lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu May  5 14:09:27 2005
From: toddtowles at brookshires.com (Todd Towles)
Subject: Paypal Phishing Again

I would guess that almost everyone on this list, can spot a phishing
e-mail. I reported one to Paypal yesterday, and another the day before
that. I would say that I can around 8-10 a week. Should I post them all
on FD? It doesn't help. The phishing site will be down in a matter of
days (perhaps hours)..and it will be put up on another zombie that is in
the botnet.

Report these to paypal and to the anti-phishing group. FD is a place to
talk about phishing, but not to report each e-mail...just my 2 cents.

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Jason Weisberger
> Sent: Wednesday, May 04, 2005 9:33 PM
> To: full-disclosure@...ts.grok.org.uk
> Subject: [Full-disclosure] Paypal Phishing Again
> 
> Hello all,
> 
> Wasn't sure if anybody spotted this one, but here's another 
> phishing attempt by someone looking for Paypal account information:
> 
>                                                               
>                                                               
>                                                               
>                                                                      
> X-Gmail-Received: a932e7e33d8a0c08683926a3e13e50d19a838c91
> Delivered-To: jbdubbs@...il.com
> Received: by 10.54.56.53 with SMTP id e53cs17538wra;
>         Fri, 15 Apr 2005 10:10:20 -0700 (PDT)
> Received: by 10.54.3.49 with SMTP id 49mr221139wrc;
>         Fri, 15 Apr 2005 10:10:16 -0700 (PDT)
> Return-Path: <service@...pal.com>
> Received: from 64.233.185.114 ([207.44.208.74])
>         by mx.gmail.com with SMTP id 
> 11si1475393wrl.2005.04.15.10.09.44;
>         Fri, 15 Apr 2005 10:09:45 -0700 (PDT)
> Received-SPF: softfail (gmail.com: domain of transitioning 
> service@...pal.com does not designate 207.44.208.74 as 
> permitted sender)
> Received: from c37.s59mx.com (HELO 2r2z) ([45.126.141.83]) by 
> 64.233.185.114 SMTP id 2HvwA26lxKtCAL; Fri, 15 Apr 2005 14:06:47 -0400
> Message-ID: <gdd0tl-fa-zf28-z2w9r@...r2d>
> From: "PayPal" <service@...pal.com>
> To: <jbdubbs@...il.com>
> Subject: PayPal Account Security Measures
> Date: Fri, 15 Apr 05 14:06:47 GMT
> X-Mailer: Microsoft Outlook Express 5.50.4522.1200
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> 	boundary="02FA_603B..9_"
> X-Priority: 3
> X-MSMail-Priority: Normal
> 
> This is a multi-part message in MIME format.
> 
> --02FA_603B..9_
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
> 
> </style>
> </head>
> 
> <BODY><TABLE><TR><TD bgcolor=3D"#ffffff"> <table 
> width=3D"600" cellspacing=3D"0" cellpadding=3D"0" 
> border=3D"0" alig= n=3D"center"> <tr valign=3D"top">
> 	<td><a href=3D"https://www.paypal.com/us" 
> target=3D"_blank" ><img src=3D"= 
> http://images.paypal.com/en_US/i/logo/email_logo.gif" 
> alt=3D"PayPal" borde= r=3D"0"></a></td> </tr> </table>
> 
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" 
> border=3D"0"> <tr>
> 	<td 
> background=3D"http://images.paypal.com/images/bg_clk.gif" 
> width=3D"10= 0%"><img 
> src=3D"http://images.paypal.com/images/pixel.gif" 
> height=3D"29" w= idth=3D"1" border=3D"0"></td> </tr> <tr>
> 	<td><img 
> src=3D"http://images.paypal.com/images/pixel.gif" 
> height=3D"10" = width=3D"1" border=3D"0"></td> </tr> </table>
> 
> <table width=3D"600" cellspacing=3D"0" cellpadding=3D"0" 
> border=3D"0" alig= n=3D"left"> <tr valign=3D"top">
> 	<td width=3D"400">
> 	<table width=3D"100%" cellspacing=3D"0" 
> cellpadding=3D"2" border=3D"0">
