PayPal scam

· technology ·

This morning I received a superficially very convincing email which appeared to be from PayPal, asking me to update my account information. I might have been taken in, but for the fact that I received 8 indentical emails together (not even PayPal is usually that inept), and that the message was sent to an email account that I have not registered with PayPal. A closer inspection of the message source revealed that the link in the email was being diverted to another server:

http://www.paypal.com@207.44.196.35/~redbarpr/cgi-bin/ webscr%3fcmd=verification/ (not linked so that you won't be tempted to click on it ;-) )

Apparently, it's a known scam, though a slightly more sophisticated one than others that have been attempted. By coincidence, it's also the first spam that Merlin Mann has caught in his spam honeypot. It turns out that Red Bar Productions — who own that site — was hacked, and they have nothing to do with it. So, some git or gits have hacked this poor guy's server to run this spam, and even stolen PayPal's bandwidth as they used the original PayPal images in the email.