Author Topic: (Read 1063 times)

aceriker · « **on:** April 23, 2004, 10:46:32 AM »

Thanks for the heads up!

Trashcan · « **Reply #1 on:** April 23, 2004, 11:00:06 AM »

Thanks for the warning

Paco · « **Reply #2 on:** April 23, 2004, 11:09:43 AM »

I get those all the time for eBay and PayPal, but if it showed up in a browser with PayPal's actual URL, then you haven't updated your computer with the latest patches. That explot was fixed a few months ago. In the ones I get, it looks all official and has links to eBay's actual Terms of Service, searches, etc... but the link they tell you to click on actually points to some anonymous *.nl site in europe that also LOOKS like eBay, but isn't.

Harley · « **Reply #3 on:** April 23, 2004, 11:12:53 AM »

My workstation gets update every day, It still showed up.

Paco · « **Reply #4 on:** April 23, 2004, 11:26:46 AM »

Here's an easy way to test it:

http://www.zapthedingbat.com/security/ex01/vun1.htm

Click on that link and use the "Test" button. If your browser URL says that you're on http://www.microsoft.com then you're not patched for this exploit.

Harley · « **Reply #5 on:** April 23, 2004, 11:27:45 AM »

Someone must have cracked down on them. The spoofed url doesn't work anymore. Just the same always be careful with emails like this.

Pheonix 797 · « **Reply #6 on:** April 23, 2004, 11:36:44 AM »

Thx much John. Always good to see that some stupid mother is getting nailed for scamming.

Harley · « **Reply #7 on:** April 23, 2004, 11:37:29 AM »

Well it came up with this.

http://www.microsoft.com@zapthedingbat.com/security/ex01/vun2.htm

So what does that mean? I've got every patch and update that the Microsoft update site has put out.

Paco · « **Reply #8 on:** April 23, 2004, 11:44:04 AM »

That means you're fine. If you didn't have the patch, it would have come up with the zapthedingbat.com page but the URL window in IE (on top and on bottom) would have said that you were on http://www.microsoft.com - it was a pretty *scary* bug since it could be used for a LOT of mischevious things, but it couldn't spoof the http<b>s</b> (SSL). The easiest way with PayPal, is that you will ALWAYS be on a secure site if you're on the PayPal page. Their entire site is SSL 128bit.

Harley · « **Reply #9 on:** April 23, 2004, 11:57:21 AM »

Well then the one I got today was a new one apparently.

Harley · « **Reply #10 on:** April 23, 2004, 10:44:57 AM »

FYI to those of you who use PayPal. I just received a bogus email that was pretty well spoofed. I ran a test on it by clicking the enclosed link and it opened a page with PayPal's web address that they apparently spoofed. I logged in with my email address but used a phony password and got in just as though I had used my correct one as they would expect. This is how I discovered it was bogus. Do not use any email links sent you by PayPal or eBay for updating your information. Use your normal bookmarked links to do that.

News:

Author Topic: (Read 1063 times)

aceriker

(No subject)

Trashcan

(No subject)

Paco

(No subject)

Harley

(No subject)

Paco

(No subject)

Harley

(No subject)

Pheonix 797

(No subject)

Harley

(No subject)

Paco

(No subject)

Harley

(No subject)

Harley

PayPal scam email