Blog Stats (06 June 2008): There are currently 306 posts and 1100 comments (and 397,307 spam comments), contained within 17 categories.
| I am Aji Issac Mathew also known as AjiNIMC at various forums. I am webby and I think webby, being a part time blogger, this blog is a documentation of my experiences and my learning. Blog Stats (06 June 2008): There are currently 306 posts and 1100 comments (and 397,307 spam comments), contained within 17 categories. | |
| I am into professional Web Marketing services which includes Web marketing strategies, SEO/SEM, Content Designing, Web Designing for usability, conversion improvement and various other things. There are limited availability per month. We don't take too many clients but we make sure that all our clients get their share of success. I worked on in-house sites for over 5 years, now is the time to help others with my experience. I have a great team helping me achieve this. A very creative and experienced team. I write at http://www.dawebmarketing.com/kb/clients/. Contact aji.issac (at the rate) digitalavenues.com and get your share of success. |
Home > Permalink Paypal hack - ignorance can be deadly | |
Sep
7 Are bad guys smarter? If yes then blame the good guys, as most of the good guys are ignorant, expecting everything to be good. As you might be knowing I am working on web technologies and I get many complains of a probable paypal (imp accounts in general) hack. Paypal is a very safe site and in most of the cases the hacking happens at user level (User PC), we call it 0 level hacking. Most of us started learning at 0th level before using the complex tool and complex algorithm based hacks. Different level of hacks
Interception: A person at proxy reading all your details. HTTPS takes care of it, it encrypted the communication. Also try to read the certificate, this takes care of a lot of issues. If needed I can explain this in detail. User Ignorance can be deadlyHere is a simple case of paypal hack. Earlier I use to ignore all the mails from paypal but these days, since I have a paypal account, I can’t ignore. This is the most common (and cheap) way of hacking, we call it (zeroth) 0th level hacking. Do not forget to send this to all your friends, who one day might end up a prey to these simple cheap hacking. I got a mail and it said, Everything is so perfect, I checked the url spelling whether there is some phishing trick there. Sometimes it can be payapal.com or paypaal.com. This time it was perfect but still I wasn’t sure. I mouse over the image and I saw
If I were a little naive with technical concepts I might have ended up entering my paypal username and passwords. The website like exactly like paypal, try http://www.oscormerce.dk/images/www.paypal.com/webscr/update.do=profile/index.html. Enter some fake stuff and you will find that it is asking for more details. Be careful. Some may say that you should look for the secure lock. Thats good but it doesn’t secure it either as we end up in trouble due to our ignorance. https:// or the secure lock just encrypts the communication between the apache and the browser (also changes the port of communication), stopping one way of hacking known as interception. Enabling https is a plane piece of cake, a 5 min task. Be alert and be safe. Be careful about Broswer hijacking too Help you friends by sending this post to all whom you think should know this. Keep reading my blog for other articles on orkut, security, marketing. Keep reading my other posts | |
| This post was written by AjiNIMC aka Web Kotler at 6:33 am under category Tech Talks(Permalink) |  |
|
| |
|
| |
21 Comments »
| |
Perfect…….Trap………..
Rajesh on September 7, 2006 - 9:28 am @ 9:28 am
For this type of fake page . What are encryption specialists doing ? if one can find any good method to prevent it . he will be millonare.
ravi on September 7, 2006 - 12:49 pm @ 12:49 pm
Experts are of no use as the mistakes are committed by the user (90% of the time it is the case). It is like you giving away your password to a third party. Be smart, alert and informed. Thats the only way. Paypal do not process the transaction if it is against the normal trend, they generally mails the customer about unusual transaction to approve it. Better be informed.
I have seen fake yahoo messengers, fake msn messengers, fake client side (based on host entry) pages for 0 level hacking. Anyone who wants to know more can contact me :).
AjiNIMC on September 7, 2006 - 1:18 pm @ 1:18 pm
The people at Paypal and other sites have been busting their respective bums trying to inform their users about such practices as phishing and hijacking. The fact that it continues to be a pervasive problem would indicate to me that people are simply devaluing the warning, or not even reading the communications because they are long and boring reads, generally. People need to understand from the title of the email, that it is a matter of simple self-preservation that they read the information; and that information needs to be written by someone who can write interesting prose to describe and warn against the problem.
We work very hard to sell people on the “good stuff” in our sites. Why do the financial institutions not seem to take the same interest in selling people on how to protect themselves from the “bad stuff” that is out there?
