Thursday, December 15, 2005

Cyber crimes on the high. Don’t be the prey.

Cyber crimes are finding new targets everyday, be very careful if you are one of those users using credit cards or bank accounts online.

Sample of how this works.
You receive an email that looks like this...
----------------------------------------------------------
Paypal fake logo
PayPal is committed to maintaining a safe environment for its community of customers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.

We are contacting you to remind you that on 5 March 2005 our Account Review Team identified some unusual activity in your account. In accordance with PayPal's User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved.

To secure your account and quickly restore full access, we may require some additional information from you for the following reason:

We have been notified that a card associated with your account has been reported as lost or stolen, or that there were additional problems with your card.

This process is mandatory, and if not completed within the nearest time your account or credit card may be subject for temporary suspension.

To securely confirm your PayPal information please click on the link bellow:


https://www.paypal.com/cgi-bin/webscr?cmd=_login-run


We encourage you to log in and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure.

For more information about how to protect your account please visit PayPal Security Center. We apologize for any incovenience this may cause, and we apriciate your assistance in helping us to maintain the integrity of the entire PayPal system.


Thank you for using PayPal!
The PayPal Team

----------------------------------------------------------

Here is another version of the mail.. with another address..received few hours back. Do not enter any information in the site.. as it could still be active.
----------------------------------------------------------
Paypal fake logo

Dear PayPal Member!

Attention! Your PayPal account has been violated!

Someone with ip address 149.225.126.87 tried to access your personal account!

Please click the link below and enter your account information to confirm that you are not currently away. You have 3 days to confirm account information or your account will be locked.

Click here to activate your account




You can also confirm your email address by logging into your PayPal account at
http://paypal.com/. Click on the "Confirm email" link in the Activate Account box and then enter this confirmation number: 1036-8535-4511-9500-3892

Thank you for using PayPal!
The PayPal Team


--------------------------------------------------------------------------------


Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.



You click on the link(Now you can safely click it as its already banned)
It takes you to a site that exactly looks like paypal.
That asks you to enter all your details including credit card details, paypal account details etc. It behaves exactly like paypal and at last shows up a page saying our servers are under maintenance, please try after some time.

Whats exactly happening.
The link that’s shown is different from the link to which user is taken on clicking it. Whole paypal site is simulated on the site very intelligently and your account details are stored in their databases which is used to lift money from your account.

Life of these sites are very small. Most of such sites are banned as soon as they are found involved in cyber crimes.

How to fight back.
  • Before clicking on any link from your email, think for a while. If it’s not worth a click don’t (They could be mails from email farms which are just validating existence of your email ids).
  • If you are tempted to click (Recently I received an email related to an offer from ICICI bank that which was pointing to such a site) Check the link to which its taking you to. Observe the URL in the above example (take the mouse pointer on the link, url of that link is shown in your status bar of the browser) http://203.215.94.193/.www.paypal.com/paypal/das676bsda6… don’t get carried away with paypal in the URL. It should exactly begin with www.paypal.com and not just a part of that else essentially it’s an illegal one.
  • If you find that a site is illegal, inform the concerned people and get the site banned so that others wont fall pray. Your few minutes of social

    I had another such mail, which had an interesting title. I clicked on the site, and it went to a yahoo site. As usual I entered my id and password. It showed me message asking me to try after some time. After verification I found that it was a fake site collecting my yahoo id and password. (That site got banned within 24 hours of my complaint to ban it) So be watchful about before giving out any of your passwords.

    Lets make use of internet as a safe and effective means.
    Here is a sites where you can lodge your complaints against cyber crimes http://www.ifccfbi.gov/index.asp
    A nice detailed Indian article related to cyber crimes http://cybercrime.planetindia.net