Care Path Recruitment are epic scammers..... stay safe !

Post Reply New Topic

So, I have just received an e-mail today from "Paypal" - which claims that 'some of my account details are out of date and I need to log in and update my information within 7 days or else have restricted functionality for my account.

There's a clickable link which took me to a convincing mock-up of the Pay Pal front-page.... with little boxes all ready to suck up my log-in details.

HOWEVER these aren't very smart scammers... because they never wrote a code routine to fake the URL of the page.
This means I can easily hunt them down and find out who *really* sent the message while shamelessly pretending to be Paypal.

The root of the fake Paypal webpage is -
http://www.carepath-recruitment.co.uk/

I won't post the full URL of the fake page because I want there to be no chance whatsoever of anybody accidentally putting their log-in details in there. But I would guess I'm not the only person to have received this sketchy e-mail.... so perhaps some of you have already seen the one which I mean.

What this means is that Carepath Recruitment are running a really dodgy scam where they are phishing for peoples' Paypal log-in details..... no doubt in order to run up a huge Paypal debt in the name of some innocent person such as me.

Usually this sort of thing redirects to chancers like phone prank-call companies (who frankly it doesn't surprise me if they are scammers) .... I find it deeply unsettling that a company that's supposed to be a social services recruitment agency is stooping to this kind of attempted theft.

Also, if any of you are EVER asked to log-in to Paypal via an e-mail then please do not click the link in the e-mail.

A lot of scammers can cloak the URL of a webpage, making it LOOK like a link they provide by email is going to Paypal... even if it's doing nothing of the sort.

If you feel concerned about your Paypal account because of receiving an e-mail then I'd advice that you just delete the e-mail, then put the real URL for paypal into your browser and try to log-in from there.

Oh, I should add that people should be especially wary of these douchesacks because the e-mail they send will LOOK like it comes from Paypal - because they've cloaked the "from" field and have it tell people a fake one)

It's only if you click on the stupid link that their *real* URL comes up for the page.....

Fortunately, scammers are by definition not the brightest people on the planet.

I've received plenty of e-mails in the past from someone claiming to work for not just my bank, but banks I don't even have an account set up with. Yeah, I'm supposed to believe that the e-mail is real? Give me a break.

The paypal thing I also got a couple of times. Looked quite real at first sight, with the official symbols of the company and everything, but if you read a bit further the German wasn't quite perfect. Official written German is hard to get right if you're not a native speaker and have had training in this. Also, strangely, some Russian characters appeared in their mail.

Just never send any account details by mail to any bank. A serious bank uses other methods if account details need to be communicated.

What I don't understand is why these kinds of scam still exist.

Do people actually ever fall for them ?
I guess they must do, for it to be worth the scammers' effort to do the scamming.

But it's like those "I'm a Nigerian prince and want to give you a million £££, but you have to send me £1,000 for admin charges first." e-mails.
Who would really fall for that crap ?

Double post.

Last edited by CuriousBlue on 16 Jul 2013, 4:00 am, edited 3 times in total.

Hi

Most of the time the base link of the scam website simply belongs to an innocent third party whose site has been hacked and subverted to run the scam. In those cases, the owners of the website in question are not only innocent, they have no idea their website has even been hacked.

Why not report the scam link to their website owner and prevent other people being forwarded to the hacked part of their site?

They send out millions of the scam "alerts" and even if only 1 or 2 people fall for it, it is a "success" for them.

Why do you believe that most of the websites which are running scams belong to innocent people ?

I have no intention of communicating in any way with any company who are likely to be running a scam.
If you think that it's a good idea then you are welcome to report the situation to them if you wish, though.
Why not ?

Hi

I've spend the last 10 years working in internet communications and networking, and securing websites. The primary attack model of nefarious hackers is to attack websites hosted on common bases with unsecured code and then to subvert the website in order to deliver a trojan payload. They do this in order to protect themselves from discovery. No criminal of any wit would buy and host their own domain as they would have to provide payment details by which they could be traced.

Happy to do a good deed and report the subversion of their web site to their web host. Please forward me the original subverted link.

I never click on links in any email, full stop!

No bank will ever send you an email, if they need to contact you they will either phone, or send you a letter.

Having worked in network administration, I agree that the website was probably hacked by a trojan to work as a zombie account for the real hackers. At the place I used to work at, our email subsystem got hacked and used to spread email viruses to other companies. It was a nightmare, both from a technical point of view, and from a public relations point of view, as it made us look like spammers spreading viruses!

I reckon you're both quite right about this one.... I've had yet more fake paypal e-mails, and they all come from different places.

I shall send the links by PM thankyou.