Bill Whedon on September 7, 2006 - 6:30 pm @ 6:30 pm
Bill, it is not that the financial institutions are not doing anything but something is beyond their control. As you said they can work with the members to make them understand what is phishing and hijacking. Thats all they can do. Keep your computer up to date, scan for virus. Use spybot, adaware. I am also using a2.
May be a course for the members can help. Everyone will be suppose to pass the exam else a warning in red will appear on the top. I also think that http://www.oscormerce.dk might be extracting some money right then as suspicious user can change their password soon.
AjiNIMC on September 7, 2006 - 11:06 pm @ 11:06 pm
Looks like this one is a trick to get more traffic http://paypal.com.niisenforums.org/index.htm, This is a subdomain. They are doing all possible things to fool people.
AjiNIMC on September 9, 2006 - 6:44 am @ 6:44 am
http://rivolt.co.za/cp/www.paypal.com/updates/us/webscr.php?cmd=_login-run another phising site. Be aware, I just got a different mail from there.
from paypal@ensim.telpacity.com
Dear valued PayPal member,
The security questions and answers for your PayPal account were changed
If you did not authorize this change, please contact us immediately using this link :
https://www.paypal.com/srt1/s-default
However, You will need to update some of your records in our Resolution center
if not will result account suspension.
Please update your records by October 14.
Look at the link and the anchor text, I think we should maintain the list of websites doing it. I think they can always create a new site for this.
AjiNIMC on October 13, 2006 - 1:56 pm @ 1:56 pm
Is this PayPal logon page a fake ????
http://login3.paypalglobaldatabase.com/cgi-bin/webscr.php?cmd=_login-run
The link was sent in e-mail
This page:
http://paypalglobaldatabase.com/
Shows:
paypalglobaldatabase.com
This page is parked free, courtesy of GoDaddy.com
John Q. Netizen on September 18, 2007 - 8:46 pm @ 8:46 pm
paypalglobaldatabase.com -> 68.178.232.100
login3.paypalglobaldatabase.com -> 60.172.34.66
the subdomain is hosted with differently than the domain itself and the subdomain login3.paypalglobaldatabase.com is a fake page. Thanks for bringing it.
AjiNIMC on September 18, 2007 - 10:57 pm @ 10:57 pm
which software do i use in hacking paypal?
andrew Young on September 22, 2007 - 2:51 am @ 2:51 am
The link is not any type of phishing, its html very easy to do and with 90% or email services that support it automatically then most people wont know the difference
Tyler on January 10, 2008 - 11:02 am @ 11:02 am
From Lion Cracker team
HOW TO HACK PAYPAL AND EARN MONEY
To bootserverpaypal@yahoo.com
serverbootp@hotmail.com
These are the latest Paypal boot server of 1st Janurary 2007
and they will be active till 24 March 2007
then I will again call my brother and ask which is the new paypal boot server
If your Id is in yahoo.com then send the following in bootserverpaypal@yahoo.com
Else if your ID is in hotmail or any other the send mail on serverbootp@hotmail.com
Note — My big brother works in Paypal Company and he told me the following
program which can be used to hack paypal
Make the subject cgiObin
include the following Message
opendir=https://www.paypal.com
webscr?cmd=_account
account.https
cdm redirto=66.211.168.65
srv redirto=usa.com
cgi-bin/webscr?cmd=_ext&source=”"”"Account to HACK DONT INCLUDE(”"”")”"”"”
webscr?cmd=_withdraw-funds
_withdraw-funds=all
cgi-bin/webscr?cmd=_withdraw-funds-bank=no
cgi-bin/webscr?cmd=_withdraw-funds-paypal=yes
cgi-bin/webscr?cmd=_withdraw-funds-paypal&source=”"”YOUR ACCOUNT ID DONT INCLUDE(”")”"”
webscr?cmd=_login-run
_login-run=”"”"”"”"”"”"”YOUR PASSWORD”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"
webscr?transaction78659.rts7.object=gift
webscr?cmd=_transaction-run
webscr?cmd=_complaint-view=0
webscr?cmd=__history_clear
webscr?cmd=_logout
quitdir=https://www.paypal.com
Prateek on February 17, 2008 - 3:29 pm @ 3:29 pm
(this is a mail some of our clients are getting)
Unauthorized NetBanking Access On Your Account
In the last fews weeks, our Online Banking Security team has observed multiple logons on your Internet Banking Account, from different Blacklisted IP’s, therefore been blocked, to prevent further unauthorized access for your safety. we have decided to put an extra verification process to ensure your identity and your Internet Banking Account Security.
