lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu May  5 11:30:30 2005
From: security at omnitechpro.com (Jeremy Heslop)
Subject: Paypal Phishing Again

Jason,

If you suspect a phishing attempt please forward this email to
spoof@...pal.com. They will send a response letting you know if the
email is legit or not and hopefully they are taking action to shut down
the phishing site and or help with identifying mail relays. I have
forwarded them about 5+ emails so far so I hope something is being done
:) Like some others have pointed out on this list (or Bugtraq) they are
priming the pump so to speak by sending out alot of legit looking Paypal
emails so that people get used to them coming. Then they will start
sending more emails with redirected/phished links contained instead of
the real ones.  Just my "not worth much" 2 cents.

Jeremy

Jason Weisberger wrote:

> Hello all,
>
> Wasn't sure if anybody spotted this one, but here's another phishing
> attempt by someone looking for Paypal account information:
>
>                                                                                                                                                                                                                                                              
> X-Gmail-Received: a932e7e33d8a0c08683926a3e13e50d19a838c91
> Delivered-To: jbdubbs@...il.com
> Received: by 10.54.56.53 with SMTP id e53cs17538wra;
>        Fri, 15 Apr 2005 10:10:20 -0700 (PDT)
> Received: by 10.54.3.49 with SMTP id 49mr221139wrc;
>        Fri, 15 Apr 2005 10:10:16 -0700 (PDT)
> Return-Path: <service@...pal.com>
> Received: from 64.233.185.114 ([207.44.208.74])
>        by mx.gmail.com with SMTP id 11si1475393wrl.2005.04.15.10.09.44;
>        Fri, 15 Apr 2005 10:09:45 -0700 (PDT)
> Received-SPF: softfail (gmail.com: domain of transitioning
> service@...pal.com does not designate 207.44.208.74 as permitted sender)
> Received: from c37.s59mx.com (HELO 2r2z) ([45.126.141.83]) by
> 64.233.185.114 SMTP id 2HvwA26lxKtCAL; Fri, 15 Apr 2005 14:06:47 -0400
> Message-ID: <gdd0tl-fa-zf28-z2w9r@...r2d>
> From: "PayPal" <service@...pal.com>
> To: <jbdubbs@...il.com>
> Subject: PayPal Account Security Measures
> Date: Fri, 15 Apr 05 14:06:47 GMT
> X-Mailer: Microsoft Outlook Express 5.50.4522.1200
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>     boundary="02FA_603B..9_"
> X-Priority: 3
> X-MSMail-Priority: Normal
>
> This is a multi-part message in MIME format.
>
> --02FA_603B..9_
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> </style>
> </head>
>
> <BODY><TABLE><TR><TD bgcolor=3D"#ffffff">
> <table width=3D"600" cellspacing=3D"0" cellpadding=3D"0" border=3D"0"
> alig=
> n=3D"center">
> <tr valign=3D"top">
>     <td><a href=3D"https://www.paypal.com/us" target=3D"_blank" ><img
> src=3D"=
> http://images.paypal.com/en_US/i/logo/email_logo.gif" alt=3D"PayPal"
> borde=
> r=3D"0"></a></td>
> </tr>
> </table>
>
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
> <tr>
>     <td background=3D"http://images.paypal.com/images/bg_clk.gif"
> width=3D"10=
> 0%"><img src=3D"http://images.paypal.com/images/pixel.gif"
> height=3D"29" w=
> idth=3D"1" border=3D"0"></td>
> </tr>
> <tr>
>     <td><img src=3D"http://images.paypal.com/images/pixel.gif"
> height=3D"10" =
> width=3D"1" border=3D"0"></td>
> </tr>
> </table>
>
> <table width=3D"600" cellspacing=3D"0" cellpadding=3D"0" border=3D"0"
> alig=
> n=3D"left">
> <tr valign=3D"top">
>     <td width=3D"400">
>     <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"2"
> border=3D"0">
>         <tr>
