so I got this email today from "Paypal customer service" saying that my account has been limited because someone tried adding their email address to my account and sent me to a site to confirm or deny it. I'd log back into the fake site to get the page source, but I'm pretty sure that they save all the info entered, and I already changed my password once from a different computer to make sure that there wasn't any keystroke monitering or anything like that.
Seriously, though, whoever did it did a LAZY ass job. They ask for all name/address info, and the card number, cvv, exp date, and PIN for the card used. I'd hate to think how many people have actually fallen for it. It would be okay, except it wasn't made by someone speaking English, so some of the grammar is messed up, the links on the bottom of the page are one big image that cause a pop-up saying "your account is limited and unable to access these features" and all the tabs are fake as well. There are also random question marks all over from sloppy writing or non-English characters.
If anyone feels like checking it out and then changing their passwords with Paypal afterwards, the URL is: [self-removed. There's a trojan attatched with it, I'm thinking. At least, I ended up with a few trackers afterwards, so it was either that site or something else from the last 3 days, and that's the only likely source. If anyone wants the URL I can PM you. Just let me know.]
On a seperate note, if they did such a horrible job making the site, I wonder how they're harvesting all the info and where it's all being stored... ... ... Might be something as simple as an unprotected text-file hosted on the same server.