Re: OT: PayPal fake website?

Bill Bowden wrote:
I got a suspicious email a few days ago concerning my PatPal account
which requested going to the PayPal website to fix the problems of
excessive non-correct logins. I reported the the email to PayPal
without a response.

I went to PayPal to check my account at the resolution center and
found no outstanding issues.

Anybody else get this kind of stuff?

The suspicious site is still in operation at:
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

-------------------------------- original email
-----------------------------------


Resolution Center: Your account access has been limited.

Date:8/11/2009

Dear member of PayPal...

Due to the number of incorrect login attempts,your Paypal account has
been limited for your security. This has been done to secure your
accounts and to protect your private information in case the login
attempts were not done by you. At PayPal we care about security so,
for your protection we are proactively notifying you of this activity.
If you did not trigger this limited ,follow this link: To access the
form, please click on the link below :

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

We apologize for any inconvenience this may cause.

Copyright © 1999-2009 PayPal. All rights reserved.

If that's the actual email copied/pasted, I'd say it's fake. The style, grammar, and punctuation are just too clumsy.

"If you did not trigger this limited ,follow this link: To access the form, please click on the link below :"

"Trigger this limited" ??
Spaces sometimes before commas, instead of after?
Spaces sometimes before colons?
The two sentences with their colons are redundant anyway. The first one leaves you hanging, then the second sentence leads to the (same) link, it's STUPID.
If you did "trigger this limited" now what, don't follow the link?
If you did _not_ "trigger this limited" what do they expect you to do?
Access the form? WHAT form? Sounds like bait.
.

Relevant Pages

  • Weakness introduced by denying remote logins on AIX, possibly others
    ... AIX 4.3.3 and AIX 5.1, ... is possible to remotely enumerate the passwords of a known AIX account. ... believed to be in the response from the login program after authentication ... Give accounts that have been restricted from remote logins strong passwords. ...
    (Security-Basics)
  • Re: Please! Doesnt anyone know a better way to do this?
    ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: AD Security Groups break Authentication
    ... I can do a domain login using my own account & a couple others, but one specific account can't login. ... My ping testing showed that 1430 was the highest MTU setting that wouldn't result in fragmentation. ... As soon as the network engineers changed the MTU from the default of 1500 to 1400, all domain traffic stopped and they detected a ton of errors, so we restored the MTU to 1500. ...
    (microsoft.public.windows.server.active_directory)
  • Need example of working PAM.CONF file that enables ssh login using winbind and AD
    ... login into my system using ssh. ... (explicit because of pam_rhost_auth) ... # Default definitions for Authentication management ... cron account required ...
    (SunManagers)
  • WinXP laptop, simple-style login conn to Win2000 share, error
    ... So, to simplify matters, add all machines to the domain. ... local machine accounts) to keep track of... ... the local account information. ... the "pushbutton login") and configure the Laptops to auto ...
    (microsoft.public.windowsxp.security_admin)