[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1074998158.20758.19.camel@coruscant.weisserth.net>
From: tobias at weisserth.de (Tobias Weisserth)
Subject: Phishing scam - yet another Paypal phishing
scam!
Hi everybody,
I just wanted to add another phishing scam to the "in the wild" list.
A fake Paypal email is pointing potential IE victims to a modified URL:
http://www.paypal.com%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01@....54.126.187/f/
The host 211.54.126.187 is up and running, the email address of the
administrator seems to be a fake, mail bounces immediately. The
211.54.126.187/f/ URL points to a dead page though, so maybe the admin
has already taken action.
This is the HTML source of the spam email:
Note that the mail is actually using real elements from PayPal.
Measuring the art of social engineering here, I'd say this one is pretty
clever.
What really is annoying here is that this bug already exists for several
weeks in IE and it seems MS is not willing to do something about that.
The simple minded user shouldn't use IE as long as this is still not
fixed.
####################begin#######################
<head>
<!--
Script info: script: webscr, cmd: _login-run, template: p/gen/login,
date:
Fri May 23 00:45:53 2003
web version: 17.8-91 branch: live-178
content version: 17.8-82 branch: live-178
-->
<title>paypal - verify your account information</title>
<META http-equiv="DESCRIPTION" content="PayPal lets you send money to
anyone
with email. PayPal is free for consumers and works seamlessly with your
existing credit card and checking account. You can settle debts, borrow
cash, divide bills or split expenses with friends all without going to
an
ATM or looking for your checkbook.">
<META http-equiv="KEYWORDS" content="Send, money, payments, credit,
credit
card, instant, money, financial services, mobile, wireless, WAP, cell
phones, two-way pagers, Windows CE">
<link rel="stylesheet" type="text/css"
href="http://www.paypal.com/css/pp_styles_111402.css">
<script src="/js/pp_main.js"></script>
<link rel="shortcut icon"
href="http://www.paypal.com/images/pp_favicon.ico">
</head>
<body bgcolor="#ffffff"
>
<table cellSpacing="0" cellPadding="0" width="600" align="center"
border="0">
<tbody>
<tr>
<td noWrap><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=_home"><img
src="http://www.paypal.com/images/paypal_logo.gif" border="0"
width="117" height="35"></a></td>
<td class="pptext" align="middle" width="100%"> </td>
<td class="pptext" noWrap align="right"><a
href="https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run"><span
class="ppem106">Sign Up</span></a> | <a
href="https://www.paypal.com/cgi-bin/webscr?cmd=_login-run">Log Out</a> | <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&source_page=_login-run">Help</a></td>
</tr>
</tbody>
</table>
<br class="h5">
<table cellSpacing="0" cellPadding="0" width="100%" align="center"
border="0">
<tbody>
<tr>
<td width="100%"
background="http://www.paypal.com/images/tabs/bg.gif">
<table cellSpacing="0" cellPadding="0" align="center"
border="0">
<tbody>
<tr>
<td><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=_home"><img alt="Welcome"
src="http://www.paypal.com/images/tabs/P_off_welcome.gif" border="0"
width="106" height="36"></a></td>
<td><img src="http://www.paypal.com/images/pixel.gif"
width="1" height="1"></td>
<td><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/ema/index-outside"><img
alt="Send Money"
src="http://www.paypal.com/images/tabs/P_off_send_money.gif" border="0"
width="110" height="36"></a></td>
<td><img src="http://www.paypal.com/images/pixel.gif"
width="1" height="1"></td>
<td><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/req/index-outside"><img
alt="Request Money"
src="http://www.paypal.com/images/tabs/P_off_request_money.gif"
border="0" width="130" height="36"></a></td>
<td><img src="http://www.paypal.com/images/pixel.gif"
width="1" height="1"></td>
<td><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/mer/index-outside"><img
alt="Merchant Tools"
src="http://www.paypal.com/images/tabs/P_off_merchant_tools.gif"
border="0" width="130" height="36"></a></td>
<td><img src="http://www.paypal.com/images/pixel.gif"
width="1" height="1"></td>
<td><a class="pptabtext"
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/auc/index-outside"><img
alt="Auction Tools"
src="http://www.paypal.com/images/tabs/P_off_auction_tools.gif"
border="0" width="118" height="36"></a></td>
</tr>
</tbody>
</table>
<img height="20" src="http://www.paypal.com/images/pixel.gif"
width="1"></td>
<td><img height="59" src="http://www.paypal.com/images/pixel.gif"
width="1"></td>
</tr>
</tbody>
</table>
<img height="10" src="http://www.paypal.com/images/pixel.gif"
width="1"><br>
<p align="center"> <br>
<table width="75%" border="0" align="center">
<tr>
<td><font size="2"><b>Dear paypal user, We would like to inform you
that we
are upgrading our server to install a better protection software.
So please
<a
href="http://www.paypal.com%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01@....54.126.187/f/ ">click here</a> and
fill in the registration form again to renew your account. Paypal
Administration.</b></font>
</td>
</tr>
</table>
<p align="center">
<p align="center">
<p align="center"><font size="2"><b>Thank you for a using
PayPal!</b></font><br>
<table cellSpacing="0" cellPadding="0" width="600" align="center"
border="0">
<tbody>
<tr>
<td class="ppfooter" align="middle"><br>
<a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/about-outside">About</a>
| <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/accounts-outside">Accounts</a>
| <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/fees-outside">Fees</a>
| <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside">Privacy</a>
| <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/security-main-outside">Security
Center</a> | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/ua-outside">User
Agreement</a> | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/intro-outside">Developers</a>
| <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/logos-outside">Referrals</a>
| <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=_shop-ext">Shops</a><br>
<br>
<img alt src="http://www.paypal.com/images/ebay_co.gif"
width="100" height="12"><br>
<br class="h10">
Copyright 1999-2003 PayPal. All rights reserved.<br>
<a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/fdic-outside">Information
about FDIC pass-through insurance</a></td>
</tr>
</tbody>
</table>
<!-- end footer -->
</body>
</html>
#####################end########################
kind regards,
Tobias W.
Powered by blists - more mailing lists