution: ubuntu/slackware/gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
The address checks out, the subject line was restore your account and my account had been limited, and the email didn't ask me for any information and there are no links to follow only hundreds of email addresses from legitimate email providers. Hotmail, and hushmail just to name a couple. Over 36,000 characters in all. There are also some linux.org addresses in it.

Last edited by zapcojake; 06-09-2007 at 10:42 PM.
 
Old 06-10-2007, 07:15 AM   #4
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
Sounds for sure to be a scam.

When you say "the address checks out", how did you determine that?
 
Old 06-10-2007, 07:31 AM   #5
zapcojake
Member
 
Registered: Jan 2005
Location: Joplin Missouri
Distribution: ubuntu/slackware/gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
Its the same address as they have been using to contact me. Plus the email doesn't ask for any of my information or have any links to follow. I have been checking some of the addresses it contains and they are valid. Some of them are addresses tied to websites.
I would be glad to post a snippet from it if I know its legal/moral to do so. I'm trying to cry wolf here I just want to make people aware of what happened. There are some addresses from places like linux.org and linuxmafia in it. I have googled some of the ones that sounded like websites and they are real.
 
Old 06-10-2007, 07:40 AM   #6
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
Can you forward the e-mail to me? (Use the address in my website(link below)--in the "about" link at the bottom of each page.)

Last edited by pixellany; 06-10-2007 at 07:41 AM.
 
Old 06-10-2007, 07:59 AM   #7
zapcojake
Member
 
Registered: Jan 2005
Location: Joplin Missouri
Distribution: ubuntu/slackware/gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
Its done. I have contacted some of the mail providers but haven't heard back.
 
Old 06-10-2007, 08:22 AM   #8
masonm
Senior Member
 
Registered: Mar 2003
Location: Following the white rabbit
Distribution: Slackware64 13.37 Android 4.0
Posts: 2,248

Rep: Reputation: 46
You should probably forward the entire email to Paypal's fraud department.
 
Old 06-10-2007, 08:30 AM   #9
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
<<Time out while we look at the headers which OP will be sending me>>
 
Old 06-10-2007, 08:44 AM   #10
zapcojake
Member
 
Registered: Jan 2005
Location: Joplin Missouri
Distribution: ubuntu/slackware/gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
1539 addresses.
 
Old 06-10-2007, 09:05 AM   #11
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
It's a scam alright---OP can publish the details if he chooses.....
 
Old 06-10-2007, 09:26 AM   #12
zapcojake
Member
 
Registered: Jan 2005
Location: Joplin Missouri
Distribution: ubuntu/slackware/gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
Bingo!!--it is a scam. The tipoff is this line:

Received: from server1.ddf.com.br ([67.15.60.8])

Here is the result of a whois search:

mherring@1[grub]$ whois server1.ddf.com.br

% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use (http://registro.br/termo/en.html),
% being prohibited its distribution, comercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% 2007-06-10 10:55:39 (BRT -03:00)

% Query rate limit exceeded. Reduced information.
% Use https://registro.br/cgi-bin/avail/ for domain availability.

domain: ddf.com.br
owner: Daniel de Melo Franqueira ME (682010)

% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), ticket, provider, ID, CIDR
% block, IP and ASN.

Going to registro.br confirms that they are in fact in Brazil.

I would definitely pass this on to Paypal (use an address for them that
you know to be good)
 
Old 06-10-2007, 01:40 PM   #13
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
Stupid phishers can't even get their scam emails constructed properly...

sheesh.
 
Old 06-10-2007, 01:58 PM   #14
zapcojake
Member
 
Registered: Jan 2005
Location: Joplin Missouri
Distribution: ubuntu/slackware/gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
I'd rather deal with a poor attempt than a good one.
 
Old 06-11-2007, 04:32 PM   #15
Dragineez
Member
 
Registered: Oct 2005
Location: Annapolis
Distribution: Ubuntu
Posts: 275

Rep: Reputation: 32
Forward

Always forward paypal phishing attempts (including full header) to spoof at paypal.com. Nothing may happen in the short term, but it this scumbag ever does come before the bar paypal will make sure he gets the hammer award - or perhaps the sledgehammer award.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
moving saved Evolution emails from user to user voly Linux - Software 1 01-25-2006 05:13 AM
Complex user names future assassin Linux - Security 3 08-08-2005 10:48 PM
checking user emails DJOtaku Linux - General 3 05-09-2005 04:48 PM
How can user names be changed? petercool LQ Suggestions & Feedback 4 05-19-2003 08:59 AM
User names neo77777 General 8 08-10-2002 05:33 AM


All times are GMT -5. The time now is 01:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration