Synyster Graves

Paypal Scam on 66.96.160.x domain

by on Jan.17, 2013, under IT Support

I hate scams. Especially when they’re quite clever. Have you had an email from “Paypal” recently? You click the link and it comes to what looks like Paypal, except the URL is “www.gigelmaidanezu.com”. Well that’s not right is it? Basically its a con and you should not proceed any further.

It looks like this:

Obviously the nobhead who created this thinks they’re a right cleverdick by stealing Paypal’s CSS to make it look like Paypal. But it’s not. Don’t be deceived. The ONLY link which works is the yellow log in button, and regardless of what you put in it’ll let you through. As you can see above there clearly isn’t an email address called “shittybum@sdf.com” (at least I hope not!). Anyways, it “let me in” and has this page next (click on the pictures for a larger view):

Now this is where they get your bank details, or at a bare minimum phished your paypal password and email account associated with it. The thing that f***s me off about these is that some people would actually put their details in here. But don’t. It’s a scam.

I ran an ipconfig on this website to see if it even was a website and it has been registered under the IP address of 66.96.160.152, so naturally I tried to connect to the site via IP address, to no avail. If that didn’t raise enough suspicion!

Anyways, I’m geeking out here but the website domain isn’t even registered to Gigelmaidanezu or whatever the hell it claims to be:


Pass this on to everyone you know who buys stuff on the internet, which is possibly everyone, except maybe your nan. But don’t let these p***ks get away with your hard earned cash. I hate scams. I hope they burn in hell. I’m off to run MalwareBytes now in case this website was carrying a virus! Play safe.

Addendum 19/01/2013

The website domain has changed to firicel.com, and routes through the domain doinacepalis.com, but is still the same stylesheet. I have also managed to get a copy of the email they send out also. Clearly, the email is not from Paypal:

From: PayPal <teleleu@wish.com>
To:
Sent: Tuesday, 15 January 2013, 20:09
Subject: Status – Account Limited

Dear PayPal Member ,

You have received this email because you or someone had used your account from different locations. For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your details.
To help speeed up this process, please access the following link so we can complete the verification of your PayPal Account registration information.

http://www.paypal.co.uk/

If we do not receive the appropriate account verification within 48 hours, then we will assume this PayPal account is fraudulent and will be suspended.

The purpose of this verification is to ensure that your account has not been fraudulently used and to combat the fraud from our community.
We appreciate your support and understanding and thank you for your cooperation in this matter.

This email was sent to you because your email preferences are set to receive “Alerts from PayPal”. Click to unsubscribe. These offers are not PayPal offers, we are presenting them only on behalf of the respective third parties and make no representation or warranty as to their contents. Each third party has their own terms and conditions unique to the specific offer described. See the third party’s Terms & Conditions.

Copyright © 1999–2012 PayPal. All rights reserved. PayPal (Europe) S.а r.l. et Cie, S.C.A., Sociйtй en Commandite par Actions. Registered office: 22-24 Boulevard Royal, L-2449, Luxembourg, R.C.S. Luxembourg B 118 349.

Looking at it today, they’ve obviously switched the IP address to firicel.com, via doinacepalis.com, but they’re all on the same subnet:

Basically, don’t trust anything in the 66.96.160.x domain!

:, , , , , ,

5 Comments for this entry

Leave a Reply

*