Im guessing that everyone would have received at one time or another fraudulent emails supposedly from banks asking you for information and to logon to confirm details etc.

Just lately i have received a couple from paypal. The email contains some convenient links for you to log on with. These links go to a cleverly designed page made to look like the real deal, but are in fact fraudulent copies of the paypal site designed to harvest your account details.

The rub is to never ever login to a sensitive account via a link without checking that the url link goes to right webserver.

I know most of you would be aware of the nature of such scams, but not everyone is as internet savvy, and I would hate to see anyone caught out by these scumbags.

Very timely reminder Geoff, thanks.

It's been a real pita Geoff. I've been getting them for months and Paypal don't seem to be able/willing :shrug: to do anything about them.

The easiest way to tell the difference between a paypal email and a bogus one is Paypal will always address the content of the email spcifically to you, eg mine are always Paul Russell, whereas the fraud ones start with Dear Customer.

If anyone has fallen for one of these scumbag emails, log into your Paypal account (through the paypal home page) and change your login password details immediately, now, pronto!

Onya Geoff:thumbsup:

There's been a similar thing going on with the Commonwealth and National banks the last few weeks.

Be careful too if you get a call to your mobile phone informing you of a prize you've won... and all you need to do is phone a certain number to redeem.:mad2:

Thanks Geoff,

Sometimes you feal these things will never happen to you so thanks for the warning.

I have worked in the financial services sector for 25 years, mainly in IT. The fraud scams are getting better and better. Identity theft is huge, it costs Australian banks about $100K each per month! The cost for the USA last year was almost $1 Bn, Identity Theft is the fastest growing crime.

There are many vunerabilities, some you wouldn't even see - man in the middle, DNS poisioning, SQL embedding, URL reflection on improperly set up sites.

I am extending our company's Identity Management solution at the moment. Have a look at www.TrustDefender.com (http://www.TrustDefender.com) - a great and free Aussie invention to protect against URL hijacking. In this respect unlike all other Spybot, Virus Scanner, or Firewall Solution TD is unique (and undergoing patent application). It works by looking for URL re-direction and checking if the destination is a known financial institution (i.e. one of our 88 licensed Banks in Australia) - checking all certificates and policies match, and if they don't applies community based voting as to the destination of where your browser session is going. It's housed behind multiple high end fire walls, on 4 * T3 lines (multiple gigabytes of data throughput) in a C4 (Government defense rated secure site - retina + finger print + Impala key required for access).

So it does 3 things well (in realtime - i.e. adds less than 1/2 a second to your transaction):

1. Checks how up to data your protection is (firewalls, virus scanners, spybot detectors and windows patches) and informs you of risks
2. Checks all termination addresses certificates matches known valid sites and their certificates (impossinle to fool)
3. Checks all sites against a community that votes on valid or fraudlent sites to further detect phishing attacks and warns you if its phishing or pharming!

I'm not affiliated in anyway with this firm, but I think personally its the ideal solution to a vexing industry problem, and assume a Government department or major financial instutition will either buy them out or co-fund them soon. There solution is well worth a read because within 18 months major cards (VISA and Mastercard so far have taken the stance to all merchants - adopt Smartcards and Smartcard readers - or you'll foot the bill for fraud - not us!). When this happens the market will be in turmoil for a while and some Merchants may inflate costs to cover fraud.

http://www.trustdefender.com/downloads/TrustDefenderSetup.exe

PS

If your a victim the Banking act allows you to repudiate ANY payments by cards for at least 90 - 120 days for any of the following reasons - not my transaction, not the goods I ordered, not good in acceptable quality. Once you write to the merchant and they refuse refund, you are entitled to contact your card provider and say I repudiate this payment and have requested the goods be refunded. By law then they must deal with the merchant on your behalf and you are protected and its a single merchant vs the might of a major international card issuer having to comply with the Banking act enforced in Australia.

Hi G_Day,

Thank you for that VERY Helpful,Interesting information,I am sure a lot of us here,Including myself,were NOT aware,of our rights,re Credit cards,and the ability to force the banks,to help us.(heaven forbid).

All the Best.
Regards.
John

i have had a few fake paypal once recently...you cant even reply to the email to tell them what scum they are :(

if you hover the mouse over the link the give you (which is usualy paypal. com/service or something like that) and check your status bar at the bottom of the page it will show a completely diferent address...

dont get caught out peeps!!!

I've only had the one 'paypal' scam arrive but I've had a shed full of the bank oriented ones.

Given that these things still bounce around the cyberworld I must assume that some people are silly enough to respond to them. I don't think it's anything to do with being computer or Internet savvy it's just using that gap between your ears.

Dujon vu... its you again ;)

Hello, ving. Hello, ving. Hello, ving. Hello, ving. :einstein:

A poisoned DNS would pass undetected by any existing defence on your computer. It could be at your PC or your Internet Service Provider.

Basically Directory Name Services (DNS) is the conversion that turns a English web address or URL like www.optusisgood.net (http://www.optusisgood.net/) into an IP address like 65.66.77.68 that is actually used to direct all your communications.

Imagine your DNS is the target of the attack and that URL is re-coded to be a look alike site www.optusisbad.org (http://www.optusisbad.org/) with an IP address 68.67.66.65.

Well you’d just click on your favourites to go to say My ISP and your or your ISP’s or a net re-directors DNS with an infection delivers you to the fake site, which passes on all your session to the real site, but skims details on the way.

If it were well coded it would be undetectable unless you knew low level TCP/IP coding, obtained the site certificates and checked them against the valid entity to ensure there was no hijacking or eaves-dropping going on. And how many folk here ever check the certificates are correct when you log on to your bank? None I bet.

In the above, very real scenario, the Bank can’t easily tell there is an eaves dropper on its https tunnel, nor that the source of that tunnel isn’t your normal home machine, and you’d be none the wiser anyway.

Your spybot, firewall and virus scanner wouldn’t pick up this hijacking either, to them nothing untoward would have occurred. Only a very savvy network engineer, with a lot of free time, and specifically looking for this type of problem by the network traffic it produces could hope to detect this risk. Given these attacks could be intermittent they would be hard even for the world’s best automated Intruder Prevention System (IPS – e.g. Tier 3 by Huntsman) would find it hard to even see these type of anomalies in the tens of millions of IP connects that happen every second in Australia.

Suggest you give this area increasing thought if you do online transactions!

hmmmm........ Be Alert !!
have had some scam emails "supposedly" from ebay too, wanting to verify details, real easy to pick if one doesn't have a ebay account.. :-)

True, but its the 74th time you go to Westpac using your My Favourites link, and your or Optus's DNS is poisioned and all your identity details are taken and you're totally unaware of it that you have to start worrying.