Second Life Forums Archive - Change your PayPal Password - Access Attempts

Cristiano Midnight

Evil Snapshot Baron

Join date: 17 May 2003

Posts: 8,616

09-11-2006 11:19

From: Fred Extraordinaire

i dont have issues with my paypal, nor a warning to change anything, but i do have charges dating from 8/28 from someone using the in-grme system to buy lindibux...anyone have or heard similar reports?

You should report the transaction ID to Linden Lab and find out what account the funds were purchased for.

_____________________

Cristiano

ANOmations - huge selection of high quality, low priced animations all $100L or less.

~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.

Chronic Skronski

SL Live Musician

Join date: 23 Jun 2006

Posts: 997

09-11-2006 11:23

From: Solstice Asturias

Wow thanks for that Phishing link! This is one of the best Phishing schemes I have seen!

My question is though....how did they already know part of my account info, like it named my bank in the drop down menu when asking for my complete info???

Out of curiosity, did it also list other banks geographically close to you?

_____________________

A man without religion is like a fish without a bicycle.

CJ Carnot

Registered User

Join date: 23 Oct 2005

Posts: 433

09-11-2006 11:30

From: Cristiano Midnight

However, reports keep coming in of people having their Paypal accounts accessed from Russia this weekend, and it is quite concerning.

What's most concerning is the way this situation is going from bad to worse, from Fridays warning from LL that data MAY have been accessed but NO credit card details were on the server, to the current knowledge that data DOES contain hashed credit card numbers and that anecdotal evidence points to this data having been downloaded and being in the hands of criminals intent on using it to steal funds. The last communication from LL doesn't even acknowledge the certainty that data HAS been downloaded.

We really do need an announcement now. They were happy to reset our passwords because it was potentially serious enough. Are they prepared to tell us in plain language that we should cancel our credit cards with all haste ?

And out of curiosity how many of us are prepared to trust them with our new ones after this ?

Buster Venkman

Registered User

Join date: 21 Feb 2006

Posts: 47

09-11-2006 11:33

Sounds to me like the crackers are trying out their newly acquired LL passwords against all of the Paypal accounts, while they wait for all of the cracked credit card numbers to come in.

Good thing I didn't use Paypal. Gives me a few extra hours to cancel my credit card.

*sigh*

Rakkasa Lewellen

Registered User

Join date: 21 Jun 2006

Posts: 43

09-11-2006 11:35

From: Mugzy Shilton

Yep. this is phishing.

http://tinyurl.com/4pn9h

The link goes to a post telling all about this scam, the post is on antiphishing.org.

I've gotten the paypal phishing email. It was about 6-8 months ago, I sent it to their security department and they verified it was a phishing attempt.

That particular link (since removed /doh) was legit. I didn't connect through it, but the email was legit and it matched the information on the site.

Paypal does use email to communicate with customers. Not EVERY email from paypal is phishing; however, I agree with the practice of always linking directly rather than via an email link - internet common sense.

elka Lehane

WOWAWIWA

Join date: 30 Mar 2005

Posts: 983

09-11-2006 11:39

It is as easy as that:

If the email you recieve by Paypal DOES NOT START WITH YOUR FULL NAME, then it's a scam.

I use paypal ever since it was invented and this is the only way to tell.
But I'd suggest everytime you recieve those weird emails (wich should not be often), call them or forward them a copy and they will tell you immediatly.

_____________________

View my profile inworld for direct teleports to all !BF! locations :3

Syrrh Hurnung

Registered User

Join date: 9 Jul 2006

Posts: 55

09-11-2006 12:04

From: Solstice Asturias

Wow thanks for that Phishing link! This is one of the best Phishing schemes I have seen!

My question is though....how did they already know part of my account info, like it named my bank in the drop down menu when asking for my complete info???

That's easy. You log in to the fake site. Fake site logs in to the REAL PayPal and fetches your information, then relays that info to show you. Since it all looks legit, you don't suspect anything's wrong and close the session, leaving the phisher with your password.

April Chung

Isle of Bliss Owner

Join date: 7 Jun 2004

Posts: 478

09-11-2006 12:21

It has happend to me on Sept 7

_____________________

Like a moth to a flame burned by the fire.
My love is blind.
Can't you see my desire?

