INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: 1 [2] 3   Go Down

Author Topic: Fake PayPal Spam Problem  (Read 44816 times)

crowfan

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 302
  • For every sprinkle I find, I shall kill you.
Re:Do JRiver Sell E-Mail Addresses?
« Reply #50 on: January 09, 2004, 09:00:55 am »

Sorry, I deleted the email (can't paste the header).

Oh, BTW, my email is also set to "hide from public" here on interact.

I did sign into the message board for a minute the other day. But I used the generic login that is filled in by default, something like "Visitor247" or whatever. I did not have to provide an email address. I just clicked the link that was provided in a post here on Interact, then clicked the Sign In button at the chat forum.

Hope it helps,

crow
Logged
"It's going to be a trilogy."   Robert Jordan, circa 1989

c1c9k72

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 332
  • So many worlds, so much to do, so little done...
Re:Do JRiver Sell E-Mail Addresses?
« Reply #51 on: January 09, 2004, 09:03:04 am »

Late to the party, but I received two of them.  One at my original address here (xxx@comcast.net) and one at the address I'm currently using (xxx@yahoo.com).
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Do JRiver Sell E-Mail Addresses?
« Reply #52 on: January 09, 2004, 09:04:27 am »

I'm wondering if the e-mail address could be collected by a virus on your PC that sweeps through the web browser cache.

If someone sends you a private message on Interact, can you see their e-mail address?  That page would be stored in the local cache on a PC.


Logged

RhinoBanga

  • Citizen of the Universe
  • *****
  • Posts: 1703
  • Developer
Re:Do JRiver Sell E-Mail Addresses?
« Reply #53 on: January 09, 2004, 09:05:58 am »

If you got the spam, could you please post the header info (minus personal details) here please? I need to know if they all came from the same mailer.

I'll post it when I get home in an hour.


Quote
Rhino - did you use a real e-mail address when registering

With what?   MC, my IRC nick?


Quote
but it is possible the chat room was hacked.

Even if it was how could they have got my real addy when I configured my IRC client (called Klient and not that rubbish mIRC) with a bogus email addy?
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Do JRiver Sell E-Mail Addresses?
« Reply #54 on: January 09, 2004, 09:07:09 am »


The address is xxxx @ yahoo (not .com but .es)

When anyone reports their domain, please report the domain name as, for example, yahoo.com or yahoo.es.  There is no need to use any spaces or otherwise obscure the domain.  
Logged

LisaRCT

  • Guest
Re:Do JRiver Sell E-Mail Addresses?
« Reply #55 on: January 09, 2004, 09:08:48 am »

If you got the spam, could you please post the header info (minus personal details) here please? I need to know if they all came from the same mailer.

j

X-Apparently-To: xxxxxx@yahoo.com via 216.136.130.XX; Thu, 08 Jan 2004 21:36:43 -0800
X-YahooFilteredBulk: 193.28.100.XXX
Date: Fri, 9 Jan 2004 06:36:42 +0100 (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>
X-Mailer: PayPal Mailer
Reply-To: "PayPal" <verification@paypal.com>
To: xxxxxx@yahoo.com
Subject: Verify your identity

(obviously I blocked out the info behind the "X's"
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Do JRiver Sell E-Mail Addresses?
« Reply #56 on: January 09, 2004, 09:09:02 am »

Even if it was how could they have got my real addy when I configured my IRC client (called Klient and not that rubbish mIRC) with a bogus email addy?

Because any application on your PC could potentially look through your trash (cache).
Logged

Stilton

  • Regular Member
  • Junior Woodchuck
  • **
  • Posts: 56
Re:Do JRiver Sell E-Mail Addresses?
« Reply #57 on: January 09, 2004, 09:14:59 am »

Quote
We don't sell or otherwise provide your e-mail address to anyone.  

Many of these schemes are based on worms that can read an e-mail address book and then use the addresses to send more and also use the addresses as the sender name.  So if the address was in an e-mail address book anywhere, it's possible for the worm to find it.

A second possibility is that someone's e-mail server is being used to capture addresses.

Another possibility is that the addresses are publicly visible here on Interact.  Can you see each other's addresses?  If so, a robot can collect them.

Still another is that addresses are being randomly generated.  fromjriver would be a logical one.

There are other possibilities, but WE DO NOT PROVIDE YOUR ADDRESS TO ANYONE ELSE.

I don't think it's any of these possibilities.  My email addies won't be in anyone's email address book, because they are not visible. They aren't visible on the forum (I've got hthe 'hidden' check.

I don't think mine could be guessed. The format of the email is anything@username.vispa.co.uk (not a well-known ISP). the 'anything' bit in question is 'mc' and 'jriver'.

As I have mentioned earlier I'm sure that both of my jriver email addies have been spammed - my forum one and my registration email address for the software. But as no one else is reporting this, perhaps mine is an anomily.

Again I'm not suggesting you are selling email addresses from paying customers - but could it not be possible uknown to you your database has been compromised?

I'd be suprised if it was a general spambot - so many specific jriver people have been targetted and have been sent the same email in such a short space of time. Sounds like someone is specifically targetting the forum and/or your registration database.

Also I highly doubt that it's a virus unless the virus - again, because it's happened to so many people on the forum (unless, of course, it came with the software...). And I'm, as I'm sure many others are, highly vigilent when it comes to virus scanning & protection.
Logged

RhinoBanga

  • Citizen of the Universe
  • *****
  • Posts: 1703
  • Developer
Re:Do JRiver Sell E-Mail Addresses?
« Reply #58 on: January 09, 2004, 09:18:32 am »

Even if it was how could they have got my real addy when I configured my IRC client (called Klient and not that rubbish mIRC) with a bogus email addy?

Because any application on your PC could potentially look through your trash (cache).

What you are suggesting is that the IRC server we connected to knew a) what client we were using and b) knew of exploits for that client (and we are not talking about mIRC here but others too including Java based ones) is unlikely I think.

Mind you the fact that others who never used the chat room are reporting the spam sort of kills that idea.
Logged

zevele10

  • Guest
Re:Do JRiver Sell E-Mail Addresses?
« Reply #59 on: January 09, 2004, 09:18:54 am »

using the chat room and no spam

Beside it ,i do not see how to be in the chat room can tell to one what my email his
Logged

sraymond

  • Guest
Re:Do JRiver Sell E-Mail Addresses?
« Reply #60 on: January 09, 2004, 09:20:12 am »

But the question was "did you use the chat room?"

Sounds like you did.

I use the chat room, but I haven't gotten phished.

Which is strange, 'cause I get a ton of spam anyway :-)  Maybe my ISP (SBCGlobal) was kind enough to block it for me?

Scott-
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Do JRiver Sell E-Mail Addresses?
« Reply #61 on: January 09, 2004, 09:23:15 am »

I don't think mine could be guessed. The format of the email is anything@username.vispa.co.uk (not a well-known ISP). the 'anything' bit in question is 'mc' and 'jriver'.
Anything is possible.  We're still gathering facts.

It is definitely possible to guess the address you've given.  Lists are now being compiled by brute force methods.  Here is an example:

For every domain known

E-mail is sent to
aaaaaaaa@domain.com
aaaaaaab@domain.com
aaaaaaac@domain.com

and so on.

Bounces are recorded.  Lists of addresses sent and bounces received are compared to extract the list of addresses that do not bounce.
Logged

NoCodeUK

  • Citizen of the Universe
  • *****
  • Posts: 1820
Re:Do JRiver Sell E-Mail Addresses?
« Reply #62 on: January 09, 2004, 09:32:50 am »

I use the chat room too... I have not received the email...  Incidentally however it is the email address I used to register with MC in the first place...

Adam
Logged
"It's called No Code because it's full of code. It's misinformation." - Eddie Vedder

crowfan

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 302
  • For every sprinkle I find, I shall kill you.
Re:Do JRiver Sell E-Mail Addresses?
« Reply #63 on: January 09, 2004, 09:51:36 am »

Jim and JRiver,

I use MyIE2 for all surfing, including Interact. Every time I close it, it clears the cache and history.  I've also never used the PMs here.

Hope this helps,

crow
Logged
"It's going to be a trilogy."   Robert Jordan, circa 1989

Doof

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 5908
  • Farm Animal Stupid
Re:Do JRiver Sell E-Mail Addresses?
« Reply #64 on: January 09, 2004, 09:55:28 am »

I've used the same email address to register for this forum (hidden) and purchase MC 10.0.

I used the chat room for about a minute, although I never provided an email address.

No spam here.
Logged

RhinoBanga

  • Citizen of the Universe
  • *****
  • Posts: 1703
  • Developer
Re:Do JRiver Sell E-Mail Addresses?
« Reply #65 on: January 09, 2004, 10:07:28 am »

Here's the headers.

I have replaced my email address with !!!!!!


Microsoft Mail Internet Headers Version 2.0
Received: from exchange-pop3-connector.com ([127.0.0.1]) by fileserver.jdnet.co.uk.local with Microsoft SMTPSVC(6.0.3790.0);
    Thu, 8 Jan 2004 16:25:25 +0000
Return-path: <verification@paypal.com>
Envelope-to: !!!!!!!!!!!!!!
Delivery-date: Thu, 08 Jan 2004 16:24:30 +0000
Received: from [193.28.100.167] (helo=mail.epost.de)
   by delta.eukhost.com with esmtp (Exim 4.24)
   id 1AecxN-0006d1-3i
   for !!!!!!!!!!!!!!; Thu, 08 Jan 2004 16:24:25 +0000
Received: from [62.111.240.130] (62.111.240.130) by mail.epost.de (6.7.015) (authenticated as barney@epost.de)
        id 3FFD68CE00003DDD for !!!!!!!!!!!!!!; Thu, 8 Jan 2004 17:24:28 +0100
Date: Thu, 8 Jan 2004 17:24:28 +0100 (added by postmaster@mail.epost.de)
Message-ID: <3FFD68CE00003DDD@PPD27104.x.de> (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>
X-Mailer: PayPal Mailer
Reply-To: "PayPal" <verification@paypal.com>
To: !!!!!!!!!!!!!!
Subject: Verify your identity
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean
X-OriginalArrivalTime: 08 Jan 2004 16:25:25.0765 (UTC) FILETIME=[058A0350:01C3D604]
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Do JRiver Sell E-Mail Addresses?
« Reply #66 on: January 09, 2004, 10:12:56 am »

My own e-mail address is entered multiple times on Interact and I have not received this spam in the last three days.  I have seen similar messages before.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Do JRiver Sell E-Mail Addresses?
« Reply #67 on: January 09, 2004, 10:36:30 am »

We've now spent an hour or so checking for known security problems in the (well known) software we use for the forum.  We can't find any so far.  We will keep looking.
Logged

gpvillamil

  • Citizen of the Universe
  • *****
  • Posts: 829
  • Listen to the music...
Re:Do JRiver Sell E-Mail Addresses?
« Reply #68 on: January 09, 2004, 10:37:27 am »

The message I got had original sender nathaly@epost.de

I can pretty much guarantee that my system is secure, for reasons that I won't get into in a compromised forum ;-)

I own a domain, and if someone had been trying permutations of e-mail addresses based on it I would have seen all the variants. Any e-mail to my domain that doesn't match a valid address is not bounced - it is captured in a default account.

Lilkeliest hypothesis is that the forum, and possibly the registration database, have been compromised. Good security policy is to assume this is the case, and take remedial measures.

As I said before, better post/e-mail users of the board and warn them about the possibility, especially about the fake PayPal e-mail - there are a lot of newbies on this board who may be taken! THIS SHOULD BE DONE AT ONCE EVEN IF THERE IS ONLY THE POSSIBILITY THAT THE FORUM HAS BEEN COMPROMISED.

The other thing to do is to warn Paypal at spoof@paypal.com - tracking down whoever got these addresses is a clue to the identity of whoever is sending out the phishing e-mails.
Logged

retrospek

  • Regular Member
  • Junior Woodchuck
  • **
  • Posts: 93
  • Hello !
Re:Fake PayPal Spam Problem
« Reply #69 on: January 09, 2004, 10:46:27 am »

Unfortunately I deleted the email when I received it earlier.

However, I did have a look at the header before I deleted it - and I can confirm that mine also had 'epost.de' in the header.

Cheers,
Mark
Logged

LonWar

  • Citizen of the Universe
  • *****
  • Posts: 2874
Re:Fake PayPal Spam Problem
« Reply #70 on: January 09, 2004, 10:48:46 am »

What do you mean by HEADERS??

Both email addresses have been given to JRiver and I received an email on both.