> 		<tr>
> 			<td>Dear PayPal Member,<br><br>
> Your account has been randomly flagged in our system as a 
> part of our rout= ine security measures. 
> This is a must to ensure that only you have access and use of 
> your PayPal = account and to ensure a safe PayPal experience. 
> We require all flagged acc= ounts to verify their information 
> on file with us. To verify your Informat= ion at this time, 
> please visit our secure server webform by clicking the h= 
> yperlink below:
> <br><br>
>  
> <table width=3D"70%" cellpadding=3D"0" cellspacing=3D"0" 
> border=3D"0" bgco= lor=3D"#FFFFFF" align=3D"center"> <tr> <td>
> 	<table width=3D"50%" cellpadding=3D"4" 
> cellspacing=3D"0" border=3D"0" bgc= olor=3D"#FFFFFF" align=3D"center">
> 			<FORM target=3D"_blank"  
> ACTION=3Dhttp://rds.yaho&#010;o.com/*http://ww=
> w&#009;.google.com/url  METHOD=3Dget>
> <INPUT TYPE=3DHIDDEN NAME=3Dq 
> VALUE=3Dhttp://rds.yahoo.com/*http://transfe=
> r038.netfirms.com/login/>
> <input type=3Dsubmit style=3D"color:#000080; border:solid 
> 0px; background:= #white;" 
> value=3Dhttps://www.paypal.com/cgi-bin/webscr?cmd=3D_update>
> </form><br>
> </td>
> 		</tr>
> 	</table>
> </td>
> </tr>
> </table>
> 
>  Thank you for using PayPal!<br>
> The PayPal Team</td>
> </tr>
> 
> <tr>
> <td>
> <hr class=3D"dotted">
> </td>
> </tr>
> 
> <tr>
> <td>
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" 
> border=3D"0"> <tr> <td class=3D"pp_footer">Please do not 
> reply to this e-mail. Mail sent to this address cannot be 
> answered. For assistance, log in</a> to your PayPal account 
> and choose the "Help" link in the footer of any page.<br> <br 
> class=3D"h10">  To receive email notifications in plain text 
> instead of HTML, update your preferences <a 
> href=3D"https://www.paypal.com/us/PREFS-NOTI" t= 
> arget=3D"_blank" > here</a>.</td> </tr>
> 
> <tr>
> 	<td><img 
> src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif" 
> height=3D= "10" width=3D"1" border=3D"0"></td> </tr> </table> 
> </td> </tr>
> 
> <tr>
> 	<td><br><span class=3D"pp_footer">PayPal Email ID 
> PP478<br><br></span></t=
> d>
> </tr>
> </table>
> </td>
> <td><img 
> src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif" 
> height=3D"= 1" width=3D"10" border=3D"0"></td> <td 
> width=3D"190" valign=3D"top"> <table width=3D"100%" 
> cellspacing=3D"0" cellpadding=3D"1" border=3D"0" bgc= 
> olor=3D"#CCCCCC"> <tr>
> 	<td>
> 	<table width=3D"100%" cellspacing=3D"0" 
> cellpadding=3D"0" border=3D"0" bg= color=3D"#ffffff">
> 	<tr>
> 	<td>
> 		<table width=3D"100%" cellspacing=3D"0" 
> cellpadding=3D"5" border=3D"0" b= gcolor=3D"#EEEEEE">
> 		<tr>
> 		<td class=3D"pp_sidebartextbold" 
> align=3D"center">Protect Your Account I= nfo</td>
> 		</tr>
> 		</table>
> 		
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"5" 
> border=3D"0"> <tr> <td class=3D"pp_sidebartext">Make sure you 
> never provide your password to fraudulent websites.<br> <br> 
> To safely and securely access the PayPal website or your 
> account, open up a new web browser (e.g. Internet Explorer or 
> Netscape) and type in the PayPal URL 
> (http://www.paypal.com/).<br> <br> PayPal will never ask you 
> to enter your password in an email.<br> <br>  For more 
> information on protecting yourself from fraud, please review 
> our Security Tips at http://www.paypal.com/securitytips<br>
> <img src=3D"http://images.paypal.com/en_US/images/pixel.gif" 
> height=3D "5" width=3D"1" border=3D"0"></td> </tr> </table> 
> </td> </tr>
> 
> --02FA_603B..9_--
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