I’ve heard of these shenanigans before, but never been so lucky as to be personally involved. I just received an official looking email with return address email@example.com asking people to verify their account information to cut down on fraud:
Please fill in the required information.
This is required for us to continue to offer you a safe and risk free
environment to send and receive money, and maintain the PayPal Experience.
Of course the barely-trained eye notices that the link points to the site exme.us, and not the assumed paypal.com. The horror! Who is responsible for this preposterous event? The WHOIS database points the finger at some guy named Tim Carey from Wisconsin:
n9170 jordan st
appleton, US 54915
Of course it’s suspicious that a person whose homepage links to friends in lithuania (.lt = lithuania) would also have a lithuanian email address and live in Appleton, WI. Googling this email address returns one webpage (I’m feeling lucky), which is to a user account on an IRC scripts website. Oh my lord, what a surprise! Our friend isn’t actually from Appleton, WI, but in fact from Lithuania, and a ripe 17 years old he is. Doing a reverse DNS lookup on his IRC server of choice (22.214.171.124) gives the hostname exme.skynet.lt, some sort of media network as far as I can tell.. my Lithuanian is a bit shaky. Likely story: our friend here works for skynet.lt, or has friends who do.
Our friend’s guestbook shows that other people are doing their own sleuthing. What’s the point of this whole exercise? I’m interested in how long it will take PayPal to recognize this idiot and silence him. I’m putting my money on less than 5 days. But how many PayPal accounts must die in the process?
Update: Less than 12 hours later, the site is down and PayPal has responded to my inquiries. Read the comments for the details.