• Effective immediately we will be deleting, without notice, any negative threads or posts that deal with the use of encryption and streaming of scanner audio.

    We've noticed a huge increase in rants and negative posts that revolve around agencies going to encryption due to the broadcasting of scanner audio on the internet. It's now worn out and continues to be the same recycled rants. These rants hijack the threads and derail the conversation. They no longer have a place anywhere on this forum other than in the designated threads in the Rants forum in the Tavern.

    If you violate these guidelines your post will be deleted without notice and an infraction will be issued. We are not against discussion of this issue. You just need to do it in the right place. For example:
    https://forums.radioreference.com/rants/224104-official-thread-live-audio-feeds-scanners-wait-encryption.html

PayPal Security Flaw allows Identity Theft

Status
Not open for further replies.

rdale

Completely Banned for the Greater Good
Joined
Feb 3, 2001
Messages
11,356
Location
Lansing, MI
...which again calls for clicking a link in an email that says "click here and enter your password" which we all know you never ever ever never do no matter how convincing it looks...
 

MacombMonitor

Member
Joined
May 18, 2005
Messages
3,551
rdale said:
...which again calls for clicking a link in an email that says "click here and enter your password" which we all know you never ever ever never do no matter how convincing it looks...
What email? You obviously didn't even take time to read the link! There is no email involved in this new scheme. This is truly something new.
 

CVPI4Ever

Member
Joined
Nov 7, 2004
Messages
832
Location
Ohio
Thats old news. I fell for that one and what a PITA!! I had to switch accounts and cole old ones. Shortly I read in the local papers how others fell for that one as well.
 
N

N_Jay

Guest
I get several emails a day telling me that I have to re-enter some information on some account or it will be disabled, deleted, etc.

I have NEVER (EVER) has a legitimate account EVER ask me to re-enter ANY information to maintain or fix an account.

It is easy to tell the Phishing. All you have to do is sort them out is delete EVERY SINGE ONE!
 

rdale

Completely Banned for the Greater Good
Joined
Feb 3, 2001
Messages
11,356
Location
Lansing, MI
"There is no email involved in this new scheme."

Yes there is, that's how you go to the link that is PayPal with the CSS injection. You _CANNOT_ get to that page if you simply open up your browser and type http://paypal.com
 

MacombMonitor

Member
Joined
May 18, 2005
Messages
3,551
rdale said:
"There is no email involved in this new scheme."

Yes there is, that's how you go to the link that is PayPal with the CSS injection. You _CANNOT_ get to that page if you simply open up your browser and type http://paypal.com
OK, I see what you're saying now. The link didn't make mention of any email involvement, but apparently that's how you acquire the modified link. It's still pretty slick in that the PayPal link looks totally valid once you're there, even though it isn't.
 

CommRX

Member
Joined
Oct 26, 2005
Messages
49
Location
Eastern NC
Off topic

Macomb,

I hope by your avatar that you are not buying into that stuff, but making people aware. Reading some of your great past links, it's seems we think alot alike. However, I'm confused your new avatar.
For those that believe, RFID is the end...
 

rdale

Completely Banned for the Greater Good
Joined
Feb 3, 2001
Messages
11,356
Location
Lansing, MI
From SlashDot:

To answer your question, in short the attack doesn't work if you visit http://paypal.com/ [paypal.com] manually.

What an attacker can do is craft a URL that *is* to paypal.com but contains the injected material (i.e. script) inside the URL. In short the paypal.com servers suffer from a vulnerability which allows the execution of this material (passed as an argument in the URL) -- and thus executes the script on the victim's browser. Because of this, the SSL connection is correct, but it appears that paypal is telling you that you need to go to another website to change your credentials.

You still have to get someone to click on the crafted URL for this to work though (hence why phishers are doing this, they're sending emails, or whatever.) so it's not going to work for people who don't click on the URL in phishing emails.

What I'm wondering is why someone would click on a link in a scam and then worry that the SSL certificate is genuine! Someone who knows enough to check the certificate is probably clever enough to ignore phishing scams...
 

MacombMonitor

Member
Joined
May 18, 2005
Messages
3,551
CommRX said:
Macomb,

I hope by your avatar that you are not buying into that stuff, but making people aware. Reading some of your great past links, it's seems we think alot alike. However, I'm confused your new avatar.
For those that believe, RFID is the end...
No, on the contrary, I think RFID is a joke! It's wide open for hackers, and will just add cost to everything! It is my way of saying that we are becoming a marked, monitored, and tracked society.
 

hoser147

Member
Joined
Dec 17, 2005
Messages
4,439
Location
Grand Lake St. Marys Ohio
Ive gotten at least 10emails from Paypal that has a dispute button on and have reported them to Paypal security They look very real and Im sure a lot of people fall victim to the scam. I also use the spam button on my email to report it before deleting the email. Thanks for passing this along............hoser147
 

scanbc780

Member
Premium Subscriber
Joined
Aug 30, 2002
Messages
345
Location
Maricopa/Yavapai Counties, Arizona
Read the story again, the link was INCLUDED on the PayPal site. This one was not a e-mail phishing attack. The page was Modified.

"The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS). "
 
N

N_Jay

Guest
scanbc780 said:
Read the story again, the link was INCLUDED on the PayPal site. This one was not a e-mail phishing attack. The page was Modified.

"The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS). "
How do they do this; "tricking users into accessing a URL hosted on the genuine PayPal web site."?:confused:
 

rdale

Completely Banned for the Greater Good
Joined
Feb 3, 2001
Messages
11,356
Location
Lansing, MI
scan: Please read the slashdot link. Someone emails you a message with http://paypal.com/blahblahbah.

It goes to PayPal.com, but the blahblah inserts additional links via CSS and that's where the problem comes up.

IF YOU OPEN UP YOUR BROWSER AND TYPE http://paypal.com YOU WILL NEVER HAVE AN ISSUE. Sorry if this sounds confusing, sometimes it makes even computer literate people have troubles!

- Rob
 

johnvassel

Member
Joined
Aug 23, 2004
Messages
347
Location
Near Lansing, Michigan
I've found the easiest way to verify that these are not valid, is when presented with the login screen, makeup any name/password combo. If it still progresses to the next screen, then obvioiusly it's not connected to the real database.
I usually use offending name/password combo's so I can get my message across to the phisher :)

John
 

scanbc780

Member
Premium Subscriber
Joined
Aug 30, 2002
Messages
345
Location
Maricopa/Yavapai Counties, Arizona
rdale -
"The scam tricks users into accessing a URL hosted on the genuine PayPal site"


Like I said the link was hosted in their site, there was NO mention of a link that was E-Mailed to you. I have read all the stories. No metion of redirection except from the PayPal
site itself. Everything points to The PayPal site itself was exploited.

If you have a story that mentions otherwise I would like to read it.





rdale said:
scan: Please read the slashdot link. Someone emails you a message with http://paypal.com/blahblahbah.

It goes to PayPal.com, but the blahblah inserts additional links via CSS and that's where the problem comes up.

IF YOU OPEN UP YOUR BROWSER AND TYPE http://paypal.com YOU WILL NEVER HAVE AN ISSUE. Sorry if this sounds confusing, sometimes it makes even computer literate people have troubles!

- Rob
 
Status
Not open for further replies.
Top