Luan Pra bang

Can anyone tell wether or not this paypal wite is real, tryinf to work out if I am dealing with a scammer or not. https://www.paypal.com/uk/cgi-bin/we...ster-or-login&

SwissTony

iTrader: (19)

It looks good as it has the https in it, but the proper site is always

Welcome - PayPal

stevem2k

yep. FAKE

HTML/Spoofing.Gen script virus picked up by Avira

Snazy

If in doubt, log in the way you usually do.
As a rule I never follow email links. Especially when it is anything to do with money.

Luan Pra bang

I don't even have a paypal account its just that some 0 feed back idiot won an item on ebay and it all seemed a bit suspect. Then this paypal link arrived and it seemed clear that it was a scam.

SwissTony

iTrader: (19)

Also go to http://www.paypal.com click the top right to select your country and language. Now you see the main graphics and page when you get redirected. All kosher

Now compare it to the site you get directed to from your link

subtle eh ???

sarasquares

iTrader: (1)

i was sent one a few months ago, its fake

TopBanana

What yer all on about? The link is genuine

Rex93

Norton 360, showing it as authenticated?

Boro

iTrader: (1)

Interesting... how should AV show this as a fake site? Im running NOD32 and didnt get any warning.

SwissTony

iTrader: (19)

I remind the honorable gentleman that he is under the cosh for being a naughty boy.

PaulC72

it registers as a genuine verisign certificate too if it is a fake then it is a bloody good one {for a change}

TopBanana

Why I oughtta...

NotoriousREV

Agreed. Certificate is genuine, link is genuine, site is genuine. Even checked the headers for any nasty redirects. There are none.

Flaps

iTrader: (1)

Swiss, WFT?

I'm going to stick my neck out and say it looks good to this ICT A-level teacher. The base address is the same as the official one and the HTTPS (plus the padlock symbol bottom right) is there.

hodgy0_2

agreed the site looks genuine

the ssl cert matches the fqdn


however there has been talk of the DNS system having a security flaw which would enable a scammer, albeit a very sophisticated one, to spoof the address, which would mean that the certificate would still show itself as valid when in reality not

the only way to tell would be to know what the IP the www.paypal.com host was and compare it to the one your are looking at --- which is totally impractible

Flaps

iTrader: (1)

Well it let me log in

NotoriousREV

And where would the scammers get a verified Verisign certificate from? Verisign wouldn't let them have one, that's for sure. They'd have to be *very* sophisticated.

And one way to check the IP is to do an nslookup to find the authoratative name servers for Paypal (and you can check it in a couple of places on the net to be certain) and check that you resolve the same ip from your local dns server. Takes a couple of mins.

spray1974

So is this link legit or a fake?

bugeyeandy

Looks perfectly legit to me. Firefox legitimises the link too.

Boro

iTrader: (1)

So, how did this happen?

hodgy0_2

not easy for the average hacker -- but remember how much money could be at stake

EV Certificate Sites Still Vulnerable to DNS Hacks | California Dreams

Common SSL Misconceptions | California Dreams

drb5

iTrader: (4)

Send the link to spoof@paypal.com

NotoriousREV

Why? It's a perfectly legitimate link to their own site!

Dedrater

lol, where did you get that information from?

Boro

iTrader: (1)

ditto

Luan Pra bang

NOw I am more confused than ever.

Dedrater

It is real, I 100% guarantee that, the MD5 fingerprint matches that of Welcome - PayPal and in any event, someone going to the extreme lengths of spoofing a 168 bit encryption is not heard of.

Dedrater

The only difference is that is the 'Logon' page and the link in the first post in the 'Logon or Register' page.