|
Renegret posted:sounds like they're confused by this part: Nah, if you read the headers it definitely came from Paypal
|
#
?
Sep 20, 2022 17:21
|
|
|
|
| # ? May 25, 2024 08:54 |
|
|
You can set the from to be whatever you want, but any modern receiving mail server is going to bin it instantly as it will fail SPF/DKIM/DMARC checks, and a company like PayPal will have that in place. What's happened is that someone has managed to create an entity on PayPal called "Billing Department of PayPal" and then put that official-sounding blurb into the comments field. I don't know how things work in the USA but someone gave the scammer a toll free number to pull this scam off with, and PayPal let someone put "PayPal" in their name.
|
|
#
?
Sep 20, 2022 17:22
|
|
|
rujasu posted:Seems like they didn't alter the mail, they just put an official-sounding note in the "Seller note to customer" part of the form, unless I'm missing something? Like the mail is just a regular invoice, but they're allowed to add a note saying what the invoice is for, and they put the scam message in there Yeah, I do think that this is what happened, but like why would Paypal allow the ability to add scammable info into this seller note space? I mean if it was a dating site, any data going between users is limited to text, and gets scrubbed for data like links, phone numbers, and emails. My wife really wants to push on some government entity to take action against Paypal if that's what happened, as they are culpable if this is a vector that haven't closed (i.e. forwarding with creds scam emails), and the more I look into it, the more I believe it.
|
|
#
?
Sep 20, 2022 17:40
|
|
|
I've created invoices in PayPal before, you can just put whatever you want under things like "seller note". You'd really think they'd have a way to automatically detect that someone put PayPal in as their business name, even setting aside the phone number issue. Here's what it looks like making an invoice: When you make an invoice it's automatically sent by PayPal through PayPal, so they wouldn't need to do any fancy email address manipulation.
|
|
#
?
Sep 20, 2022 17:46
|
|
|
ahh poo poo I called 555-CRIMES and I'm getting a busy signal what do I do now help can someone maybe open a ticket for me no I won't do it myself
|
|
#
?
Sep 20, 2022 17:49
|
|
|
For me the bit that would come the closest to making PayPal have some liability is allowing whoever sent the invoice to use PayPal in their business name. Does it say PayPal or does it say PayPa capital-i They could also very easily put some basic logic in place to scan the contents of the messages and I'm amazed that they just let a message like that pass through. Thanks Ants fucked around with this message at 18:01 on Sep 20, 2022 |
|
#
?
Sep 20, 2022 17:59
|
|
|
Everett False posted:I've created invoices in PayPal before, you can just put whatever you want under things like "seller note". You'd really think they'd have a way to automatically detect that someone put PayPal in as their business name, even setting aside the phone number issue. Here's what it looks like making an invoice: Thanks for this screenshot. The scammed family member did contact Paypal, but at the time we didn't know the details of this process and how it happened, so they were all like 'Not our fault, not our problem' about it. But the more I think about it, they are partially culpable for allowing this vector.
|
|
#
?
Sep 20, 2022 17:59
|
|
|
Thanks Ants posted:For me the bit that would come the closest to making PayPal have some liability is allowing whoever sent the invoice to use PayPal in their business name. Does it say PayPal or does it say PayPa capital-i yeah, now that I think about it you're probably right re the company name vs. what's in the comments. Here's the html for the 'Billing Department of PayPal' code:code:
|
|
#
?
Sep 20, 2022 18:10
|
|
|
Seems like PayPal should be adding their own footer with the real PayPal phone number. They probably don't want to get calls with problems that need to be resolved by contacting the legitimate businesses that issue invoices though.
|
|
#
?
