baguznet blogs

Howdy All,

If you are PayPal users, please take note that PayPal is going to block your access to their website soon if you are browsing using old version of Internet Explorer or FireFox or any other browsers. The main reason is due to lack of security, specially related to Digital Certificate. Please read the article below taken from AccountantsWorld

PayPal To Block Older IE, Firefox Browsers From Site
CommwebNews.com via NewsEdge :

As part of an effort to combat phishing, PayPal plans to block older versions of Internet Explorer and Firefox and other “unsafe” browsers from accessing the online payment site.

In a paper released at an RSA security conference this month in San Francisco, PayPal said there is a significant number of site visitors using browsers as old as Internet Explorer versions 3 and 4, released in August 1996 and September 1997, respectively. Such “unsafe browsers” lack the latest technology for blocking phishing sites and do not support Extended Validation Certificates, which are digital certificates that establish Websites as trusted during online transactions.

Phishing is a deceptive practice used by Web criminals to acquire personal information, such as usernames, passwords and credit card details. Phishers often pose as legitimate businesses in emails to lure victims to fraudulent sites where they are asked to input their personal data. Phishers also use Websites with URLs similar to legitimate sites, hoping that a person will misspell the address and end up at the fraudulent site. PayPal is among the favorite targets of phishers, along with eBay and online banks.

“At PayPal, we are in the process of re-implementing controls, which will first warn our customers when logging in to PayPal from those browsers that we consider unsafe,” the eBay-owned payment service said. “Later, we plan on blocking customers from accessing the site from the most unsafe — usually the oldest — browsers.”

PayPal in February warned people that Apple’s Safari browser didn’t have the necessary security to protect Web users and recommended the latest versions of Microsoft’s Internet Explorer and Mozilla’s Firefox. Safari is the default browser in Apple Macintosh computers and in the iPhone smartphone.

To beef up its own security, PayPal this year acquired Fraud Sciences for $170 million in cash. PayPal planned to use the company’s online risk and security tools to enhance the fraud management systems of both PayPal and eBay. Fraud Sciences’ risk tools and analytics would be targeted at accelerating the development of advanced fraud detection tools, PayPal said.

<<CommwebNews.com — 04/21/08>>

So, make sure you update your browser version before you surf PayPal’s website

Howdy All,

This morning when I checked my company’s email, I found an email showing as coming from Google Adwords Team, asking for my immediate action to reactivate my account. What the heck! Sent to my company’s email. I don’t have any account for that. In fact, if I have any, I will not sign using my company’s email as this is personal, not company-related works. Let’s take a look, where is the email came from and the content. Below is the message header.

Return-path: <fmanatt@uark.edu>
Received: from [81.200.21.17] ([81.200.21.17])
 by my.company.com (my.company.com)
 (MDaemon.PRO.v7.2.3.R)
 with ESMTP id md50001221873.msg
 for <emailID@my.company.com>; Wed, 16 Apr 2008 06:07:20 +0800
Received: from [81.200.21.17] by mx5.uark.edu; Wed, 16 Apr 2008 01:07:17 +0300
To: <emailID@company.com>
Subject: Please Re-activate your account
Date: Wed, 16 Apr 2008 01:07:17 +0300
Message-ID: <01c89f5e$369f7060$1115c851@fmanatt>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary=”—-=_NextPart_000_0CCC_01C89F5E.369F7060″
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcgJyXC2PCEIZSJ68676UV16I9LZSX==
Content-Language: us
From: “AdWords-NoReplay” <adwords-noreply@google.com>
X-Lookup-Warning: MAIL lookup on fmanatt@uark.edu does not match 81.200.21.17
X-MDRcpt-To: emailID@company.com
X-Rcpt-To: emailID@company.com
X-MDRemoteIP: 81.200.21.17
X-Return-Path: fmanatt@uark.edu
X-MDaemon-Deliver-To: emailID@my.company.com
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11)
X-Spam-Report:
 *  0.1 HTML_MESSAGE BODY: HTML included in message
 *  4.0 BAYES_70 BODY: Bayesian spam probability is 70 to 80%
 *      [score: 0.7933]
X-Spam-Status: No, hits=4.1 required=5.0 tests=BAYES_70,HTML_MESSAGE
 autolearn=no version=2.64
X-Spam-Level: ****
X-Spam-Processed: my.company.com, Wed, 16 Apr 2008 06:07:24 +0800
 

See the Return Path that I bold above, it shows that the email not coming from Google. And below is the content of the email. Please do not click on the link provided. The site is either infected with virus, or if you follow the instruction on the web, they are just trying to still your personal information.

———————————————————————————
Dear Google Adwords Customer, Your ads have stopped running because we were unable to process your billing information.
To activate your account and start running your ads, enter your billing information.

In order to activate your account and start running your ads, enter your billing information.
Pease sign into your account at http://adwords.google.com/select/login, and update
your billing information.

Once your account is reactivated and your billing information has been processed, any your ads and campaigns can begin running immediately on Google.

———————————————————————————-
This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message.

———————————————————————————-

Google Adwords Team 

If you just simply look at the content and the link visually, yes it looks like it is a valid email from Google. Unfortunate, the message header shows that it is not. So, it is good to make a practice to check for the message header when you receive any unusual email.