how to collect credit card numbers with PINs

 Your leaking thatched hut during the restoration of a pre-Enlightenment state.

Hello, my name is Judas Gutenberg and this is my blaag (pronounced as you would the vomit noise "hyroop-bleuach").

[latest article]

Jul | August | Sep
2002 | 2003 | 2004
index of years

links

decay & ruin
Biosphere II
Chernobyl
dead malls
Detroit
Irving housing

got that wrong
Paleofuture.com

appropriate tech
Arduino μcontrollers
Backwoods Home
Fractal antenna

fun social media stuff

Like asecular.com
(nobody does!)

Like my brownhouse:

how to collect credit card numbers with PINs
Sunday, August 10 2003

Today was the Sunday I discovered that there are no hardware stores open on Sunday in Saugerties. I desperately needed some romex clamps, but the closest I came to obtaining some was at one of those liquidator places that stays open on Sundays. The liquidators (who had set up shop in a beautiful old 19th Century factory - had some things that were pretty close to romex clamps - they had spools of romex wire, electrical tape, and even pipe clamps) but they didn't have what I'd come for. Neither did the mirror-façaded Price Chopper, the ugliest structure within walking distance of downtown Saugerties. It turned out to be nothing more than a supersized grocery store, the sort building codes should strictly prohibit.

The following content appeared today in my inbox as an HTML email message:

Dear PayPal Customer

This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.

The inactive customers are subject to restriction and removal in the next 3 months.

Please confirm your email address and credit card information by logging in to your PayPal account using the form below:

This notification expires September 31, 2003

Thanks for using PayPal!

This PayPal notification was sent to your mailbox. Your PayPal account is set up to receive the PayPal Periodical newsletter and product updates when you create your account. To modify your notification preferences and unsubscribe, go to https://www.paypal.com/PREFS-NOTI and log in to your account. Changes to your preferences may take several days to be reflected in our mailings. Replies to this email will not be processed.

Copyright© 2002 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners.

Superficially, I was fooled into thinking this actually was a message from PayPal. It looked like other PayPal emails I've received, but what was this about asking me for my credit card number and PIN number? That seemed pretty suspicious. So I did a "view source" to see where the form intended to send my data. This is where:

http://www.paypal.com@pitstylehomepage.port5.com/000pp.php

Notice the use of an "@" in the URL. That's an old spammer trick to hide the true form's target, the part that follows the @. If I were to type my info into that form and hit "Log In," the information would go to pitstylehomepage.port5.com/000pp.php. As far as I can tell, port5.com is a free webpage provider, sort of like Geocities. Imagine someone filling that form out and sending their information to an anonymous web account! I'll bet a sizable fraction of the people receiving this email did just that. It only takes one or two to make the sending of this "social hack" spam an extremely valuable endeavor.

For linking purposes this article's URL is:
http://asecular.com/blog.php?030810

feedback
previous | next