Just got the following URL in spam:

http://paypal-security-server-cgi-bin-ssl128-security.com/

NOTE THIS IS FAKE! DO NOT ENTER REAL PAYPAL IN THERE, like you'd be stupid enough to anyway though, right?

If you have some spare time, go enter some fake usernames and passwords in there to waste their time. If you're really motivated, log in a few times with the same account but slightly different passwords so they try even more times.

Well there's one fake set of details entered!

wow quite well done. someone should write a script to hammer it with fake email address's and passwords :D

Whats needed here is one of those magic things that can generate that stuff and enter it, you know? those magic things? one of those.

(oh, those things squarky)

last edited by peacekeeper at 23:49:50 23/Jan/06

A team of well below minimum wage earning workers?

I laughed when I got to the form asking for your ATM Pin number

jesus christ you'd have to be retarded

To use this new Anti Fraud System, you will need to Confirm your Account Information. When you confirm your account information, you increase the security of transactions on the PayPal network

lmao.

Jesus, Im looking at this site and the real one right now and they are pretty much identical.
Even alot of the links are identical apart from a few added letters.

A_W: I've put all my details in, now what?

Because it's so hard to copy a webpage, right TK?

It's all of 1 minute work, including integrating it to your custom backend, to copy a site like that.

Even alot of the links are identical apart from a few added letters.

That's because alot of the links are identicle, and actually link back to the official paypal site?

last edited by Hashy at 00:43:20 24/Jan/06

I really wouldn't know about copying web pages Hashy, Ive never done it before and wouldnt even know how to start one up. So yea, to a noob it does seem hard.

You can only complete the billing details if you live in America :/

Also,

We are sorry this page cannot be displayed. To access it, please complete the following steps:

If this message appeared after you clicked on a link in an email, please copy and paste the desired URL into a new browser window.

lol

It's all of 1 minute work, including integrating it to your custom backend, to copy a site like that.

If you can reproduce PayPal so well on its own domain in one minute, I will buy you a coke

I don't get it, what so impressive about this particular fake site?

trog - a 2L bottle or a can? just wondering if it is worth my time!! ;)

does the coke contain rum of some sort?

So after sites like these get reported, what happens? Who is responsible for removing it and how do they find out who put it up?

If you can reproduce PayPal so well on its own domain in one minute, I will buy you a coke

Its own domain? It's on paypal-security-server-cgi-bin-ssl128-security.com (I DO NOT THINK THIS IS A PAYPAL OWNED DOMAIN), and just links to paypal's official site on links it doesn't care about (ie. Submit login information).

This is just a joke, right?

How to make your own fake paypal!

1. Register a domain like paypal-site-secure-ssl-128bit-superdooper -power-encryption-THIS-IS-CLEARLY-A-PAYPAL-DOMAIN.com
2. Go to paypal.com, view>source, copy it!
3. Flashgrab all the images
4. Modify forms to own backend
5. Host
6. Comedy "???" option
7. Profit!

last edited by Hashy at 13:38:58 24/Jan/06

I meant, on its own domain as opposed to http://13.61.41.61/~PAYPALHAXSITE

http://blahnana.qgl.org/pics/misc/cardcheckmh.gif

How to make your own fake paypal!

1. Register a domain like this
2. Go to paypal.com, view>source, copy it!
3. Flashgrab all the images
4. Modify forms to own backend
5. Host
6. Comedy "???" option
7. Profit!

I think that trivalises the operation - I was only saying that I think its not that easy to make a fake paypal that looks like the real thing and does anything useful (ie, helps you steal teh moneyz). You can't just copy/paste the front page, you have to follow the login process as well. You also have to keep up to date with the real PayPal otherwise semi-regular users will know instantly that they're getting duped.

Modifying the forms is non-trivial as well, if you want to collect the data in any sort of meaningful way, especially when there's f***ers like us entering in random data that looks real to f*** with them.

You'd also have to put it on a box that you're confident is not going to be able to be traced back to you and that you're going to be able to erase your tracks from in case the po-leece get interested. Or you could live in Russia or whatever.

THEN you have to spam out a billion emails, which isn't a trivial operation on its own.

So after sites like these get reported, what happens? Who is responsible for removing it and how do they find out who put it up?

Depends; usually the company in question (ie, PayPal) will find out who is hosting them and ask them to shut it down. Depending on what country the site is hosted in that ranges in difficulty from easy (if its in a nice law abiding place like Australia or the USA) to extremely impossible (if its in some jerkass backwater berg).

Creating the backend is obviously no trivial task and isn't a very hard one either but with the whole thread acting like this was god's gift to scam pages ("it looks identicle!~ :o", "all the links are almost the same wow!??????") I was just showing how simple everything else is. Hosting it somewhere it isn't going to get shut down and traced instantly back to your beach-font condo is probably the hardest aspect, yeah

Well I have come across a couple of other scam pages for financial institutions and they look nothing like their originals, thats why I was impressed (If you look at the bottom of the fake Paypal their copyright is for 2005 and the proper sites is for 2006).

what happens if someone accidently added in someone elses details by chance ...

hey guys

lets have a nerd fight

The boongtown script kiddies need to write more scripts imo

hashy your gay

Ouch Jim!, looks like someone needs some 4x4 therapy :D

Sup Jim