Change your PayPal Password - Access Attempts
Cristiano Midnight Evil Snapshot Baron Join date: 17 May 2003 Posts: 8,616	09-11-2006 11:19 From: Fred Extraordinaire i dont have issues with my paypal, nor a warning to change anything, but i do have charges dating from 8/28 from someone using the in-grme system to buy lindibux...anyone have or heard similar reports? You should report the transaction ID to Linden Lab and find out what account the funds were purchased for. _____________________ Cristiano ANOmations - huge selection of high quality, low priced animations all $100L or less. ~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.
Chronic Skronski SL Live Musician Join date: 23 Jun 2006 Posts: 997	09-11-2006 11:23 From: Solstice Asturias Wow thanks for that Phishing link! This is one of the best Phishing schemes I have seen! My question is though....how did they already know part of my account info, like it named my bank in the drop down menu when asking for my complete info??? Out of curiosity, did it also list other banks geographically close to you? _____________________ A man without religion is like a fish without a bicycle.
CJ Carnot Registered User Join date: 23 Oct 2005 Posts: 433	09-11-2006 11:30 From: Cristiano Midnight However, reports keep coming in of people having their Paypal accounts accessed from Russia this weekend, and it is quite concerning. What's most concerning is the way this situation is going from bad to worse, from Fridays warning from LL that data MAY have been accessed but NO credit card details were on the server, to the current knowledge that data DOES contain hashed credit card numbers and that anecdotal evidence points to this data having been downloaded and being in the hands of criminals intent on using it to steal funds. The last communication from LL doesn't even acknowledge the certainty that data HAS been downloaded. We really do need an announcement now. They were happy to reset our passwords because it was potentially serious enough. Are they prepared to tell us in plain language that we should cancel our credit cards with all haste ? And out of curiosity how many of us are prepared to trust them with our new ones after this ?
Buster Venkman Registered User Join date: 21 Feb 2006 Posts: 47	09-11-2006 11:33 Sounds to me like the crackers are trying out their newly acquired LL passwords against all of the Paypal accounts, while they wait for all of the cracked credit card numbers to come in. Good thing I didn't use Paypal. Gives me a few extra hours to cancel my credit card. sigh
Rakkasa Lewellen Registered User Join date: 21 Jun 2006 Posts: 43	09-11-2006 11:35 From: Mugzy Shilton Yep. this is phishing. http://tinyurl.com/4pn9h The link goes to a post telling all about this scam, the post is on antiphishing.org. I've gotten the paypal phishing email. It was about 6-8 months ago, I sent it to their security department and they verified it was a phishing attempt. That particular link (since removed /doh) was legit. I didn't connect through it, but the email was legit and it matched the information on the site. Paypal does use email to communicate with customers. Not EVERY email from paypal is phishing; however, I agree with the practice of always linking directly rather than via an email link - internet common sense.
elka Lehane WOWAWIWA Join date: 30 Mar 2005 Posts: 983	09-11-2006 11:39 It is as easy as that: If the email you recieve by Paypal DOES NOT START WITH YOUR FULL NAME, then it's a scam. I use paypal ever since it was invented and this is the only way to tell. But I'd suggest everytime you recieve those weird emails (wich should not be often), call them or forward them a copy and they will tell you immediatly. _____________________ View my profile inworld for direct teleports to all !BF! locations :3
Syrrh Hurnung Registered User Join date: 9 Jul 2006 Posts: 55	09-11-2006 12:04 From: Solstice Asturias Wow thanks for that Phishing link! This is one of the best Phishing schemes I have seen! My question is though....how did they already know part of my account info, like it named my bank in the drop down menu when asking for my complete info??? That's easy. You log in to the fake site. Fake site logs in to the REAL PayPal and fetches your information, then relays that info to show you. Since it all looks legit, you don't suspect anything's wrong and close the session, leaving the phisher with your password.
April Chung Isle of Bliss Owner Join date: 7 Jun 2004 Posts: 478	09-11-2006 12:21 It has happend to me on Sept 7 _____________________ Like a moth to a flame burned by the fire. My love is blind. Can't you see my desire?

Welcome to the Second Life Forums Archive

Change your PayPal Password - Access Attempts