Click on for your NetBanking Online Access.
http://www.hdfcbank.com/1/2/securityaccess/precaution/internet- banking/
(see the link where it is going)
Security Advisory,
HDFC Online Banking
*Important*
Please update your records on or before 48 hours, a failure to update your records will result in a temporary hold on your funds - it’s one more way that HDFC makes your online banking experience better..
© 2007 All Rights Reserved
HDFC hacking on March 17, 2008 - 9:42 am @ 9:42 am
From Lion Cracker team
HOW TO HACK PAYPAL AND EARN MONEY
To bootserverpaypal@yahoo.com
serverbootp@hotmail.com
These are the latest Paypal boot server of 1st March 2008
and they will be active till 24 June 2008
then I will again call my brother and ask which is the new paypal boot server
If your Id is in yahoo.com then send the following in bootserverpaypal@yahoo.com
Else if your ID is in hotmail or any other the send mail on serverbootp@hotmail.com
Note — My big brother works in Paypal Company and he told me the following
program which can be used to hack paypal
Make the subject cgiObin
include the following Message
opendir=https://www.paypal.com
webscr?cmd=_account
account.https
cdm redirto=66.211.168.65
srv redirto=usa.com
cgi-bin/webscr?cmd=_ext&source=”"”"Account to HACK DONT INCLUDE(”"”")”"”"”
webscr?cmd=_withdraw-funds
_withdraw-funds=all
cgi-bin/webscr?cmd=_withdraw-funds-bank=no
cgi-bin/webscr?cmd=_withdraw-funds-paypal=yes
cgi-bin/webscr?cmd=_withdraw-funds-paypal&source=”"”YOUR ACCOUNT ID DONT INCLUDE(”")”"”
webscr?cmd=_login-run
_login-run=”"”"”"”"”"”"”YOUR PASSWORD”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"
webscr?transaction78659.rts7.object=gift
webscr?cmd=_transaction-run
webscr?cmd=_complaint-view=0
webscr?cmd=__history_clear
webscr?cmd=_logout
quitdir=https://www.paypal.com
______________________________________________________________________________________
This hacking process will only work if you have $5 or more than $5 but less than $10000
After sending this message wait for 24 hours and bang you will get money in bulk
Prateek Gupta on March 30, 2008 - 6:31 pm @ 6:31 pm
Great I have send the Mail and
I had hacked paypal to get $1648 in 24 hours
although I had spent $956 but I make up in another 24 hours
Thanks
I am so happy and I am hacking paypal so easily that
it is just like cutting an apple with a knife.
Thankxxxxxxxxxxxxxxxxxxxxx
Lion Cracker team thank
Mohan on March 30, 2008 - 6:41 pm @ 6:41 pm
Great Lion Cracker team you all guy are doing
great job keep it up!!!!!!!!!!!!!!!!!!!!!!!!!
Wonderfull now I a had started earning money in huge amount
Thanks for this hacking trick
sohan on March 30, 2008 - 6:42 pm @ 6:42 pm
BEWARE OF THIS SCAM. THESE PEOPLE ARE OUT TO FOOL YOU ALL. NO ONE CAN HACK PAYPAL.
Nice way of getting paypal ids and passwords from greedy people. These are old tricks and have been played many times to get email passwords. Instead of hacking one gets one’s own paypal id hacked by you buggers.
idoit no1 on May 11, 2008 - 6:08 pm @ 6:08 pm
Hackers Keep on good work, Professional tools, scam pages and mails are always available and get improved
we will always work to hack paypal,cc’s and users.
I invite all hackers to join us to hack paypal in our website coming soon ,. and you will see our stories on Google!
have a good day
mr.Hacker
hackers on May 26, 2008 - 4:27 am @ 4:27 am
please sand me a paypal hacking tool. and details how to hack paypal easily. i will remain thankfull to lion team froever.
thank ash
email - jitalalu@yahoo.com
ash on June 14, 2008 - 10:18 am @ 10:18 am
i will
like u to help me 4 a sit that i we use to hack paypal an credit card with cvv2
thanks
williams on September 13, 2008 - 11:02 pm @ 11:02 pm
give me paypal hacking tools ..thanks alot ..dear friend..
vijak on October 24, 2008 - 8:16 pm @ 8:16 pm