Dec 5, 2012 05:16 AM

Returned home today to find an email from Paypal for a payment for $199.74 to eBay seller PINZOO I never made. I didn’t click and links but it was sent to may Paypal email address and addressed me by name. All email links were shown as in .ru though. No debit’s were shown in Paypal though and no activity shown in my bank account. My guess is if I logged in to Paypal using any of the links in the email it would have attempted the charge. This one is real looking with fake links to the resolution center even.

Ebay Members Receiving Paypal Phishing Emails Addressed to their Proper Name

I’ve been observing and documenting instances of Paypal clients receiving phishing emails addressed to their real, proper names. They seem to be on the increase.

Paypal’s Suspicious Activity on Your PayPal Account? We Can Help advisory page states that a genuine email from them will contain your real first and last name or your business name, thus the greatly elevated risk involved with bogus or phishing emails which include such. In effect, rank and file members (and noted cheerleaders too) are being spearphished.


I’m wondering whether Paypal may update or modify that advice, along with similar statements on their recorded telephone messages people listen to while on hold for their over-burdened customer service?

The question remains: How did the scammer/phishers obtain the names? There are only so many plausible possibilities. The two most obvious which come to mind: hacking and insider issues.

If through any fault or breach of Paypal, don’t expect anything other than cover-up and denial, as their past behavior shows. ( in case anyone was wondering , Yes! Paypal has been hacked! Many times over!)

Paypal has ignored and sought to cover up data leaks which posed very serious risk to users. They refused  to accept, examine the data or notify users of the breaches. They’ve also had at least one alleged and visually documented incident of insider fraud with members’ personal info.

In the above linked discussion thread You’ll note that one poster jokes:

“Has it ever occurred to you that it isn’t phishing but just an additional funding source for JD’s retirement package ???

But that scenario may not be too far fetched, especially in the bizzarro world landscape of ebaypal these days,  as any number of bonafide studies from across the gamut of independent, academia, security, and government sectors and over the years show. Here’s an excerpt from one of them:

Major Findings of the Insider Threat Study Report on the Banking and Finance Sector

… Major findings, which present examples of insider methods as well as means of detecting insider activities in this sector, include:

• Most of the incidents in the banking and finance sector were not technically sophisticated or complex.  They typically involved the exploitation of non-technical vulnerabilities such as business rules or organization policies (rather than vulnerabilities in an information system or network) by individuals who had little or no technical expertise.   In 87% of the cases the insiders employed simple, legitimate user commands to carry out the incidents, and in 78% of the incidents, the insiders were authorized users with active computer accounts.
• The majority of the incidents (81%) were devised and planned in advance.  Furthermore, in most cases, others had knowledge of the insider’s intentions, plans, and/or activities.  Those who knew were often directly involved in the planning or stood to benefit from the activity.
• Most insiders (81%) were motivated by financial gain, rather than a desire to harm the company or information system.
• Insiders in this report fit no common profile.   Only 23% held a technical position, 13% had a demonstrated interest in “hacking” and 27% had come to the attention of a supervisor or co-worker prior to the incident.
• Insider incidents were detected by internal, as well as external, individuals – including customers.
• The impact of nearly all insider incidents in the banking and finance sector was financial loss for the victim organization: in 30% of the cases the financial loss exceeded $500,000.  Many victim organizations incurred harm to multiple aspects of the organization.
• Most of the incidents (83%) were executed physically from within the insider’s organization and took place during normal business hours.

Paypal also sends their communiques with clickable links, despite the fact that not clicking them is the number 1 rule to avoid phishing. This has been a perennial issue.

They are, in practice and in fact conditioning their users to be comfortable with, and presumably, to click the links within Paypal emails. What other possible reason could there be? If they did not want people to click links, there would be none to click! Ever. This is so simple a concept it really shouldn’t even need to be stated.

So why haven’t the brainiacs at Paypal considered that? Good question. I can think of millions, if not billions of reasons.

Of course the fun never ends. Look to see a well known PayPal advisor state that having your real name on a paypal email is no assurance of authenticity.  Also paypal sending back incorrect info regarding spoof emails submitted to them

Wall Street Whitman: California’s Future Isn’t A Game

Don’t forget to check out the embeddable Meg Fail video playlist on youtube.

On a more serious note, Meg’s campaign/purchase has been exposed as having used “Sock Puppets”.  Hardly a surprise for anyone who has used ebaY or seen the Fake Town Hall video, which is in the above  playlist. For those of you not familiar with the term Sock Puppet, basically it’s a paid liar.

There is also talk of criminal activity among former business associates, lawsuits,  “Black Budgets”, coercion, double-crosses, a want and a a will to harm Google, misconduct/misbehavior of ebaY personnel at the highest levels during Meg’s tenure.

All sorts of sleazy, revealing things. You can only laugh.

Ridendo Dicere Severum

ebay buys congress

by thejollyrogerreturns

Ebay buys congress. Members of senate and house of representatives paid as much as $6500 each, some paid twice. Full list in this video.

New study released by Symantec has some not too surprising results.

Employees who lost or left a job in 2008, which revealed 59 percent of ex-employees admit to stealing confidential company information, such as customer contact lists.
Further findings;

— 53 percent of respondents downloaded information onto a CD or DVD, 42 percent onto a USB drive and 38 percent sent attachments to a personal e-mail account.
— 79 percent of respondents took data without an employer’s permission.
— 82 percent of respondents said their employers did not perform an audit or review of paper or electronic documents before the respondent left his/her job.
— 24 percent of respondents had access to their employer’s computer system or network after their departure from the company.

As this relates to ebay and PayPal, well there was that ugly little incident around March last year. It appeared to me that folks at Youtube and ebay forums were trying very hard to keep that info from becoming known, as any comments about it at youtube were instantly marked as spam,  and/or comments at ebay forums were met with the usual denials by the very same hardcore,  tired old group of suspected “paid word of mouth advertisers”, AKA shills on the Paypal forum.

If you visit this video and expand the (more info) area, you will see more screencaptures and links with some pretty strong evidence that hackers, phishers, scammers etc are only some of the things you need to be concerned about when using the Paypal service. Not to mention the fact that there very likely is a network to help cover-up all the misdeeds and misbehavior. Weasels in, and/or in charge of the henhouse?

Very interesting article by Bruce Schneier in yesterday’s Wall Street Journal.

Reminds me of a so-called “Glitch” which occurred with PayPal not long ago and was rumoured to have been the result of malicious coding by a disgruntled employee facing layoff.

Thwarting an Internal Hacker

Rajendrasinh Makwana was a UNIX contractor for Fannie Mae. On Oct. 24, he was fired. Before he left, he slipped a logic bomb into the organization’s network. The bomb would have “detonated” on Jan. 31. It was programmed to disable access to the server on which it was running, block any network monitoring software, systematically and irretrievably erase everything –and then replicate itself on all 4,000 Fannie Mae servers. Court papers claim the damage would have been in the millions of dollars, a number that seems low. Fannie Mae would have been shut down for at least a week.

Luckily –and it does seem it was pure luck – another programmer discovered the script a week later, and disabled it.

Insiders are a perennial problem. They have access, and they’re known by the system. They know how the system and its security works, and its weak points. They have opportunity. Bank heists, casino thefts, large-scale corporate fraud, train robberies: many of the most impressive criminal attacks involve insiders. And, like Makwana’s attempt at revenge, these insiders can have pretty intense motives – motives that can only intensify as the economy continues to suffer and layoffs increase.

Insiders are especially pernicious attackers because they’re trusted. They have access because they’re supposed to have access. They have opportunity, and an understanding of the system, because they use it – or they designed, built, or installed it. They’re already inside the security system, making them much harder to defend against.

read more