| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Apr 2005 11:29:34 -0500 From: "McAllister, Andrew" <McAllisterA@...ystem.edu> To: "bugtraq" <bugtraq@...urityfocus.com> Subject: RE: PayPal "security" measures I followed up with Mr Rasmussen privately. I've been getting phishing spam that looks to be from PayPal (nothing new there), but strangely enough has NO visible attack vector. The phishing spam directs me to a legitimate paypal page. I know it is a scam because, e-mail headers indicate the mail has come from unknown hosts, and I've received confirmation from PayPal that it is a scam. I reported the "spoof" e-mail via this paypal link: https://www.paypal.com/ewf/f=pps_spf. I got a response back about 24 hours later. I have no explanation for this legitimate looking but fraudulent e-mail other than to suspect that phishers are laying groundwork for a follow-up e-mail pointing to a phishing site instead of paypal. Basically, getting victims accustomed to the look and feel of their letter by pointing to paypal, then later sending them another "identical" e-mail that points to the phishing site. Andy > -----Original Message----- > From: Michael Rueve [mailto:rueve@...ioconnect.net] > Sent: Sunday, April 03, 2005 9:30 PM > To: Jeremy Rasmussen; bugtraq snip > Has anyone here been able to contact this company and gotten > any reasonable response (i.e. some real and competent person, > not automated replies or replies that clearly tell you the > person responding did not even read your request)? snip
Powered by blists - more mailing lists