The Armour Archive

Hi all,

So many of us use Paypal to send money to each other, I thought I'd share my story. Please read on....

Last night, I logged onto paypal.com to send money. When I logged on, the server didn't accept my password and had me re-enter it. I did so and proceeded to send a payment, for which I received an "official" paypal email reciept. This morning, I logged on and received two more emails from paypal.... here they are:
*********************************************
Delivered-To: lovins@0
Date: Sat, 30 Mar 2002 08:24:43 -0800
From: service@paypal.com
To: lovins@falcon1.net
Subject: New email address added to your PayPal account

Dear Rebecca Lovins,

You have added sales5@pornteens4u.com as a new email address for your
PayPal account.

If you did not authorize this change or if you need help, please
contact customer service at:

https://www.paypal.com/ewf/f=ap_email

Thank you for using PayPal!

AND

Delivered-To: lovins@0
Date: Sat, 30 Mar 2002 08:33:04 -0800
From: service@paypal.com
To: lovins@falcon1.net
Reply-To: service@paypal.com
Subject: PayPal Primary Email Address Change

The primary email for Rebecca Lovins's PayPal account was
changed on March 30, 2002.

If you did not authorize this change, please contact us
using the link below:

https://www.paypal.com/wf/f=ap_email

Thanks for using PayPal!

*****************************************************

Now, I immediately went to the provided links to tell them I did not authorize this change, however, the links are only available if you log in. You guessed it, I can't log in because "sales5@pornteens4u.com" has changed my password.

The person I was sending money to never received it.

I am in the process of putting a hold on my bank account and have already cancelled the credit cards listed with paypal. When I hear back from paypal (had to use the regular contact us email address) and figure out how this happened, I'll let you know, until then, beware when using paypal.

Oh and if you know any hackers who would like to destroy "pornteens4u.com" they have my blessing.

Becky Lovins
Minford, Ohio

Sorry about your misfortune, but thanks for the warning. Please let us know how this works out!

Good Luck,
Tim

------------------
<A HREF="http://finkas.home.netcom.com/Forgerie/Index.html" TARGET=_blank>
The Historical Forgerie</A>
Maker of fine phonies & fabulous fakes since 1982

Something for your consideration:

You may know someone who is affiliated in some way with pornteens4you.com, only you probably don't realize it, yet. Here's the thing:

1. Pay Pal is a very high-profile site. If it had been hacked on a wide scale, it would have been public knowledge. There haven't been reports that would indicate such in the last several weeks (months, years, etc.)

2. 128 bit encryption is REALLY hard to break. It took the combined computing power of something like 5000 computing hours to break a 64 bit code recently. And it was a lucky guess -- the time could have been much much longer. 128 bit is tough to crack. And that's what Pay Pal uses.

3. The likelyhood of a random hacker finding a single user with money in their account then redirecting that one account to a porn site is very low, not to mention pretty stupid for the hacker to leave a cookie-crumb trail to the porn site.

4. Most hackers aren't that stupid. They'd take the money, and leave. Probably wouldn't even know they had been there. And it would have probably been on a larger scale, not just to single you out..

So a few possibilities open up here. Yes, some random hacker could have, in fact, singled you out alone and stolen your identity. Not terribly likely or bright on the part of the hacker.

I think it's probably someone who had access to your computer, who could have found out the password for Pay Pal (there are ways of making your browser talk), and are probably playing a real serious prank on you by sending you to the porn site.

There's another possibility that's quite improbable, but still bears mentioning -- someone could have sent you a trojan (virus -- errant piggyback program) that could be capturing keystrokes and sending them back to some central person somewhere. It's a pretty safe bet to assume you're on a Windows computer and with all of these email virus being shot around, you ca't be too careful these days. In any case, it woldn't hurt to install a virus scanning software on your computer and have it perform routine maintenance at regular intervals.

Regarding the hacking of their site: There's nothing I would love to do than hack a porn site (in principle alone, if nothing else), but that would be just as illegal as what they did to you, and, as tasteless as a porn site may be in any case, the porn people may not be at fault.

If you want to question the porn people directly, these folks host the pornteens domain:
http://www.netnation.com/

And it was made all legal and hunkey dorey through these people:
http://www.domainpeople.com

I'm sorry for your misfortune, but I hope this gives you something to go on.

Armor Bob's brother-in-law -- Wallyfoo

actually it sounds to me like the first logon page was false. remember, he entered his info, and it said invalid password. then he re-entered it and it worked. sounds like either he was at a misdirected link, or perhaps a trojan, which caught the name and the password, then forwarded him to the logon.

As to the Pornteens4u bit, I'll say that stealing your account and putting a real e-mail addy is just dumb...

-+G

Well, I've found out a little more about it. I was going through my history and found 3 pages last night called "paypalcom.com" that were (after I typed in the password) re-routed to the real paypal. I did contact netnation and they found someone had created and re-directed the login pages for paypal to look like the real thing.

The payment I sent never made it to the person who it was sent to, which makes me believe that hackers were stealing payments, but then this morning is when the email address and password were changed on my account.

Still no word from paypal, but netnation indicated that there were several cases reported last night under this "paypalcom.com" domain before it was shut down. They are handling it through their abuse department.

