Are bad guys smarter? If yes then blame the good guys, as most of the good guys are ignorant, expecting everything to be good. As you might be knowing I am working on web technologies and I get many complains of a probable paypal hack (imp accounts in general). Paypal is a very safe site and in most of the cases the hacking happens at user level (User PC), we call it 0 level hacking. Most of us started learning at 0th level before using the complex tool and complex algorithm based hacks.
Different level of paypal hack
- Computer level paypal Hack: Using various keyloggers (where every keyboard press is stored on the computer). I myself had an opportunity to work for such a product. It is advisable not to use your important accounts from public machines like cyber-cafes, where people install such keyloggers. One such famous application is back-orifice. There can be other spywares that can be deadly, so I advice you to use spybot regularly.
- DNS level paypal hack: Every Site is associated with an IP which is resolved using DNS. DNS has various cache levels and some people can manipulate it too. Also check the hosts file of your computer, it may be taking you to a different server. Let me know if more explanation is needed. Some local DNSes can also be used for such hacks.
- Server level paypal hacks: This needs higher level of expertise in hacking. All server admins takes care of it. Paypal surely must be spending a lot of time ensuring a secure server. So don’t worry much of it.
- User Ignorance: This is a major issue with Paypal hacking. Let me explain it in detail. This leads to maximum damage, keep reading the comments as well. I will keep adding various watchouts.
Interception: A person at proxy reading all your details. HTTPS takes care of it, it encrypted the communication. Also try to read the certificate, this takes care of a lot of issues. If needed I can explain this in detail.
User Ignorance can be deadly for paypal hacking
Here is a simple case of paypal hack. Earlier I use to ignore all the mails from paypal but these days, since I have a paypal account, I can’t ignore. This is the most common (and cheap) way of hacking, we call it (zeroth) 0th level hacking. Do not forget to send this to all your friends, who one day might end up a prey to these simple cheap hacking. I got a mail and it said,
Everything is so perfect, I checked the url spelling whether there is some phishing trick there. Sometimes it can be payapal.com or paypaal.com. This time it was perfect but still I wasn’t sure. I mouse over the image and I saw
If I were a little naive with technical concepts I might have ended up entering my paypal username and passwords. The website like exactly like paypal, try http://www.oscormerce.dk/images/www.paypal.com/webscr/update.do=profile/index.html. Enter some fake stuff and you will find that it is asking for more details. Be careful.
Some may say that you should look for the secure lock. That’s good but it doesn’t secure it either as we end up in trouble due to our ignorance. https:// or the secure lock just encrypts the communication between the apache and the browser (also changes the port of communication), stopping one way of hacking known as interception. Enabling https is a plane piece of cake, a 5 min task. Be alert and be safe.
Be careful about Broswer hijacking too for paypal hacking
Some use full links http://video.google.com/videoplay?docid=9076288729387457440. Do not install anything that you are not sure of.
Help you friends by sending this post to all whom you think should know this. Keep reading my blog for other articles on orkut, security, marketing.
How to make your websites secure
Here are some of the new methods that are being used by most of the banks:
- Identifying image with customer id: When you enter your customer id, it shows an image from the server that is uploaded by you. I generally suggest adding your own image. So the time you enter your customer id, you see the image and verify the website. It avoid the DNS level hacks for paypal.
- Using virtual keyboards: Instead of using your computer keyboard now banks are providing virtual keyboards. Now the key loggers will only get a click track but will never get your password. This avoid the keylogger traps.
- The secure locks generally takes care of interception level hacks.
You have questions about paypal hacking
Please ask here and let us answer. We don’t hack into paypal accounts but we help people secure their accounts.
Perfect…….Trap………..
For this type of fake page . What are encryption specialists doing ? if one can find any good method to prevent it . he will be millonare.
Experts are of no use as the mistakes are committed by the user (90% of the time it is the case). It is like you giving away your password to a third party. Be smart, alert and informed. Thats the only way. Paypal do not process the transaction if it is against the normal trend, they generally mails the customer about unusual transaction to approve it. Better be informed.
I have seen fake yahoo messengers, fake msn messengers, fake client side (based on host entry) pages for 0 level hacking. Anyone who wants to know more can contact me :).
The people at Paypal and other sites have been busting their respective bums trying to inform their users about such practices as phishing and hijacking. The fact that it continues to be a pervasive problem would indicate to me that people are simply devaluing the warning, or not even reading the communications because they are long and boring reads, generally. People need to understand from the title of the email, that it is a matter of simple self-preservation that they read the information; and that information needs to be written by someone who can write interesting prose to describe and warn against the problem.
We work very hard to sell people on the “good stuff” in our sites. Why do the financial institutions not seem to take the same interest in selling people on how to protect themselves from the “bad stuff” that is out there?
Bill, it is not that the financial institutions are not doing anything but something is beyond their control. As you said they can work with the members to make them understand what is phishing and hijacking. Thats all they can do. Keep your computer up to date, scan for virus. Use spybot, adaware. I am also using a2.
May be a course for the members can help. Everyone will be suppose to pass the exam else a warning in red will appear on the top. I also think that http://www.oscormerce.dk might be extracting some money right then as suspicious user can change their password soon.
Looks like this one is a trick to get more traffic http://paypal.com.niisenforums.org/index.htm, This is a subdomain. They are doing all possible things to fool people.
http://rivolt.co.za/cp/www.paypal.com/updates/us/webscr.php?cmd=_login-run another phising site. Be aware, I just got a different mail from there.
from [email protected]
Dear valued PayPal member,
The security questions and answers for your PayPal account were changed
If you did not authorize this change, please contact us immediately using this link :
https://www.paypal.com/srt1/s-default
However, You will need to update some of your records in our Resolution center
if not will result account suspension.
Please update your records by October 14.
Look at the link and the anchor text, I think we should maintain the list of websites doing it. I think they can always create a new site for this.
Is this PayPal logon page a fake ????
http://login3.paypalglobaldatabase.com/cgi-bin/webscr.php?cmd=_login-run
The link was sent in e-mail
This page:
http://paypalglobaldatabase.com/
Shows:
paypalglobaldatabase.com
This page is parked free, courtesy of GoDaddy.com
paypalglobaldatabase.com -> 68.178.232.100
login3.paypalglobaldatabase.com -> 60.172.34.66
the subdomain is hosted with differently than the domain itself and the subdomain login3.paypalglobaldatabase.com is a fake page. Thanks for bringing it.
which software do i use in hacking paypal?
The link is not any type of phishing, its html very easy to do and with 90% or email services that support it automatically then most people wont know the difference
From Lion Cracker team
HOW TO HACK PAYPAL AND EARN MONEY
To [email protected]
[email protected]
These are the latest Paypal boot server of 1st Janurary 2007
and they will be active till 24 March 2007
then I will again call my brother and ask which is the new paypal boot server
If your Id is in yahoo.com then send the following in [email protected]
Else if your ID is in hotmail or any other the send mail on [email protected]
Note — My big brother works in Paypal Company and he told me the following
program which can be used to hack paypal
Make the subject cgiObin
include the following Message
opendir=https://www.paypal.com
webscr?cmd=_account
account.https
cdm redirto=66.211.168.65
srv redirto=usa.com
cgi-bin/webscr?cmd=_ext&source=””””Account to HACK DONT INCLUDE(“”””)”””””
webscr?cmd=_withdraw-funds
_withdraw-funds=all
cgi-bin/webscr?cmd=_withdraw-funds-bank=no
cgi-bin/webscr?cmd=_withdraw-funds-paypal=yes
cgi-bin/webscr?cmd=_withdraw-funds-paypal&source=”””YOUR ACCOUNT ID DONT INCLUDE(“”)”””
webscr?cmd=_login-run
_login-run=”””””””””””””YOUR PASSWORD””””””””””””””””””””””””””””””””””””
webscr?transaction78659.rts7.object=gift
webscr?cmd=_transaction-run
webscr?cmd=_complaint-view=0
webscr?cmd=__history_clear
webscr?cmd=_logout
quitdir=https://www.paypal.com
(this is a mail some of our clients are getting)
Unauthorized NetBanking Access On Your Account
In the last fews weeks, our Online Banking Security team has observed multiple logons on your Internet Banking Account, from different Blacklisted IP’s, therefore been blocked, to prevent further unauthorized access for your safety. we have decided to put an extra verification process to ensure your identity and your Internet Banking Account Security.
Click on for your NetBanking Online Access.
http://www.hdfcbank.com/1/2/securityaccess/precaution/internet- banking/
(see the link where it is going)
Security Advisory,
HDFC Online Banking
*Important*
Please update your records on or before 48 hours, a failure to update your records will result in a temporary hold on your funds – it’s one more way that HDFC makes your online banking experience better..
© 2007 All Rights Reserved
From Lion Cracker team
HOW TO HACK PAYPAL AND EARN MONEY
To [email protected]
[email protected]
These are the latest Paypal boot server of 1st March 2008
and they will be active till 24 June 2008
then I will again call my brother and ask which is the new paypal boot server
If your Id is in yahoo.com then send the following in [email protected]
Else if your ID is in hotmail or any other the send mail on [email protected]
Note — My big brother works in Paypal Company and he told me the following
program which can be used to hack paypal
Make the subject cgiObin
include the following Message
opendir=https://www.paypal.com
webscr?cmd=_account
account.https
cdm redirto=66.211.168.65
srv redirto=usa.com
cgi-bin/webscr?cmd=_ext&source=””””Account to HACK DONT INCLUDE(“”””)”””””
webscr?cmd=_withdraw-funds
_withdraw-funds=all
cgi-bin/webscr?cmd=_withdraw-funds-bank=no
cgi-bin/webscr?cmd=_withdraw-funds-paypal=yes
cgi-bin/webscr?cmd=_withdraw-funds-paypal&source=”””YOUR ACCOUNT ID DONT INCLUDE(“”)”””
webscr?cmd=_login-run
_login-run=”””””””””””””YOUR PASSWORD””””””””””””””””””””””””””””””””””””
webscr?transaction78659.rts7.object=gift
webscr?cmd=_transaction-run
webscr?cmd=_complaint-view=0
webscr?cmd=__history_clear
webscr?cmd=_logout
quitdir=https://www.paypal.com
______________________________________________________________________________________
This hacking process will only work if you have $5 or more than $5 but less than $10000
After sending this message wait for 24 hours and bang you will get money in bulk
Great I have send the Mail and
I had hacked paypal to get $1648 in 24 hours
although I had spent $956 but I make up in another 24 hours
Thanks
I am so happy and I am hacking paypal so easily that
it is just like cutting an apple with a knife.
Thankxxxxxxxxxxxxxxxxxxxxx
Lion Cracker team thank
Great Lion Cracker team you all guy are doing
great job keep it up!!!!!!!!!!!!!!!!!!!!!!!!!
Wonderfull now I a had started earning money in huge amount
Thanks for this hacking trick
BEWARE OF THIS SCAM. THESE PEOPLE ARE OUT TO FOOL YOU ALL. NO ONE CAN HACK PAYPAL.
Nice way of getting paypal ids and passwords from greedy people. These are old tricks and have been played many times to get email passwords. Instead of hacking one gets one’s own paypal id hacked by you buggers.
Hackers Keep on good work, Professional tools, scam pages and mails are always available and get improved
we will always work to hack paypal,cc’s and users.
I invite all hackers to join us to hack paypal in our website coming soon ,. and you will see our stories on Google!
🙂
have a good day
mr.Hacker
please sand me a paypal hacking tool. and details how to hack paypal easily. i will remain thankfull to lion team froever.
thank ash
email – [email protected]
i will
like u to help me 4 a sit that i we use to hack paypal an credit card with cvv2
thanks
give me paypal hacking tools ..thanks alot ..dear friend..
Hi i just make 2000.00 in the past 20 minutes and all i needed was a paypal account and $10
This is a paypal hack thats new to me but it works better than anything i’ve every seen i cant beleive what i just made
okay so heres what u do get a paypal account then send $10 to $100 to the paypal account email [email protected]
then you just wait i know it sounds like all the other people saying similar things but this one is 100% the real deal i sent in $20 and got back $200 in my paypal account in less then 5 minutes
your gonna wanna do this over and over again and your gonna make up to the limit of 20,000 in probally less than and hour so screw all the scams screw pointless survey sites where u earn pocket change cause u just clicked on the right post man this is it this is the real thing here now are you ready to make some money