@sympatico.ca
@hotmail.com
Logged
-

RhinoBanga

  • Citizen of the Universe
  • *****
  • Posts: 1703
  • Developer
Re:Fake PayPal Spam Problem
« Reply #71 on: January 09, 2004, 11:09:01 am »

The epost.de is common to all the headers so far.

So it sounds like they had an open SMTP server.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Fake PayPal Spam Problem
« Reply #72 on: January 09, 2004, 11:11:30 am »

Or that they are a spam service provider.
Logged

gpvillamil

  • Citizen of the Universe
  • *****
  • Posts: 829
  • Listen to the music...
Re:Fake PayPal Spam Problem
« Reply #73 on: January 09, 2004, 11:18:01 am »

Or that they are a spam service provider.

The German postal service?
Logged

Griff

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 710
Re:Fake PayPal Spam Problem
« Reply #74 on: January 09, 2004, 11:18:52 am »

Didnt use chat rm/dont belong to paypal/use window washer.

Received one yesterday to my main garb. acct. Hotmail.
Deleted it.

Have another acct. bellsouth only two people have this addr. and not JRiver.

Got one today in it.

Return-Path: <verification@paypal.com>
Received: from mail.epost.de ([193.28.100.164])
          by imf00aec.mail.bellsouth.net
          (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP
          id <20040109053017.QAOT1877.imf00aec.mail.bellsouth.net@mail.epost.de>
          for <xxxxxxxx@bellsouth.net>; Fri, 9 Jan 2004 00:30:17 -0500
Received: from [62.111.240.130] (62.111.240.130) by mail.epost.de (6.7.015) (authenticated as nathaly@epost.de)
        id 3FFDEAA50000FD05 for xxxxxxxx@bellsouth.net; Fri, 9 Jan 2004 06:30:17 +0100
Date: Fri, 9 Jan 2004 06:30:17 +0100 (added by postmaster@mail.epost.de)
Message-ID: <3FFDEAA50000FD05@PPD27101.x.de> (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>
X-Mailer: PayPal Mailer
Reply-To: "PayPal" <verification@paypal.com>
To: xxxxxxxx@bellsouth.net
Subject: Verify your identity
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit<html>

Jim if I didnt xx out enough, please do so for me
Dont know much about this stuff

Griff
Logged

Ingo

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 304
Re:Fake PayPal Spam Problem
« Reply #75 on: January 09, 2004, 11:19:04 am »

epost.de is connected to Germany's formerly state run mail service....
I don't think they want to serve spammers, but they are probably as clueless in their ebusiness as the are in the rest of their stuff.

Ingo
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Fake PayPal Spam Problem
« Reply #76 on: January 09, 2004, 11:21:38 am »

Have another acct. bellsouth only two people have this addr. and not JRiver.  Got one today in it.
Thanks.  That's what I've been looking for.  That's an important clue.
Logged

RhinoBanga

  • Citizen of the Universe
  • *****
  • Posts: 1703
  • Developer
Re:Fake PayPal Spam Problem
« Reply #77 on: January 09, 2004, 11:21:39 am »

Quote
Or that they are a spam service provider.

The domain epost.de domain looks like a German postal service and and they are not on the popular spam blacklist lists my mailserver uses:

list.dsbl.org
blackholes.mail-abuse.org
relays.ordb.org
bl.spamcop.net
spl.spamhaus.org


EDIT:  Sorry ... I just noticed ingo's post.
Logged

Stilton

  • Regular Member
  • Junior Woodchuck
  • **
  • Posts: 56
Re:Do JRiver Sell E-Mail Addresses?
« Reply #78 on: January 09, 2004, 11:26:26 am »

I don't think mine could be guessed. The format of the email is anything@username.vispa.co.uk (not a well-known ISP). the 'anything' bit in question is 'mc' and 'jriver'.
Anything is possible.  We're still gathering facts.

It is definitely possible to guess the address you've given.  Lists are now being compiled by brute force methods.  Here is an example:

For every domain known

E-mail is sent to
aaaaaaaa@domain.com
aaaaaaab@domain.com
aaaaaaac@domain.com

and so on.

Bounces are recorded.  Lists of addresses sent and bounces received are compared to extract the list of addresses that do not bounce.


