[Previous entry: "Why are they making New Orleans into a ghost town"] [Main Index] [Next entry: ""Slay the Word""]

11/03/2005 Archived Entry: "PayPal phishing alert"

Heads up. A new PayPal scam works by reprogramming your Domain Name Server to redirect paypal.com to a phishing site. After you execute the attachment, all requests to paypal.com get redirected to a real-looking site that asks for your credit card details. Even typing "paypal.com" directly into your web browser doesn't help.

It looks like you need to run this on a Windows system, and you need to be running a local Domain Name Server (which most home users don't -- see note below). However, some small enterprises may have a local DNS on a Windows box, so beware if you get a sudden request from PayPal's web page to "update" your credit card info.  —brad

Update:It looks like Windows XP supports a DNS cache even on personal machines. I'd guess this is the target of the scam, since it requires executing an email attachment, and most enterprises don't receive email on their DNS servers. More info as I get it. Don't click on executable attachments!