Sep 20, 2022 20:11
|
|
|
Hi I've gotten this exist scam! I wondered the exact same things! Nothing is being spoofed, it's just the message from the invoicer. The biggest tell is the fact the top says "Hello Paypal User," Paypal at the bottom of their e-mails says quote:PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name. Learn to identify phishing Now this protection falls apart if the invoicer bothers to put in your name instead of "Paypal User" so a SLIGHTLY more targeted phish would still lead to this. The other fun part is the fact my account itself didn't have the invoice in it, because I think they mass send it out and then remove the proof so you can't report it and paypal doesn't ban the account that was used to send them all out. But yeah this is a case of phishers using legit sources like office document sharing that has you login to a real office sharing portal (without any login required) to a fake HTML page that has a login request which then steals your creds. But moving away from PCs and just having you call them to report the issue. Edit: Guy Axlerod posted:Seems like PayPal should be adding their own footer with the real PayPal phone number. They probably don't want to get calls with problems that need to be resolved by contacting the legitimate businesses that issue invoices though. And Krebs posted about this recently: https://krebsonsecurity.com/2022/08/paypal-phishing-scam-uses-invoices-sent-via-paypal/ minusX fucked around with this message at 21:58 on Sep 20, 2022 |
|
#
?
Sep 20, 2022 21:53
|
|
|
rujasu posted:Seems like they didn't alter the mail, they just put an official-sounding note in the "Seller note to customer" part of the form, unless I'm missing something? Like the mail is just a regular invoice, but they're allowed to add a note saying what the invoice is for, and they put the scam message in there Everett False posted:I've created invoices in PayPal before, you can just put whatever you want under things like "seller note". You'd really think they'd have a way to automatically detect that someone put PayPal in as their business name, even setting aside the phone number issue. Here's what it looks like making an invoice: This is correct. You can look up this particular scam - anyone can send an invoice for anything, to be paid via PayPal. If you don't click "Pay", not a damned thing happens. Just ignore it. And yeah, the "PayPal user" part is a dead giveaway - PayPal always knows your name, or at least the name you gave them. Guy Axlerod posted:Seems like PayPal should be adding their own footer with the real PayPal phone number. They probably don't want to get calls with problems that need to be resolved by contacting the legitimate businesses that issue invoices though. They don't have a phone number. They absolutely don't want you calling them, exactly like eBay doesn't. Which is incredibly frustrating. Thanks Ants posted:For me the bit that would come the closest to making PayPal have some liability is allowing whoever sent the invoice to use PayPal in their business name. Does it say PayPal or does it say PayPa capital-i Definitely that, though. They don't care - they get their percentage even if it's not legit.
|
|
#
?
Sep 21, 2022 00:01
|
|
|
minusX posted:Hi I've gotten this exist scam! I wondered the exact same things! Nothing is being spoofed, it's just the message from the invoicer. Thanks for the Krebs link! and yeah, the family member missed that it wasn't addressed to them specifically, but honestly it would take me a bit to pick that out. Also if they had put more effort in they could have easily done that as their name was in the email. Just crappy that it was a major loss of $$ - and it's tough to armor my older relatives against these. I originally rolled my eyes when I heard about it, but now that I've dug in, I can understand how they were hoodwinked.
|
|
#
?
Sep 21, 2022 00:10
|
|
|
Darchangel posted:eBay doesn't. Same thing.
|
|
#
?
Sep 21, 2022 00:45
|
|
|
Seems like the easiest and simplest thing they could do is add a little more to the "message from the seller" subheading like "This is the information the seller provided, this text is not from paypal:" and then put a border around the message itself.
|
|
#
?
Sep 21, 2022 01:39
|
|
|
SlowBloke posted:Lenovo pushes firmware updates all the times for subcomponents on microsoft catalog while leaving bios updates to vantage. I think only Asus and their ilk are not using windows update for firmware. Back to this, i received a bios update from asus for my z690 board yesterday so they do too(even if every bios update will factory reset the bios settings).
|
|
#
?