If this was the case, I would have received emails to aaaaaaaa@username.vispa.co.uk, aaaaaaab@username.vispa.co.uk etc. I've only recieved them to mc@ and jriver@.
Logged

Tangoman

  • Regular Member
  • World Citizen
  • ***
  • Posts: 117
  • You are nothing that you are conscious of.
Re:Fake PayPal Spam Problem
« Reply #79 on: January 09, 2004, 11:58:45 am »

Fri, 9 Jan 2004 05:58:12 +0100 (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>
To: xxx@yahoo.com
Subject: Verify your identity

I got this to. I take it that credit card numbers have not been compromised. just email addresses.
I just registered for MC10 a few days ago.

Cheers Tangodude
Logged
I started out with nothing and I still have most of it left. - Anon

Jaguu

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 1336
Re:Fake PayPal Spam Problem
« Reply #80 on: January 09, 2004, 12:06:37 pm »

I have received all 4 penpal mails at the email address of my J River Jaguu account. My business mail address I used to buy Media Center was not touched, so it looks as the J River registration/buy database is not the culprit.

Do not use chat, send messages to individual users on Interact from time to time, my email in Interact profile was not hidden so far, is hidden now!

Return-Path: <verification@paypal.com>
Original-Recipient: rfc822;xxxxxx@xxxxxx.ch
Received: from mail.epost.de (193.28.100.166) by mx1.xxxxx.ch (6.7.019)
        id 3FFAAC8700086E0F for xxxxxx@xxxxxi.ch; Fri, 9 Jan 2004 02:25:46 +0100
Received: from [62.111.240.130] (62.111.240.130) by mail.epost.de (6.7.015) (authenticated as barney@epost.de)
        id 3FF19CFB0012A262 for xxxxxx@xxxxxx.ch; Fri, 9 Jan 2004 02:25:46 +0100
Date: Fri, 9 Jan 2004 02:25:46 +0100 (added by postmaster@mail.epost.de)
Message-ID: <3FF19CFB0012A262@PPD27103.x.de> (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>
X-Mailer: PayPal Mailer
Reply-To: "PayPal" <verification@paypal.com>
To: xxxxxx@xxxxxx.ch
Subject: Verify your identity
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit<html>


Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Fake PayPal Spam Problem
« Reply #81 on: January 09, 2004, 12:09:06 pm »

We now believe that the database was accessed from the outside.  It exists on a machine that is outside our firewall  (it has to be).  The only thing on it that would affect you is the e-mail address database.

We'll report more when we know it.
Logged

jeffh

  • Regular Member
  • Junior Woodchuck
  • **
  • Posts: 94
  • nothing more to say...
Re:Fake PayPal Spam Problem
« Reply #82 on: January 09, 2004, 12:14:31 pm »

Count me in as well...  Here are the headers...

X-Apparently-To: XXX@yahoo.com via 66.218.79.42; Thu, 08 Jan 2004 18:02:54 -0800
X-YahooFilteredBulk: 193.28.100.187
Return-Path: <verification@paypal.com>
Received: from 193.28.100.187 (EHLO mail.epost.de) (193.28.100.187) by mta233.mail.scd.yahoo.com with SMTP; Thu, 08 Jan 2004 18:02:54 -0800
Received: from [62.111.240.130] (62.111.240.130) by mail.epost.de (6.7.015) (authenticated as barney@epost.de) id 3FEB549800205B1A for XXX@yahoo.com; Fri, 9 Jan 2004 03:02:54 +0100
Date: Fri, 9 Jan 2004 03:02:54 +0100 (added by postmaster@mail.epost.de)
Message-ID: <3FEB549800205B1A@ppd27106.x.de> (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>  Add to Address Book
X-Mailer: PayPal Mailer
Reply-to: "PayPal" <verification@paypal.com>
To: XXX@yahoo.com
Subject: Verify your identity
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit<html>
 <head>
Content-Length: 1899
Logged

LonWar

  • Citizen of the Universe
  • *****
  • Posts: 2874
Re:Fake PayPal Spam Problem
« Reply #83 on: January 09, 2004, 12:15:59 pm »

How do I get the headers??
Logged
-

Cmagic

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 1196
  • Enjoying life with a little music....
Re:Fake PayPal Spam Problem
« Reply #84 on: January 09, 2004, 05:05:30 pm »

Hi folks,

imjustagamer, in outlook right click on message and select Options you will get the header.

