Your PayPal account has been violated!
There are some scams going on again.
So I got this email, confusing at the best of time…… looks pretty good, logo is pretty close on if not spot on. They also provide some sense of urgency…. oh goodie better get on to this.
I clicked the link…. yes it even happens to me. Soon I noticed something was not right.
To late though as I pressed the link….. a few things will happen now:
- They now know that the email they send it to is an active email.
- They now know that the email is linked to a paypal account.
- They now know that I am a silly old sod by clicking on the link.
What they will use it for is a guess, however they now have harvested an active email. Possibly worth $0.30 on the dark net. As I got this far I figured it is time to play.
Ever wondered what would happen if you actually follow the prompts?
Sure me to…. lets do it.
In this case I just picked a random one, this name has no association with Johnny Pizza in Dayboro.
Call them if you like, they have awesome pizzas :-).
I entered a password like “1234567”, that was rejected…. obviously as it is an to easy password, this also shows us that the people behind it have put some thought into it.
Once I corrected the password to “Would@likeTo1234” it was accepted, this means they check for special characters etc. All to make it more believable.
Time for the next screen and here they get serious…..
Hand over the personal data.
This is where some money is being made. Providing data that can be used for ID spoofing. ID spoofing is someone taking your details to either open accounts, do some like internet account validation etc. This stuff is often used to purchase stuff online. Especially where shops allow for the billing details to be different than the shipping address.
I entered my good old Johnny be good persona, sometimes I use WWNS but in this case I leave that alone.
As you can see I added some random stuff just to see the sophistication.
This is where the wheels fall off for the following reasons:
– Date of Birth is well into the future. – Mobile phone is to long
So I click continue….. the anticipation is killing me…….
Show me the money
At this stage you already lost your identity, and now you going to provide some more silly stuff.
Name on the card is “Johnny be good a” would like to add some more but it stopped me from doing that.
The Credit Card number (yes it is a real visa one) is the number we use in testing, it does not do anything it is just used to create testing transactions. Very sophisticated scammers will validate against this, not this crowd. So it is most likely a bunch of kids playing around.
Validation is way-off, and incorrect for AU, for example we have no csc code 🙂
Either way, this information can be sold. The going rate for scammed Credit Cards is about $10 bucks for 20 odd working cards.
The bank account
Account gets validated somehow, either way… the information is given…. :-).
All nice but why?
Simply because I can :-). Just warning you for an other scam, instead of just showing that there is one I figured lets follow the steps (just admit it, you always been curious on how that would look).
Once all this information is provided the receiver (scammer) can sell it on the “dark web” (sounds spooky, it is not really as long as you know what you are doing….) This set of information, if complete would fetch about $2 – $5 US dollars. Easy money right :-).
This tells you there are two types of scammers, one that collects the data with the purpose to sell it and one buying or harvesting the data with the purpose of using it. The first one is generally harmless, the second one can do a fair bit of Harm(s).
Eitherway…. it is a scam, stay away from it.