E-mail fraud targets PayPal users - again

Similar to a previous scam targeting PayPal customers and customers of banks the e-mail uses a deceptively constructed hyperlink in an attempt to trick people into entering their account details on a page that mimics the PayPal style, but does not belong to the company.

The e-mail reads: "Your As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts." The incorrect grammar used is one hint the e-mail is fraudulent.

Readers are exhorted to click on a link reading "https://www.paypal.com/cgi-bin/webscr?cmd=verification", but which instead takes them to a page with the URL: "http://www.exme.us/~x/". By holding the cursor over the link in the body of the e-mail, the URL it directs to is shown in the display bar at the bottom of the e-mail client.

All the other links on the page point towards legitimate PayPal Web sites.

• Related stories

• Alerts

Add your opinion

1. This appears to some fraudster trying to discredit eXme.org which is a different site and runs from a different machines as eXme.us. Even though both sites are exactly the same, the fraudster has just made an effort to discredit the eXme.org people. Mark Arena -- 24/06/03

   This appears to some fraudster trying to discredit eXme.org which is a different site and runs from a different machines as eXme.us. Even though both sites are exactly the same, the fraudster has just made an effort to discredit the eXme.org people.
   
   * Resolved www.exme.org to 80.92.65.10
   * Resolved www.exme.us to 203.22.204.92
   
   There is a clear difference in domain registerations also:
   Domain Name: EXME.US
   Domain ID: D4366646-US
   Sponsoring Registrar: ENOM, INC.
   Domain Status: ok
   Registrant ID: 7CDB55B23888B816
   Registrant Name: Role Acccount
   Registrant Organization: Globat, LLC.
   
   Registrant:
   tim (EXME-ORG-DOM)
   carey
   n9170 jordan st
   n9170 jordan st
   appleton, US 54915
   US
   920 733-8254
   920 733-8254
   jurcas@one.lt
   Domain Name: EXME.ORG
   
   eXme.us appears to be hosted off a machine at Globaldat.com, which is a web hosting company. I've emailed them and by far the best bet in catching this fraudster would be with the cooperation of globaldat.com in finding out where the credit card information is being sent to (most probally an email address) and also from where has the logins into Globatdat's servers come from.
   
   Regards
   Mark Arena

   • Reply to comment
   • Reply to story
   • Report offensive content

2. Although it is not PayPals fault about this scam, it seems their site is not secure enough. I believe they are very slow in dealing with this problem. I advised them that somebody had got hold of my ID and changed it and had purchased goods and credited t Anonymous -- 31/03/05

   Although it is not PayPals fault about this scam, it seems their site is not secure enough. I believe they are very slow in dealing with this problem. I advised them that somebody had got hold of my ID and changed it and had purchased goods and credited them to my paypal account. I advised them of this at the beginning of February but I have not been advised what they had done to recover my US29.95 fraudulently taken out of my credit card. I will not use PayPal again until this matter is cleared up and my account balance is back to NIL.

   • Reply to comment
   • Reply to story
   • Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials