Paypal new scam!

Yes they do, when they charge you back for no reason.

 

it's not just one bad experience, I've been using them for years, it's always like that.

 

Four years...No bad experience yet....

 

Then you are lucky that you havent met any scammer, yet.

 

Well, I'm happy for you then, wish it stays that way fo you

 

Get lots of scam emails...MY Yahoo! id is such that I receive loads and loads of scam, spam and call em whatever u want...its an with no nos., underscores or characters...You can imagine the amt of spam and scam I get.

Also had some experience with some crooks whom I had business with...handled them well and Paypal did help me in it

 

Nah, HArry I am not talking about general scammers, I am talking about paypal Scammer as specific.
they buy your stuffs and file a charge back, and paypal chrages back from you without any reason.
I am really happy that you havnt met any till date and i wish this stays for you like this.

 

I had a cpl of them do this to me wherein they bought services from me and said they had no clue how their money was trferred to my account...I think theres nothing Paypal can do about it and you do let such things go off when you are getting alot from them ...i.e Paypal...such things are bound to happen and theres nothing you can do abt it. Its not only Paypal...This is the Internet and one cannot expect 100% security here.

 

That can be done using XSS aka cross site scripting ....
Abhishek

 

This was an exploit in I.E 6 which took the world by storm...You can fake a URL using some characters and make it look real in your address bar...I remember a cpl of guys jacking almost every account on Yahoo! then. Its been fixed long ago.

 

To the originator of the post and to all others. Just forward the email to the reply from Paypal will tell you if it is scam or genuine. How easy is that!

 

It's still there in Opera and IE6, My dear and XSS only uses the browser to execute an exploit code that appears to be sent from the server but is actually not! and so the page can even be defaced... forget changing some links!
So I guess it has nothing to do with the browser!
Abhishek

 

Was I talking about XSS here? DUH!!!!

 

I have doubts that XSS holes can work in emails since emails cant run complex Web applications or set cookies..

But again I am not a security Expert or XSS junkie.


Edit: never mind, I figured out how this can work in emails.

 

lol ok enough with the male pride fight...

SIMPLE PUT, DO NOT OPEN LINKS VIA EMAIL. MANUALLY TYPE EM IN.

As long as you do that, you don't need to worry about phishing scams, xss, cr lf injections, domain spoofing, etc.

Oh also, keeping your browser updated helps.

Thats all

 

K .. I apologise .. sowwie for going all hyper INDIAN but remember paypal shall never ever mail you... and peace put guys ...
JUST DONOT CLICK ON ANY LINK IN YOUR EMAIL ....
Abhishek

 

Thats right. XSS can only work on vulnerable applications or scripts which can allow injections of strings. XSS is used to get data which is stored temporarily or is permanent.. e.g. Cookies, MD5 hash etc.

 

I was replying to Phantascene and please guide me by showing me the exploit page on milw0rm or secunia ....

Yep bro you are right ...most email readers parse XSS ...XSS does work on many webmail (browser based) applications ....

Wrong again my dear ... XSS are of many types ...
DOM based xss are used to run exploit pages located on the clients it can be forms or whatever .. as they run with the same privilege of the computers admin
reflected xss are ... URLs with special strings ...many examples are seen ..malicious script embedded in the URL executes in the users browser, and appears as if it came directly from the visited server. The script steals sensitive information (authentication credentials, billing info, etc) and sends this to the attacker's web server without the users knowledge.
second order xss gets...stored on your system and can target a particular web application and can get any info that you send to tht web application can be seen by the attacker ...
so Cookies or MD5 hash aren't the only things that can be achieved via XSS ...
Abhishek

 

Yeah "PP" never sends emails to its account holders. I have had numerous phishing attacks like this one on my e-mail accts. I just forward them to the fraud unit and they vanish for a few months.

 

Problems being fixed rarely make me feel any easier, because if they can be a problem once, then chances are someone can find a way around the fix and make them a problem again. It just takes a bored enough person with nothing better to do for long enough.