dude , it's happened twice....
dude, this blog was rec'd from paypal- you need to think before you open your tin can mouth......
Wed, 14 Jul 2004 19:32:02 -0600 3“laptopseller@yahoo.com” spoof email. Every time someone attempted to log in, the information they entered would be at the bottom of the text file. I could refresh every minute or so and there would be new user information. Unfortunately, some people entered their credit card info also. This is not the first time these same thieves have used this spoof email and text file. they were shocked that there was a text file with all of the stolen data that could be viewed by anyone with internet access and immdiately started investigating. They got the site shut down within a few hours of my report. I thought it was over and done with until I received the same spoof email a couple of days later. I started exploring the site again and found the same base file with new entries for July 8th & 9th. I reported it to PayPal and it was shut down quickly. Then again today, I received the same “laptopseller@yahoo.com” spoof email. This time, the thieves had changed their domain slightly, but still had the same setup with the text file. I found it within minutes of the site going up and immediately notified PayPal. By now, they have me working directly with their fraud department, so the spoof site shut down was only minutes after my report. They are bound to repost their site again on another server, maybe with a slightly altered domain name, but they will probably use the same text file, which I will find and report. I’m sure they will use the same base text file(June 2nd & 3rd entries) that will be added to as users attempt to log in in response to the “laptopseller@yahoo.com” email. The easily viewable text file allows the thieves to be anywhere in the world and view and save the data anonymously without having to log into a server. The text files I have saved for PayPal have thousands of entries from PayPal users. I have notified hundreds of users on the list to inform them of the situation, but that is just the tip of the iceburg. If you know someone that feels that they may have been fooled by the spoof email and may have entered valid private information, I can search the text files for their PayPal email address and provide the data saved in association with that address. They need to check their PayPal account and credit card for suspicious activity if the data on the text file is valid. Hopefully, these crooks will be caught soon!