Sep 21, 2022 12:46
|
|
|
Don't be too hard on your relative, it can happen to anyone. I got taken by a scammer a couple years ago. I got a call on my cell phone early in the evening from what appeared to be my cell phone service provider's 1-800 number. I answered the call and was told that it was the company's fraud department calling to confirm whether I ordered two new iPhones. The caller sounded professional, the number was right, and the background noise sounded like a call center, so I believed him. He walked me through what he called the process of clearing up the fraudulent charges, which included text messages with confirmation numbers, apologizing the whole time for the inconvenience, and promising a credit on my next bill. It wasn't until I got off the call that I noticed the little disclaimer at the bottom of each of the text messages saying that real company representatives would never ask for these numbers. The call wasn't from the Fraud Department, it was from a fraudster impersonating them to hijack my account. So I called the real fraud department. The bastard had ordered several thousand international calling minutes using my account, resulting in a $32,000 bill. We eventually got it all straightened out, and I ended up losing nothing but my time. To this day I can't even be mad at the scammer. It was a highly detailed and beautifully executed scam.
|
|
#
?
Sep 21, 2022 18:48
|
|
|
Yeah, this is the responsibility-dodging poo poo that PayPal and eBay were pulling for years, and part of the reason that they re-split the companies again. It lets them put you into an infinite retailer <> payment provider deferred responsibility loop that there's no escape from.Darchangel posted:They don't have a phone number. They absolutely don't want you calling them, exactly like eBay doesn't. Which is incredibly frustrating
|
|
#
?
Sep 21, 2022 18:59
|
|
|
I get at least one of those Paypal scams every day. The first time I got one I was reading mail on my phone, and learned you can't actually view headers from the Gmail Android app. They are incredibly convincing looking since they are legit emails from Paypal. Forward them to spoof@paypal.com if you get one, they are taking down the invoices. I meant to send a reminder to my various elderly relatives about this one and never got around to it.
|
|
#
?
Sep 21, 2022 19:08
|
|
|
every time i get a fake text from a bank i no longer use i tell them to gently caress off before i block them it's very cathartic one time they accidentally sent a scam text out to a small group instead of just one person at a time and i just used that group text to explain why it was a scam and what you should watch out for...nobody ever responded, but it felt good to try to help a few strangers  my mom has gotten scammed twice. She is a very generous and compassionate woman and is therefore an easy mark. She calls me first, now.
|
|
#
?
Sep 21, 2022 19:17
|
|
|
PremiumSupport posted:Don't be too hard on your relative, it can happen to anyone. I got taken by a scammer a couple years ago. oof. Yeah, I'm trying to be supportive, and to build more backups and resilience into their workflows as the scam included installing software (cloud backup, maybe going to chromebook) , and also teaching some about a security posture. It's also an ongoing issue, as their number is now on everybody's list now as being an 'easy mark'. In talking with some other older relatives about this, I heard of another scam approach that I hadn't heard of. The scammers call with an innocuous set of questions, targeted to get them to say specific phrases, these are then recorded and used to call phone companies/banks, etc to hijack accounts. I had imagined this could occur, but only for high level phishes, but I guess now the tech is so cheap, it's filtered down to average phish attempts. There were multiple stories about this actually happening to multiple relatives in the recent past. It's real bad.
|
|
#
?
Sep 21, 2022 19:55
|
|
|
This finally prompted me to send an email out to the fam telling them to call me ASAP if they suspected fuckery, along with tips on how to spot it. While writing that email I got two calls from "Amazon" asking me to confirm a $1499 purchase of a Macbook. This poo poo just never ends.
|
|
#
?
Sep 21, 2022 20:33
|
|
|
I just don't answer the phone anymore if it's a number I don't know; hell I barely answer the phone if it IS a number I know.
|
|
#
?
Sep 21, 2022 20:36
|
|
|
I don't answer the calls and the numbers are mostly all blocked by Google already, but they still leave voicemails that I then have to listen to and delete. I'm on a Verizon prepaid plan so that means dialing in and having to wait for the auto attendant to slowly read out the drat phone number of the scammer before I can actually listen to and delete the message. So obnoxious.
|
|
#
?