I received one yesterday with following header :

Return-Path: <verification@paypal.com>
Received: (qmail 8230 invoked from network); 8 Jan 2004 05:45:57 -0000
Received: from mail.epost.de (193.28.100.187)
  by mrelay5-2.free.fr with SMTP; 8 Jan 2004 05:45:57 -0000
Received: from [62.111.240.130] (62.111.240.130) by mail.epost.de (6.7.015) (authenticated as barney@epost.de)
        id 3FEB5498001DD309  Thu, 8 Jan 2004 06:45:56 +0100
Date: Thu, 8 Jan 2004 06:45:56 +0100 (added by postmaster@mail.epost.de)
Message-ID: <3FEB5498001DD309@ppd27106.x.de> (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>
X-Mailer: PayPal Mailer
Reply-To: "PayPal" <verification@paypal.com>
To:
Subject: Verify your identity
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit<html>
<head>

thanks,

C.
Logged
Until the color of a man's skin is of no more significance
than the color of his eyes.
Bob Marley (War)

LonWar

  • Citizen of the Universe
  • *****
  • Posts: 2874
Re:Fake PayPal Spam Problem
« Reply #85 on: January 09, 2004, 05:12:12 pm »

I spoke to 10 people at work that use paypal and knowone else received the emails.
Seems to only be people from here??

I don't want to sound paranoid and I will only ask this once... Jim are the Credit Card #'s at risk or was it just the email addresses...
If there is a possiblity that someone may have been able to get the #'s I would like to know.
Jim, if you say that they are secure, I will not raise this issue again.

Thanks and have a good weekend.
Logged
-

KingSparta

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 20063
Re:Fake PayPal Spam Problem
« Reply #86 on: January 09, 2004, 05:29:53 pm »

this is the one I got yesterday


Return-path: <Do_Not_Reply@paypal.com>
Received: from ms-mta-01-eri0 (ms-mta-01-qfe1 [10.10.5.70])
 by ms-mss-03.southeast.rr.com
 (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
 with ESMTP id <0HR6002RFK8DD3@ms-mss-03.southeast.rr.com> for
 xxxxxx%nc.rr.com@ims-ms-daemon; Thu, 08 Jan 2004 11:53:01 -0500 (EST)
Received: from vamx02.mgw.rr.com (vamx02.mgw.rr.com [24.30.200.18])
 by ms-mta-01.southeast.rr.com
 (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
 with ESMTP id <0HR60018PK8DX0@ms-mta-01.southeast.rr.com> for
 xxxxxx@nc.rr.com (ORCPT xxxxxx@nc.rr.com); Thu,
 08 Jan 2004 11:53:01 -0500 (EST)
Received: from localhost (conm200-58-214-227.epm.net.co [200.58.214.227])
   by vamx02.mgw.rr.com (8.12.10/8.12.8) with SMTP id i08GqcgG016208   for
 <xxxxxx@nc.rr.com>; Thu, 08 Jan 2004 11:52:48 -0500 (EST)
Date: Thu, 08 Jan 2004 11:52:38 -0500 (EST)
From: "PayPal.com" <Do_Not_Reply@paypal.com>
Subject: IMPORTANT                                           kohkeeke
To: xxxxxx <xxxxxx@nc.rr.com>
Reply-to: Do_Not_Reply@paypal.com
Message-id: <200401081652.i08GqcgG016208@vamx02.mgw.rr.com>
MIME-version: 1.0
Content-type: multipart/mixed; boundary=----------A48617900047D5F
X-Priority: 1 (High)
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-Virus-Scan-Result: Repaired 26464 W32.Mimail.J@mm
Original-recipient: rfc822;xxxxxx@nc.rr.com
X-NAS-Bayes: #0: 1.47046E-142; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 993
X-NAS-Validation: {0D2F3A99-1329-496D-8DE4-4BE9CAF74458}

Logged
Retired Military, Airborne, Air Assault, And Flight Wings.
Model Trains, Internet, Ham Radio, Music
https://MyAAGrapevines.com
https://centercitybbs.com
Fayetteville, NC, USA

Doof

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 5908
  • Farm Animal Stupid
Re:Fake PayPal Spam Problem
« Reply #87 on: January 09, 2004, 05:30:03 pm »

We now believe that the database was accessed from the outside.  It exists on a machine that is outside our firewall  (it has to be).  The only thing on it that would affect you is the e-mail address database.