I've placed a freeze on my checking account until I can close it and replaced all my credit cards just to be safe. My financial institutions can't find anything that was actually charged so it looks like I got off lucky.

And nope, I use a Mac. We are looking into a firewall, though.



------------------
Becky Lovins

If you haven't already done so, notify the local police or prosecutor too. Someone is trying to steal from you. That's a crime. Most if not all state police departments have computer crime departments.

Sounds like a Trojan virus to me. Run a scan to be safe.

Oh.. and the Minford you're in....is that southern Ohio? Down near Lucasville(kinda sorta)?

Dagisd

Lucasville? Hmm, my road is just off Lucasville-Minford Rd... it's about 4 minutes from here

How did you know so much about my little area? Are you from here originally?

re paypal: netnation told me the account had been closed last night. Paypal has yet to contact me, but I guess they are working on it.

bex

Umm..Dagisd...

Perhaps you weren't reading carefully. This is not anything as complicated as a Trojan virus, it was mere "slight of hand". This sort of flim-flammery goes back to ancient times.

If you go back and reread, the problem was that the victim logged in to a fake PayPal site and entered her account info. The owner of the fake site then used that info to steal from her.

Solution? Be VERY wary about logging in to PayPal! Check your browser and make sure the URL is correct. Best yet, never use anyone elses button to make a PayPal transaction---log in directly using PayPal's URL.

Tim

------------------
<A HREF="http://finkas.home.netcom.com/Forgerie/Index.html" TARGET=_blank>
The Historical Forgerie</A>
Maker of fine phonies & fabulous fakes since 1982

[This message has been edited by Tim Finkas (edited 03-31-2002).]

one other tip: look at the URL, you should see htts://www.paypal.com

the S is important, as it designates a secure connection...

-+G

The ol' false login page, eh? Forgot about that possibility. Still, it's troubing why you'd have your info redirected. Clever little punks, in any case, eh?

<Insert tongue firmly into cheek>
Another Mac user? Wonderful! Why, that fact alone makes you smarter than the average computer user right there. It's just easier to assume that someone is on Windows.

(let the holy wars begin...)

So you're looking into a firewall? Are you by chance using Mac OS X? 'Cause if you are (I'm probably repeating information that you already know, but what the heck) there's an enterprise class firewall built in to the OS already, and there are a number of top-notch free and shareware front ends to configure it, so you don't have to go to the command line. Norton also makes a fine firewall if you're not on X.

Anyway, I'm glad you're able to take steps to fix the situation before it got out of hand.

wallyfoo

Eh... it was explained to me that that is what a trojan virus does, or is at least able to do. Sorry....I's jus' a dump redneck from Portsmouth, OH. T'aint as learned as yous city folk.

well a trojan could, for instance on a windows system, edit the HOSTS file to point www.paypal.com to 123.68.6.1 (which was the ip address for the bogus site) you type in the paypal address, and it sends you to the bogus site, where you enter the info, then it posts a bogus "wrong pass word" page, and re-directs you to the numeric ip of paypal.com, where you enter your info again. fun eh?

-+G

Well folks, I've learned a lot in the past couple of days, from this thread especially.

#1 Another armourer knows where Portsmouth is!!! I was beginning to feel so isolated. Dagisd are you still around here?

#2 I now know what the "s" is at the end of http. I did look for that Friday when I logged on and saw it. The only way I knew about the "paypalcom.com" thing was because I went through my URL history later and found them there. I always check my url line, but didn't see anything out of the ordinary that night.

#3 Never log on to spend money while sleepy and on a weekend night. These guys obviously chose Friday before Easter because a lot of customer service places would be closed this weekend, giving them more time to play with my account.

#4 Wallyfoo is a Mac user! Again, I am always glad to hear that I'm not the only one. I *hate* calling tech support and when asked what version of windows I use getting the standard, "Oh....please hold while I transfer you..." (followed by 15 minutes of muzak)

Actually, I'm still using OS 8.6. We're looking into another system for the house soon but this machine (an older G3) works fine for us like this. Besides, all my spending money is going to armour supplies right now.

All of my financial accounts were closed before anything was spent, including my checking. Tomorrow I'll be getting a new email address and changing the billion passwords I have on-line. Probably being paranoid, but I'm nit sure what all these yahoos were able to find out about me. I don't remember any critically personal info on paypal (ss# or anything) but since I can't log on, I don't know for sure.

of well, live and learn (and make armour)

bex

Hi bexter

I recently bought a dlink 704 router with a hardware firewall.

Go here to read the reviews:
http://www.penstarsys.com/Reviews/network/dlink/di704/

now if I only could get my girlfriend off direct connect.....

I would highly reccommend one.

mrks

Woohoo!
More Mac users!

Wallyfoo,
Yep OSX rocks.. in fact, my web server is set up on a iBook running Darwin (disabled the GUI, after all it's just a web box )

I've got 3 mac's here at work, a Graphite G4, my iBook, and a Quicksilver G4..
Everyone of the running X, cept the graphite which I leave booted in 9.2 for some of my non-carbon friendly apps..

Crystoll Mackintosh
(Yes, a heraldic pun )

Know where it is? I was born there, sweets! Oh, and out of respect for those here worthy of that title, please don't call me an armourer.

HAPPY APRIL FOOLS DAY!!!