Sep 21, 2022 20:57
|
|
|
PremiumSupport posted:Don't be too hard on your relative, it can happen to anyone. I got taken by a scammer a couple years ago. I tell people the thing to do is to ask for a case number or equivalent, if they don't give one then it's most likely a scam. If they do give one, hang up on them and don't answer their calls. Instead, if you have them saved in your contacts go there and call them or go to their site, preferably from a bookmark, and find their phone number and call it. Tell them you have a case number and give it to them, either they won't find the number and you dodged a scam or they have it in their system and you can get it sorted. Finding the correct support phone number on some companies sites is easier said than done though.
|
|
#
?
Sep 21, 2022 21:22
|
|
|
One of our voip guys was doing some testing with a block of numbers we purchased as part of a SIP thing, he had the ENTIRE block of numbers forwarded to his test phones. Every 30s, one of those phones would ring from a scammer as their went down the numbers. He would put one on hold, answer the other, then conference them in. Pretty sure he had 5 of those guys on one call. They were getting increasingly mad as would drop the call, get another call assigned to them, and then got dropped back into the conference. One of them before he left said "You are a very bad person" to my coworker.
|
|
#
?
Sep 21, 2022 22:04
|
|
|
Sirotan posted:I don't answer the calls and the numbers are mostly all blocked by Google already, but they still leave voicemails that I then have to listen to and delete. I'm on a Verizon prepaid plan so that means dialing in and having to wait for the auto attendant to slowly read out the drat phone number of the scammer before I can actually listen to and delete the message. So obnoxious. Visual voicemail is transformative, spring for it if you can afford it, especially since it means you can just play the message directly and delete it after 5 seconds.
|
|
#
?
Sep 22, 2022 00:14
|
|
|
Volmarias posted:Visual voicemail is transformative, spring for it if you can afford it, especially since it means you can just play the message directly and delete it after 5 seconds. Not offered at all for any prepaid plans 
|
|
#
?
Sep 22, 2022 00:22
|
|
|
PremiumSupport posted:Don't be too hard on your relative, it can happen to anyone. I got taken by a scammer a couple years ago.  did you actually order two iphones?
|
|
#
?
Sep 22, 2022 01:33
|
|
|
CitizenKain posted:One of our voip guys was doing some testing with a block of numbers we purchased as part of a SIP thing, he had the ENTIRE block of numbers forwarded to his test phones. Every 30s, one of those phones would ring from a scammer as their went down the numbers. He would put one on hold, answer the other, then conference them in. Pretty sure he had 5 of those guys on one call. I had something like that happen back in '03. We occupied a 4-story building, so we had two full blocks of 100 numbers each. Some fuckwit in mortgages bought an autodialer and was going through our numbers in order. I called the bank and browbeat the receptionist into putting me through to whoever was in charge of telemarketing. Fucker didn't believe me when I said we had 200 numbers, I laughed and said this is a business. He wasn't laughing when we called the cops with a harassment complaint.
|
|
#
?
Sep 22, 2022 01:50
|
|
|
CitizenKain posted:One of our voip guys was doing some testing with a block of numbers we purchased as part of a SIP thing, he had the ENTIRE block of numbers forwarded to his test phones. Every 30s, one of those phones would ring from a scammer as their went down the numbers. He would put one on hold, answer the other, then conference them in. Pretty sure he had 5 of those guys on one call.
|
|
#
?
Sep 22, 2022 02:01
|
|
|
mllaneza posted:I had something like that happen back in '03. We occupied a 4-story building, so we had two full blocks of 100 numbers each. Some fuckwit in mortgages bought an autodialer and was going through our numbers in order. I called the bank and browbeat the receptionist into putting me through to whoever was in charge of telemarketing. Fucker didn't believe me when I said we had 200 numbers, I laughed and said this is a business. He wasn't laughing when we called the cops with a harassment complaint. https://m.youtube.com/watch?v=YVrX767IkdI
|
|
#
?