We'll report more when we know it.
Logged

KeystoneCop

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 354
  • I hate computers..
Re:Fake PayPal Spam Problem
« Reply #88 on: January 09, 2004, 05:30:14 pm »

Return-Path: <verification@paypal.com>
Delivered-To: xxxxx@surewest.net
Received: (qmail 24155 invoked from network); 9 Jan 2004 04:23:32 -0000
Received: from unknown (HELO mx1.mc.surewest.net) (66.60.130.44)
  by core1.mc.surewest.net with SMTP; 9 Jan 2004 04:23:32 -0000
Received: (qmail 2041 invoked from network); 9 Jan 2004 04:23:32 -0000
Received: from unknown (HELO mail.epost.de) (193.28.100.187)
  by mx1.mc.surewest.net with SMTP; 9 Jan 2004 04:23:32 -0000
Received: from [62.111.240.130] (62.111.240.130) by mail.epost.de (6.7.015) (authenticated as barney@epost.de)
        id 3FEB54980020C6CA for xxxx@surewest.net; Fri, 9 Jan 2004 05:23:31 +0100
Date: Fri, 9 Jan 2004 05:23:31 +0100 (added by postmaster@mail.epost.de)
Message-ID: <3FEB54980020C6CA@ppd27106.x.de> (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>
X-Mailer: PayPal Mailer
Reply-To: "PayPal" <verification@paypal.com>
To: xxxx@surewest.net
Subject: Verify your identity
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit<html>
<head>
X-TST: mx1 SNWK2



xxx done by me.. hope this helps..
Logged
There is a way to compare tags

[=isequal([band],[album])]=1

thanks marko

jleerigby

  • Guest
Re:Fake PayPal Spam Problem
« Reply #89 on: January 09, 2004, 05:38:39 pm »

I spoke to 10 people at work that use paypal and knowone else received the emails.
Seems to only be people from here??

I don't want to sound paranoid and I will only ask this once... Jim are the Credit Card #'s at risk or was it just the email addresses...
If there is a possiblity that someone may have been able to get the #'s I would like to know.
Jim, if you say that they are secure, I will not raise this issue again.

Thanks and have a good weekend.


Even if they were (and I like you sincerely hope not) it's not your problem.  It's the banks problem provided you have not been reckless and have conformed with the terms and conditions of the card.
Logged

Sam

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 300
Re:Fake PayPal Spam Problem
« Reply #90 on: January 09, 2004, 06:14:23 pm »

In addition to the PayPal email today, I got another spam on Monday.

I'm not sure if it's related at all, but this one actually displayed a link on the jriver site where they pulled my email address.  It was a mailto: link tied to my megaskin

Jim, fwiw, I'll forward you that email.


The email address I use here has been virtually spam-free - probably two emails in all of last year.  And then two this week.


My other email address, a personal one which I've never used here or with any website, just got its first spam ever today.  Not a good sign.
Logged

Sam

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 300
Re:Fake PayPal Spam Problem
« Reply #91 on: January 09, 2004, 06:19:12 pm »

I spoke to 10 people at work that use paypal and knowone else received the emails.
Seems to only be people from here??

I don't want to sound paranoid and I will only ask this once... Jim are the Credit Card #'s at risk or was it just the email addresses...
If there is a possiblity that someone may have been able to get the #'s I would like to know.
Jim, if you say that they are secure, I will not raise this issue again.

Thanks and have a good weekend.


Even if they were (and I like you sincerely hope not) it's not your problem.  It's the banks problem provided you have not been reckless and have conformed with the terms and conditions of the card.


You're right about the financial loss.  But I've gone through the process of cleaning up my credit reports after credit fraud, and it's a really big deal.  Lots of paperwork and phone calls stretching on for countless months.
Logged

Sam

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 300
Re:Fake PayPal Spam Problem
« Reply #92 on: January 09, 2004, 07:05:29 pm »

I just went through clicking on people's user names in this thread...  Quite a few have they're email addresses visible.  

It doesn't really take a hacker to automatically collect email addresses this way.  Not sure if this is how they did it, but hiding your email address is probably a good precaution.

