Saturday, 27 August 2005

Paypal scams

Like everyone else I get these PayPal scams with annoying regularity, and I've developed a quick and very efficient technique to help thwart these bastards, which I'd like to share:

1) First, understand how to identify a Paypal scam email. You can do that by visiting here. The most important thing to understand is that you can make a hyperlink say anything you want. It's the underlying URL that's important. In most email clients, if you mouse over the link, you'l get a tooltip that shows you the real link URL. If it is anything else except "https://www.paypal.com/cgi-bin/webscr/?cmd=_login-run ", then you can BET its a scam.

2) Do a whois lookup on the domain of the target url. This usually only takes a minute. Now you know who the domain is registered to. This is usually, but not always, the perpetrator. In many cases, you can actually get their name, address, and contact email!

3) At this point, what I usually do is trace back to the nameservers or do a Tracert (DOS COMMAND: Tracert www.badguy.com ) to find out where its landing. The last entry in the traceroute list before the actual target IP Is usually the domain of the hosting company.

4) Then, i forward the spam email to abuse@thehostingcompany.com with a note that they are hosting a Paypal scammer and they should fix it. Usually, if they are reputable, they will put the guy out of business within 5 mins. I just did one to somebody from menage-paypal.com that turned out to be hosted in Poland, and I got a thank you reply within minutes.

5) you can of course forward the errant email (preferably with the full email headers) to spoof@paypal.com. However, they are pretty overloaded, so a little vigilante-ism as above can certainly help!

If more people do what I describe above, or similar actions, we can all help to make it very unprofitable for the spammers to even try anymore.

The moral of the story is:

Everything is not always what it seems, so be aware. There really are people out there who will use every trick in the book they can to get at you.

No comments: