Re: [Serious] Certapay Scam in Canadian Chat http://www.dslreports.com/forum/r15802152 en Sun, 29 Nov 2009 07:18:44 EDT Sun, 29 Nov 2009 07:18:44 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15806190 Kringle : CIBC e-mail fraud alerts included this precise messsage since Friday (31MAR06). It's a REALLY well done fraudulent e-mail!]]> http://www.dslreports.com/forum/remark,15806190 Sat, 01 Apr 2006 12:35:41 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15805848 Devanchya : Problem with contacting the hosting company is 9 times out of 10, this is on a Kiddie-scripted hacked machine. Bascily some bozzo has a website with a user "web" and password "123456" and this script gets in.

Depending on the level of the server setup, the next step is usally the instalation of a PHP script with Shell Access, and then using local access exploits to gain root to the box and setup an IRC network connection to publish phishing scams.

Now the larger groups will go ahead and buy .com .net .org names with a spelling error and point it to this location. Domain cost $1.99 in some of the cheaper locations, and a single "successful capture" of personal data is worth about $3000 min. Add Online banking access, or a CC number and that raises the stakes.

Now, Most phishing scams use "HTML" emails to hide the actual address and will instead redirect to something like rbonline.fasf.com/online or something stupid like that. IF that machine is hosted in a certain locations, you can get them shutdown/notified in a few days. Other countries good luck they don't give a fig.

In my case, there was a yahoo lottery scam that was going around and 3 of the attacks were from a twiki exploit, 1 from a weak password, and another 2 from a and [very old] old sendmail exploit. Took about 4-5 hours each just to investigate them and in some cases removal wasn't an option at all and we had to block access to the server locations at the router.

Each one of these cost at least $500 to even begin to repair, and after loss of confidence, support issues, reinstall steps etc, most likely will costs close to $2-3000 on the server side.

This is just KILLER for anyone who is running a small-medium hosting company.

Don't even get me started on the pure ammount of BANDWIDTH some of these attacks can take due to spam/bot inclusion attacks etc can take over.

Makes me sick in a way.
--
»www.codecipher.com - Marking the way to tomorrow's solutions]]> http://www.dslreports.com/forum/remark,15805848 Sat, 01 Apr 2006 11:35:16 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15805729 Deadpool :
said by Devanchya See Profile :

Actually Deadpool, they are taking the necessary steps.

Over the last week I have been sub-contracted to remove 3 differnt Spoofing scams on web servers that had a user with weak passwords

In this case, the "real" company just needs to prove to the .com commity. Takes 24-72 hours in most cases.
Sorry, I was taking what they said literally. They said 'block', and in my books that means block. If what you're saying is true, then they're not even having the site removed either, just the actual .com removed. Which doesn't really help since the HTML link can be spoofed to display whatever.com, but actually points to the IP.

What they should do is contact the hosting company and have them removed.
--
Sens 7 (40 GF) - Leafs 0 (14 GF) **** Final Round: April 15, 2006]]> http://www.dslreports.com/forum/remark,15805729 Sat, 01 Apr 2006 11:10:14 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15803409 yupislyr : If you don't notice the fake website first, just look at the email headers you pasted. No research required.


Received: from adsl-flat-basic-216.84-47-52.telecom.sk ([84.47.52.216]) by toip6.bellnexxia.net with SMTP; 31 Mar 2006 16:10:29 -0500


Would a legit email from certapay originate from a slovak dsl address? Nope.]]> http://www.dslreports.com/forum/remark,15803409 Fri, 31 Mar 2006 23:18:12 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802107 delenn13 : Sorry for the dup..Just learning the ropes around here and found out what it means to be "queued".

I just wasn't sure when Certpay would reply to me and I didn't want anyone to get scammed. I had gottten many a fake email from ebay, banks and credit cards but they were obvious..this one wasn't. Had to do research in google.]]> http://www.dslreports.com/forum/remark,15802107 Fri, 31 Mar 2006 21:24:53 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802563 Devanchya : Actually Deadpool, they are taking the necessary steps.

Over the last week I have been sub-contracted to remove 3 differnt Spoofing scams on web servers that had a user with weak passwords

In this case, the "real" company just needs to prove to the .com commity. Takes 24-72 hours in most cases.
--
»www.codecipher.com - Marking the way to tomorrow's solutions]]> http://www.dslreports.com/forum/remark,15802563 Fri, 31 Mar 2006 21:15:06 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802504 Deadpool : It's funny how they said they took the necessary action to block the website when they're not an ISP, nor do they manage the backbones of the Internet. LOL
--
Sens 7 (40 GF) - Leafs 0 (14 GF) **** Final Round: April 15, 2006]]> http://www.dslreports.com/forum/remark,15802504 Fri, 31 Mar 2006 21:06:43 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802287 mr weather : The scammers are getting more sophisticated. Keep your guard up folks!
--
"It's all coming down!!" - Mike Holmes]]> http://www.dslreports.com/forum/remark,15802287 Fri, 31 Mar 2006 20:37:53 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802228 andyb : After clicking on the bank link for scotia i can see that it reads open third party..... in the status bar.Then i proceded to open the actual scotia site where my banking is done.https on my banks site none on the link posted above.Damn good job really if you call copying and redirecting links to more fake pages a job.]]> http://www.dslreports.com/forum/remark,15802228 Fri, 31 Mar 2006 20:28:57 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802167 delenn13 : I just got an email from Certapay...

ITS FAKE>>>LOL>>>

Thank-you for taking the time to notify CertaPay regarding the unsolicited email which you received.

Please do not respond to it. Just delete it.

We are aware of the issue and our technical department already took the necessary action to block the website. CertaPay has taken steps to shut-down the source of the distribution and are working closely with law enforcement on this issue.

We thank you for your patience and look forward to resolve this issue.

*Registered trademark of Interac Inc. Used under license.

Sincerely,
Therese

The CertaPay Support Team
Email: info@certapay.com
Phone: 1-888-238-6433
(Monday-Friday, 9a-5p ET).

Website: »www.certapay.com

CertaPay, a division of Acxsys Corporation
--
"Dismissed. That's a Starfleet expression for 'Get out.'" Captain Kathryn Janeway]]> http://www.dslreports.com/forum/remark,15802167 Fri, 31 Mar 2006 20:24:06 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802153 jojadi76 : Report that email to certapay.]]> http://www.dslreports.com/forum/remark,15802153 Fri, 31 Mar 2006 20:18:08 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802152 andyb : easy to tell its fake.at least for me since its not https.the certa pay help site is legit thou as far as i have looked but the link they want you to go to is not.]]> http://www.dslreports.com/forum/remark,15802152 Fri, 31 Mar 2006 20:17:58 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802138 mlerner :
said by corster See Profile :

actually, it's fake, but a pretty damn good one.
uhh, yes it is.

Domain Name: SSL-CERTAPAY.COM
Registrar: ONLINE SAS
Whois Server: whois.bookmyname.com
Referral URL: »www.bookmyname.com
Name Server: NS1.NATURALNC.NET
Name Server: NS2.NATURALNC.NET
Status: ACTIVE
Updated Date: 31-mar-2006
Creation Date: 31-mar-2006
Expiration Date: 31-mar-2007

Domain Name: CERTAPAY.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: »www.networksolutions.com
Name Server: NS1-AUTH.Q9.COM
Name Server: NS2-AUTH.Q9.COM
Status: REGISTRAR-LOCK
Updated Date: 19-jun-2003
Creation Date: 27-apr-2000
Expiration Date: 27-apr-2010]]> http://www.dslreports.com/forum/remark,15802138 Fri, 31 Mar 2006 20:15:54 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802123 corster :
said by noelstrom See Profile :

Looks legit, but I don't think it is. That's almost word for word the email I get when I get $$ from my gf. The ONLY difference is the web address. I get »gateway.certapay.com, not the gateway.ssl-certapay.com you get. Also, my GF's name is always in the email as the sender. Sounds fishy to me
actually, this is a pretty good fake, but yes, its fake.

Try clicking a bank. they actually faked all the bank sites too.
--
"Ladies and Gentlemen, the next Prime Minister of Canada, Mr. Stephen Harper"
Conservative Party of Canada
]]> http://www.dslreports.com/forum/remark,15802123 Fri, 31 Mar 2006 20:14:03 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802116 noelstrom : Looks legit, but I don't think it is. That's almost word for word the email I get when I get $$ from my gf. The ONLY difference is the web address. I get »gateway.certapay.com, not the gateway.ssl-certapay.com you get. Also, my GF's name is always in the email as the sender. Sounds fishy to me
--
My name is noelstrom, and I approve this message. www.myspace.com/noelstrom]]> http://www.dslreports.com/forum/remark,15802116 Fri, 31 Mar 2006 20:12:43 EDT Re: [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802083 corster : actually, it's fake, but a pretty damn good one.]]> http://www.dslreports.com/forum/remark,15802083 Fri, 31 Mar 2006 20:08:01 EDT [Serious] Certapay Scam http://www.dslreports.com/forum/remark,15802046 delenn13 : I am including a copy of the email I just got from my Sympatico account which ironically is the last day I can use it since I am now with Cogeco(so yes it has my email addy but is in the process of being closed). I have already forwarded this to Certapay..which is a legit company( I guess you could call it the Canadian answer to PayPal) endorsed by the 5 major banks and am waiting a reply but I don't know this person who is supposedly sending me this money or why anyone would be sending this money to me so I am betting dollars to donuts this is a scam.

Not to mention I googled it and I found several sites like this :»www.antionline.com/history/topic···8-1.html

Here's the email:

From :
Sent : March 31, 2006 10:10:26 AM
To :
Subject : INTERAC: Email Money Transfer

| | | Inbox

MIME-Version: 1.0
Received: from tomts30-srv.bellnexxia.net ([209.226.175.104]) by bay0-pamc1-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 31 Mar 2006 13:10:33 -0800
Received: from toip6.bellnexxia.net ([209.226.175.174]) by tomts30-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id for ; Fri, 31 Mar 2006 16:10:33 -0500
Received: from adsl-flat-basic-216.84-47-52.telecom.sk ([84.47.52.216]) by toip6.bellnexxia.net with SMTP; 31 Mar 2006 16:10:29 -0500
Received: (qmail 6834 by uid 541); Fri, 31 Mar 2006 11:10:26 +0100
X-Message-Info: moY6YVwXQ471ThT30mzjxfBlTT4BlunI3jzvUgxDt4o=
Return-Path: delenn_5@shaw.ca
X-OriginalArrivalTime: 31 Mar 2006 21:10:34.0067 (UTC) FILETIME=[8CB87A30:01C65507]
Dear delenn@sympatico.ca,

INTERAC Email Money Transfer.

Amount: $140.00 (CAD)

Sender's Message: how it's going?

Expiry Date: 28 Apr 2006

Action Required:
To deposit your money, click here:
»gateway.ssl-certapay.com/RP.do/?···Z91zg%3D

Trouble with the link? Copy the link and paste it into your web
browser address bar. Please make sure all the characters after the
"pID=" are present.

Need help?
»https://www.certapay.com/ca/oon/en/help

---------------------------------------------------------
What is an INTERAC Email Money Transfer?
If you have an email address and online banking password at a
participating bank, you can send and receive money quickly and easily.
Email carries the notice while the banks securely transfer the money
using existing payment networks. If your bank does not yet offer
INTERAC Email Money Transfers, you can still deposit transfers to any
bank account in Canada. Click
»https://www.certapay.com/en/personalPaym···AQs.html for details.

Pour voir les details du virement en fran§ais, cliquez sur le lien
ci-dessous :
»gateway.ssl-certapay.com/RP.do?p···g%3D?=fr.

I did go to the sites to check it out and it does a good pretty good impression of the real site. So guys be careful if you use the real Certapay. I could use the 140.00 but I am NOT that greedy. Just seemed to surreal to be true.

--
"Dismissed. That's a Starfleet expression for 'Get out.'" Captain Kathryn Janeway]]> http://www.dslreports.com/forum/remark,15802046 Fri, 31 Mar 2006 20:02:35 EDT