Is JustBeenPaid.com a scam?

Take any HYIP scheme, and this question will be asked for each one of them – Is it a SCAM? I am not going to blabber about how HYIP schemes are all scams, and that they always end up with your money lost. Instead, I want to bring your attention to one such HYIP scheme which in my opinion is more of a phishing scam. If you don’t know what phishing is, it is (as per Wikipedia) an attempt to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

For example, if I want to know your Facebook username and password, I can create a duplicate website of www.facebook.com and then send a mail to you, asking you to login to this duplicate website with your facebook information. Since the duplicate website belongs to me, I can script the website to store the username & password, before sending the info to actual facebook.com – Result? I get your facebook login information, and you didn’t even realize it.

JustBeenPaid.com is such a phishing website, that aims to gather your virtual-money account information without your knowledge. If you have done online shopping on eBay or otherwise, you will know what is the function of virtual-money accounts like Liberty Reserve, PayPal, Money Bookers, etc.

In this post, I will show how JustBeenPaid creates a phishing scam to get your Liberty Reserve account information.
  • First, JustBeenPaid sends a scam email to the victim offering some great prize, like the one shown below.
    image 
  • Notice the link mentioned in the email above. It shows as libertyreserve.com, but actually the website is pointing to libertyceserve.com – this is a different domain name; notice the typo where ‘r’ of ‘reserve’ is replaced with ‘c’.
  • If the victim clicks on the link, he is shown a screen which looks similar to Liberty Reserve’s website. But it actually belongs to JustBeenPaid.
    image
  • Click on the Login button, and the subsequent screens are exactly like Liberty Reserve’s login pages. But all the while, your are connected to libertyCeserve.com 
    image
  • Liberty Reserve has a strict multiple password mechanism which makes it difficult to guess the login info. But this duplicate website, in subsequent pages will ask the user all the PINs and passwords for the account holder.
  • It is also smart to use APIs of Liberty Reserve’s Business user account, to make sure your account number and password are validated correctly. This may seem OK at first, but just think, how JustBeenPaid fools all its users into divulging confidential information about their online money accounts.
  • Once, your account info is known, then its waiting time for such phishing scammers. When sufficient balance money builds up in your account, they will transfer it all into their own LR account (after all they know your passwords too!).

-->

Be very careful when you click on links in emails from known senders, especially with regard to your banking or money accounts. It could be a phishing attempt. Before, clicking on any links on the email, verify the sender is indeed who it says. For example, if a Facebook friend request comes from a mail-id like my-facebook.com, then it surely is a scam.

No comments:

Post a Comment