Fake site ?
#1
Fake site ?
Can anyone tell wether or not this paypal wite is real, tryinf to work out if I am dealing with a scammer or not. https://www.paypal.com/uk/cgi-bin/we...ster-or-login&
#5
I don't even have a paypal account its just that some 0 feed back idiot won an item on ebay and it all seemed a bit suspect. Then this paypal link arrived and it seemed clear that it was a scam.
#6
Scooby Regular
iTrader: (19)
Also go to http://www.paypal.com click the top right to select your country and language. Now you see the main graphics and page when you get redirected. All kosher
Now compare it to the site you get directed to from your link
subtle eh ???
Now compare it to the site you get directed to from your link
subtle eh ???
#7
Scooby Regular
iTrader: (1)
Can anyone tell wether or not this paypal wite is real, tryinf to work out if I am dealing with a scammer or not. https://www.paypal.com/uk/cgi-bin/we...ster-or-login&
Trending Topics
#14
#15
Scooby Regular
iTrader: (1)
Join Date: Nov 2006
Location: Yorkshire
Posts: 2,966
Likes: 0
Received 0 Likes
on
0 Posts
Swiss, WFT?
I'm going to stick my neck out and say it looks good to this ICT A-level teacher. The base address is the same as the official one and the HTTPS (plus the padlock symbol bottom right) is there.
I'm going to stick my neck out and say it looks good to this ICT A-level teacher. The base address is the same as the official one and the HTTPS (plus the padlock symbol bottom right) is there.
#16
Scooby Regular
agreed the site looks genuine
the ssl cert matches the fqdn
however there has been talk of the DNS system having a security flaw which would enable a scammer, albeit a very sophisticated one, to spoof the address, which would mean that the certificate would still show itself as valid when in reality not
the only way to tell would be to know what the IP the www.paypal.com host was and compare it to the one your are looking at --- which is totally impractible
the ssl cert matches the fqdn
however there has been talk of the DNS system having a security flaw which would enable a scammer, albeit a very sophisticated one, to spoof the address, which would mean that the certificate would still show itself as valid when in reality not
the only way to tell would be to know what the IP the www.paypal.com host was and compare it to the one your are looking at --- which is totally impractible
#18
agreed the site looks genuine
the ssl cert matches the fqdn
however there has been talk of the DNS system having a security flaw which would enable a scammer, albeit a very sophisticated one, to spoof the address, which would mean that the certificate would still show itself as valid when in reality not
the only way to tell would be to know what the IP the www.paypal.com host was and compare it to the one your are looking at --- which is totally impractible
the ssl cert matches the fqdn
however there has been talk of the DNS system having a security flaw which would enable a scammer, albeit a very sophisticated one, to spoof the address, which would mean that the certificate would still show itself as valid when in reality not
the only way to tell would be to know what the IP the www.paypal.com host was and compare it to the one your are looking at --- which is totally impractible
And one way to check the IP is to do an nslookup to find the authoratative name servers for Paypal (and you can check it in a couple of places on the net to be certain) and check that you resolve the same ip from your local dns server. Takes a couple of mins.
Last edited by NotoriousREV; 11 November 2008 at 07:01 PM.
#21
Guest
Posts: n/a
Where did you copy the link from? An email?
The email is most likely written such that the link DISPLAYED is correct but when you click it, it will take you elsewhere. You have just copied the text which is a genuine site, but the link probably takes you to a scam site.
For example click:
https://www.paypal.com/uk/cgi-bin/webscr?cmd=_register-or-login&
The email is most likely written such that the link DISPLAYED is correct but when you click it, it will take you elsewhere. You have just copied the text which is a genuine site, but the link probably takes you to a scam site.
For example click:
https://www.paypal.com/uk/cgi-bin/webscr?cmd=_register-or-login&
#23
Scooby Regular
And where would the scammers get a verified Verisign certificate from? Verisign wouldn't let them have one, that's for sure. They'd have to be *very* sophisticated.
And one way to check the IP is to do an nslookup to find the authoratative name servers for Paypal (and you can check it in a couple of places on the net to be certain) and check that you resolve the same ip from your local dns server. Takes a couple of mins.
And one way to check the IP is to do an nslookup to find the authoratative name servers for Paypal (and you can check it in a couple of places on the net to be certain) and check that you resolve the same ip from your local dns server. Takes a couple of mins.
not easy for the average hacker -- but remember how much money could be at stake
EV Certificate Sites Still Vulnerable to DNS Hacks | California Dreams
Common SSL Misconceptions | California Dreams
#25
#29
It is real, I 100% guarantee that, the MD5 fingerprint matches that of Welcome - PayPal and in any event, someone going to the extreme lengths of spoofing a 168 bit encryption is not heard of.
#30
Also go to http://www.paypal.com click the top right to select your country and language. Now you see the main graphics and page when you get redirected. All kosher
Now compare it to the site you get directed to from your link
subtle eh ???
Now compare it to the site you get directed to from your link
subtle eh ???