Logged

Charlemagne 8

  • Citizen of the Universe
  • *****
  • Posts: 1999
Re:Fake PayPal Spam Problem
« Reply #93 on: January 09, 2004, 07:08:46 pm »

Me too. Promptly deleted.
Logged
That's right.
I'm cool.

modelmaker

  • Citizen of the Universe
  • *****
  • Posts: 1531
Re:Fake PayPal Spam Problem
« Reply #94 on: January 09, 2004, 07:16:58 pm »

I also got a couple of paypal emls. I do not have a paypal account. They were sent to the address I originally registered MC with, not  the address I used for interact.
Logged
Jay.

"Life is what happens when you're making other plans"     John Lennon.

zevele10

  • Guest
Re:Fake PayPal Spam Problem
« Reply #95 on: January 09, 2004, 07:25:48 pm »

Sam
my mail is visible and i did not get any mail.
Beside this ,people may have more than one mail.
No difficult: X Yahoo mails NOT .com
forward to a pop up accompt , use your email client to consult it.
Et viola...
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re:Fake PayPal Spam Problem
« Reply #96 on: January 09, 2004, 07:33:24 pm »

Zev,
Tu doit te couche.  C'est un peu tard de marcher sans dormir.  C'est dangereux aux autres.

Jim

Logged

TimB

  • Citizen of the Universe
  • *****
  • Posts: 1062
Re:Fake PayPal Spam Problem
« Reply #97 on: January 09, 2004, 07:40:13 pm »

Isn't there something in the Homeland Security Act about talking en francais?  :o

-=Tim=-
Logged
Boy do I LOVE Media Center!!!

sraymond

  • Guest
Re:Fake PayPal Spam Problem
« Reply #98 on: January 09, 2004, 07:57:38 pm »

I just went through clicking on people's user names in this thread...  Quite a few have they're email addresses visible.  

It doesn't really take a hacker to automatically collect email addresses this way.  Not sure if this is how they did it, but hiding your email address is probably a good precaution.



Well, just because an e-mail address is listing in the forums, doesn't mean that same address was used to register.  You'll find my address (scottraymond@sbcglobal.net) posted frequently.  I don't like munging my address - though I can't really say I have a rational reason.

But this is a a "throw-away" address that I use everywhere that is publicly viewable (i.e. here, Usenet, etc.)  I run all incoming mail through POPFile, which does a darn good job of seperating out that spam/virii.  But I accept that I might miss some stuff - that's OK.

My concern here (which is significant) is that JRiver has my "e-mail for life" address - and not by my own volition.  I was once locked out of INTERACT and I was told to reregister.  Of course, the throw-away was already taken (INTERACT wouldn't let me use it again), so I used my "e-mail for life".  Now, if that account were to get ruined by spam/virii, I'd be quite upset.  In hindsight, I shouldn't have done that - but I got personal assurances from JimH that addresses were never released outside of JRiver.

By ruined...  I mean that the good/bad ratio gets so small that I can't expect to find the good stuff.  I was getting over 300 virii a day (the MS Update one) with my sbcglobal.net account for a while.  Imagine trying to make sure that urgent and important business is not lost under that mountain of junk!

Well, it's too early to tell if there's been any real damage done...

Scott-
Logged

PhatPhreddy

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 613
  • Cosmic Comic
Re:Fake PayPal Spam Problem
« Reply #99 on: January 10, 2004, 12:36:42 am »

Quote
Even if they were (and I like you sincerely hope not) it's not your problem.  It's the banks problem provided you have not been reckless and have conformed with the terms and conditions of the card.
True of you have a credit card... Of course many people hav VISA (of MC / AMEX) debit cards and in the UK a debit card does not have the same protections as a credit card and the money is out of your account before you have a chance to correct it.. Instead of the security of VISA witholding the merchants money (usually 90 days with VISA merchants) the bank faces an actual money loss and is therefore MUCH tougher about paying back funds.  Moral is use a credit card instead of a debit card every time...

For those with SPAM issues I strongly recomend Cloudmarks Spamnet... I have my email public all over forums and get a >10:1 spam ratio but its not a problem as spamnet gets 99% of it and cleans it all out for me to a SPAM folder... The community reporting method works great.
Logged
Phreddy@PhatPhreddy.net ICQ# 168975535
HTPC Front ends  
Pages: 1 [2] 3   Go Up