>             <td>Dear PayPal Member,<br><br>
> Your account has been randomly flagged in our system as a part of our
> rout=
> ine security measures. This is a must to ensure that only you have
> access and use of your PayPal =
> account and to ensure a safe PayPal experience. We require all flagged
> acc=
> ounts to verify their information on file with us. To verify your
> Informat=
> ion at this time, please visit our secure server webform by clicking
> the h=
> yperlink below:
> <br><br>
>
> <table width=3D"70%" cellpadding=3D"0" cellspacing=3D"0" border=3D"0"
> bgco=
> lor=3D"#FFFFFF" align=3D"center">
> <tr>
> <td>
>     <table width=3D"50%" cellpadding=3D"4" cellspacing=3D"0"
> border=3D"0" bgc=
> olor=3D"#FFFFFF" align=3D"center">
>             <FORM target=3D"_blank" 
> ACTION=3Dhttp://rds.yaho&#010;o.com/*http://ww=
> w&#009;.google.com/url  METHOD=3Dget>
> <INPUT TYPE=3DHIDDEN NAME=3Dq
> VALUE=3Dhttp://rds.yahoo.com/*http://transfe=
> r038.netfirms.com/login/>
> <input type=3Dsubmit style=3D"color:#000080; border:solid 0px;
> background:=
> #white;" value=3Dhttps://www.paypal.com/cgi-bin/webscr?cmd=3D_update>
> </form><br>
> </td>
>         </tr>
>     </table>
> </td>
> </tr>
> </table>
>
> Thank you for using PayPal!<br>
> The PayPal Team</td>
> </tr>
>
> <tr>
> <td>
> <hr class=3D"dotted">
> </td>
> </tr>
>
> <tr>
> <td>
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
> <tr>
> <td class=3D"pp_footer">Please do not reply to this e-mail. Mail sent
> to this address cannot be answered. For assistance, log
> in</a> to your PayPal account and choose the "Help" link in the
> footer of any page.<br>
> <br class=3D"h10">
> To receive email notifications in plain text instead of HTML,
> update your preferences <a
> href=3D"https://www.paypal.com/us/PREFS-NOTI" t=
> arget=3D"_blank" > here</a>.</td>
> </tr>
>
> <tr>
>     <td><img src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif"
> height=3D=
> "10" width=3D"1" border=3D"0"></td>
> </tr>
> </table>
> </td>
> </tr>
>
> <tr>
>     <td><br><span class=3D"pp_footer">PayPal Email ID
> PP478<br><br></span></t=
> d>
> </tr>
> </table>
> </td>
> <td><img src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif"
> height=3D"=
> 1" width=3D"10" border=3D"0"></td>
> <td width=3D"190" valign=3D"top">
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"1" border=3D"0"
> bgc=
> olor=3D"#CCCCCC">
> <tr>
>     <td>
>     <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0"
> border=3D"0" bg=
> color=3D"#ffffff">
>     <tr>
>     <td>
>         <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"5"
> border=3D"0" b=
> gcolor=3D"#EEEEEE">
>         <tr>
>         <td class=3D"pp_sidebartextbold" align=3D"center">Protect Your
> Account I=
> nfo</td>
>         </tr>
>         </table>
>        
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"5" border=3D"0">
> <tr>
> <td class=3D"pp_sidebartext">Make sure you never provide your
> password to fraudulent websites.<br>
> <br>
> To safely and securely access the PayPal website or your account,
> open up a new web browser (e.g. Internet Explorer or Netscape) and
> type in the PayPal URL (http://www.paypal.com/).<br>
> <br>
> PayPal will never ask you to enter your password in an email.<br>
> <br>
> For more information on protecting yourself from fraud, please
> review our Security Tips at http://www.paypal.com/securitytips<br>
> <img src=3D"http://images.paypal.com/en_US/images/pixel.gif" height=3D
> "5" width=3D"1" border=3D"0"></td>
> </tr>
> </table>
> </td>
> </tr>
>
> --02FA_603B..9_--
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