Sep 22, 2022 10:18
|
|
|
My mom got scammed exactly once, and thankfully she caught on before any money was extracted. Someone messaged her on WhatsApp saying something like "hey it's your oldest kid, I changed my number. Please delete the old one" and she fell for it. She caught on when the scammer refused to actually call or pick up and got more rude in their messages than I ever would. She called my wife who told me, and it got sorted out. Now me & sis religiously post news about new scams in the family group chat. I remember my dad showing me Nigerian scammer letters that he got over the years, kept them like trophies. Amazing.
|
|
#
?
Sep 22, 2022 14:53
|
|
|
One of the horrible subcontractors we do jobs for occasionaly has a web portal / app you gotta log into for checkin / checkout / submitting deliverables. It’s been 2 years since I used it and I had my username but for some reason didn’t have the password for it recorded in my password manager. There’s no “forgot password” button on the login page, so I go digging through my emails, as I vaguely remembered having issues with the login last time. I find an old email with a password reset link I got from 2020, I figure maybe it will get me to a page where I can request a reset again. The link takes me to page where a pop-up tells me the link is expired, obviously, but — the “New Password” / “Confirm password” fields and submit button are still there. I punch in a new password, press the button, get another thing telling me the link is expired, ok. But — it actually did reset my password. They programmed it to tell you when the link is expired but they didnt actually expire the link. 
|
|
#
?
Sep 22, 2022 15:28
|
|
|
downout posted:
Nope
|
|
#
?
Sep 22, 2022 16:52
|
|
|
Not even 9am this morning and I got to tap the DNS sign. Get some increasingly frantic emails starting last night, some product is set to go live next week, but the website isn't working. Person is emailing different departments, and emails are starting to include things like "THIS IS IMPORTANT, PLEASE RESPOND" Bit before the call, I look at the site that is in the email, doesn't resolve. Other sites in the email do. But this person saw part of the IP matched our external address, and assumed it was us. I saw that : fart-test-thing.boners.com worked fart-prod-thing.boners.com didn't work. fart-thing.boners.com worked. All the resolution is external, so its on the provider. At any point, someone could have just done a nslookup and figured this out.
|
|
#
?
Sep 22, 2022 16:57
|
|
|
Entropic posted:One of the horrible subcontractors we do jobs for occasionaly has a web portal / app you gotta log into for checkin / checkout / submitting deliverables.
|
|
#
?
Sep 22, 2022 17:48
|
|
|
Arquinsiel posted:Grats on your no-doubt generous bug bounty. I'm sure if he'd asked they would have sent along a couple dead flies in an envelope.
|
|
#
?
Sep 22, 2022 18:36
|
|
|
A ticket came in for one of our b2b clients and their access to our SPO collab sites. “Hey, client can’t get in to our project site for their org. The previous user left the company but they’re using the same login/username so every time the new user tries to sign in the old user gets the MFA code. Can we update the phone number for the account management@company.com?”  Amazing there’s still some idiot hack doing poo poo like this in a business environment in 2022. Definitely became a management problem real quick, not touching that poo poo.
|
|
#
?
Sep 22, 2022 22:00
|
|
|
Vegastar posted:A ticket came in for one of our b2b clients and their access to our SPO collab sites. I've been doing b2b hosting for a while, and this is pretty standard. I usually recommend a distro when people ask me to set up email stuff, but its not uncommon for them to insist on a personal email
|
|
#
?
Sep 22, 2022 22:15
|
|
|
|
| # ? May 25, 2024 08:54 |
|
|
RFC2324 posted:I've been doing b2b hosting for a while, and this is pretty standard. I usually recommend a distro when people ask me to set up email stuff, but its not uncommon for them to insist on a personal email Nah, this is Azure b2b for accounting engagements. We invite specific clients to a Sharepoint collab and it does all the federation shenanigans through Microsoft so they can log in and upload their financials and stuff. Requires an Azure AD/o365 account on the client side we can bring in as a guest stub to our tenant for access. The client org was reusing the same AAD account/password across multiple users for this instead of disabling the user account and provisioning a new one when somebody is termed. Vegastar fucked around with this message at 22:26 on Sep 22, 2022 |
|
#
?
Sep 22, 2022 22:22
|
|