Attempt at Paypal Hijack

**ober** · 08-25-2004

So I just got an email from "[email protected]". It says "

Code:

Dear PayPal valued member,

Due to concerns, for the safety and integrity of your paypal 
account we have issued this warning message.

It has come to our attention that your account information 
needs to be updated due to inactive members, frauds and 
spoof reports. 

Please take 5-10 minutes out of your online experience and 
renew your records so you will not run into any future problems 
with the online services. However, failure to update your 
records will result in account suspension.

Once you have updated your account records your PayPal 
account service will not be interrupted and will continue as 
normal.

Please follow the link below and login to your account
and renew your account information:

http://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Sincerely,
PayPal customer department! 

This notification expires on the 28th of August, 2004. 
Please do not reply to this e-mail. Mail sent to this address cannot
 be answered. For assistance, log in to your PayPal account and 
choose the "Help" link in the footer of any page.
To receive email notifications in plain text instead of HTML, update 
your preferences here.

But I look at the header and see it is from this email address:
[email protected]

And what happens when you click on the login link? It sends you here: http://ironald.org/.S/

FANTASTIC. Anyone have an email bomb handy?

**anonytmouse** · 08-25-2004

The whois information is here or do a whois lookup here

I strongly doubt that either the whois information or the email address is correct. You could try calling the number!

**ober** · 08-25-2004

The phone number was to some old lady who just kept saying "hello" when I didn't say anything. Someone else came into the room and said "is there something wrong momma?". So I think that was a random number too. The email address is bunk.

**Salem** · 08-25-2004

You could go to the spoof site and create lots and lots of spoof entries which will at least slow them up for a while

A few million scripted entries posted via an anonymous relay or two should make them think twice about pulling this stunt again

**ober** · 08-25-2004

I've input about 20 manually so far... anyone have a quick mock-up of an automated version? They want the name on my credit card? "Feds R Coming"

Billing Address... my state? Prison.

I need a way to do it faster! C'mon people... go to the link... put a bunch of fake info in! They don't do a very good job of checking it! It's fun

**ober** · 08-25-2004

Did you know I was from the Azerbaijan Republic? Neither did I!

**~~holden~~** · 08-25-2004

Hmm this is too interesting....I googled just a little and this is what I found:

First of all, the whois owner for ironald.org is Ronald DeCarufel. I found some posts on a real estate message board from that name, somebody from Charlotte NC which matches the whois information. I also found some 19 year old female from Charlotte NC named Katrina DeCarufel who apparently is a runner: http://www.doitsports.com/newresults...56054_2004.htm. You could try (704) 504-8941 and ask for Katrina or Ronald....

So I'd try the phone number and ask for Katrina or Ronald. If you can get ronald, tell him you are from Paypal management or something, and say Paypal has sued him for Internet Fraud and unauthorized transfer of e-funds. Just think of something that would scare him HAH! I don't wanna pay for long distance on the phone otherwise I would try...anyone from around there or don't care about long distance calls?

**~~holden~~** · 08-25-2004

OOOH I've got the best idea!

If you've ever heard those celebrity sound boards at www.ebaumsworld.com they are great for prank calls! There is this one for arnold schwarzenneger from a movie where he played a cop, so he says things like "Hey, I'm a police officer" "I'm going to ask you a bunch of questions and I want you to answer immediately" "I'm detective John Kimble!" etc etc

That'd be great to call him up using that !!!!! And record the call too.

PS: To set it up easy and record it I tape a microphone to the earpiece of a cordless phone, for recording the call. Tape headphones to the part of the phone you speak into. Lay that on your monitor with the headphones and microphone taped on. Then take another cordless phone. Turn them on at the same time, dial, start recording on your computer. You listen with the phone in your hand, and the sound files will play out headphones into the phone and be recorded and it'll record everything.

YAHAHA!

**ober** · 08-25-2004

Dude... I already called the number. It's bunk.

**~~holden~~** · 08-25-2004

hmm how about the email too?

**Salem** · 08-25-2004

Mmm, I get

Code:

Forbidden
You don't have permission to access /.S/ on this server.

Apache/1.3.27 Server at ironald.org Port 80

**anonytmouse** · 08-25-2004

Originally Posted by holden

Hmm this is too interesting....I googled just a little and this is what I found:

First of all, the whois owner for ironald.org is Ronald DeCarufel. I found some posts on a real estate message board from that name, somebody from Charlotte NC which matches the whois information. I also found some 19 year old female from Charlotte NC named Katrina DeCarufel who apparently is a runner: http://www.doitsports.com/newresults...56054_2004.htm. You could try (704) 504-8941 and ask for Katrina or Ronald....

So I'd try the phone number and ask for Katrina or Ronald. If you can get ronald, tell him you are from Paypal management or something, and say Paypal has sued him for Internet Fraud and unauthorized transfer of e-funds. Just think of something that would scare him HAH! I don't wanna pay for long distance on the phone otherwise I would try...anyone from around there or don't care about long distance calls?

The whois information is almost certainly fake ([edit]or site hacked, see below[/edit]). Let's not defame someone whose likely only "crime" is to have his name and details swiped off the web by some pathetic crook.

You can report the matter to paypal. Surprisingly, you have to have an account and sign in to report a scam.

**anonytmouse** · 08-25-2004

Originally Posted by Salem

Mmm, I get

Code:

Forbidden
You don't have permission to access /.S/ on this server.

Apache/1.3.27 Server at ironald.org Port 80

Shouldn't have posted a clickable link. He must have seen this site in the referrer data and has probably read this thread. (Someone could check the IPs of the non-members who have read this thread if they were really keen).

***webmaster*** · 08-25-2004

It's also possible that the server hosting the page was hacked, and that the original owners are completely innocent. Judging from the name of the directory in the URL, it looks like they're trying to hide it from the admin of the server. In the past, I've received emails linking to apparently legitimate sites that were hijacked in that manner. After a nice email sent to their webmaster and a voicemail message left on their machine, along presumably with many others, they removed the offending site.

**~~holden~~** · 08-25-2004

Well if anybody wants, Ronald DeCarufel's real phone number is [Mod edit: let's leave this guy alone]

From qwestdex: [Mod edit: let's leave this guy alone]

If indeed his site was hacked, why would he put in a number one digit off if it is his real domain?

I was thinking about calling this guy and conducting a survey, and eventually ask silly questions like "Have you ever committed any type of internet fraud?"

Thread: Attempt at Paypal Hijack

Thread Tools

Search Thread

Display

Attempt at Paypal Hijack

Similar Threads

PayPal confuse me

Linked lists; My first attempt

Naming folders after the date - my futile attempt

Sigmaze! -- Second Attempt.

switch - first attempt...