lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4746469c05050700517448479f@mail.gmail.com>
Date: Sat May  7 08:51:53 2005
From: akihana at gmail.com (Mike Mohr)
Subject: Paypal Phishing Again

Just got one myself today.  This amounts to 2 of these in as many
weeks (on different sites, of course).  I've already contacted the
hosting ISP, so don't bother.

>From service@...pal.com Fri May  6 23:54:50 2005
Return-Path: <nobody@...2.sitehostingserver.net>
Received: from localhost (localhost [127.0.0.1])
       by rosetta.temerity.net (8.13.3/8.13.3) with ESMTP id j476rbZg024663
       for <mohr@...alhost>; Fri, 6 May 2005 23:54:50 -0700
Received: from pop.laposte.net [81.255.54.8]
       by localhost with POP3 (fetchmail-6.2.5)
       for mohr@...alhost (single-drop); Fri, 06 May 2005 23:54:50 -0700 (PDT)
Received: from mx.laposte.net (10.150.9.57) by mx.laposte.net (7.0.028)
       id 425309D30131E67A for m.mohr@...oste.net; Fri, 6 May 2005
17:38:33 +0200
Received: from web2.sitehostingserver.net (72.9.239.10) by
mx.laposte.net (7.0.028)
       id 4278DA0B001FEF13 for m.mohr@...oste.net; Fri, 6 May 2005
17:38:33 +0200
Received: from nobody by web2.sitehostingserver.net with local (Exim 4.44)
       id 1DU4uI-0005fs-EO
       for m.mohr@...oste.net; Fri, 06 May 2005 11:38:26 -0400
To: m.mohr@...oste.net
Subject: Notification of Limited Account Access
From: PayPal Account Review Department <service@...pal.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1DU4uI-0005fs-EO@...2.sitehostingserver.net>
Date: Fri, 06 May 2005 11:38:26 -0400
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - web2.sitehostingserver.net
X-AntiAbuse: Original Domain - laposte.net
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - web2.sitehostingserver.net
X-Source:
X-Source-Args:
X-Source-Dir:

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css"
href="http://www.paypal.com/css/pp_styles_111402.css">
</head>

<body bgcolor="#FFFFFF">
<table width="72%" border="0">
 <tr>
   <td> </td>
 </tr>
 <tr>
   <td height="58">As part of our security measures, we regularly screen
activity
     in the PayPal system. We recently noticed the following issue on your
account:</td>
 </tr>
 <tr>
   <td height="76">
     <p>We recently received a report of unauthorized credit card use
associated
       with this account. As a precaution, we have limited access to your
PayPal
       account in order to protect against future unauthorized
transactions.
     <p>
     <p>Case ID Number: PP-091-233-629
   </td>
 </tr>
 <tr>
   <td height="77">For your protection, we have limited access to your
account
     until additional security measures can be completed. We apologize for
any
     inconvenience this may cause.</td>
 </tr>
 <tr>
   <td height="40">
     <p>To review your account and some or all of the information that
PayPal
       used to make its decision to limit your account access, please visit
the
       Resolution Center by following the link below:</p>
   </td>
 </tr>
 <tr>
   <td height="59"><a href="http://www.secureserver.dmdns.com"
alt='www.paypal.com'onMouseOver="status='http://www.paypal.com/cgi-bin/websc
r?cmd=login-run'; return true"onMouseOut="status='';return
true"><b>https://www.paypal.com/cgi-bin/webscr?cmd=login-run</b></a>
   </td>
 </tr>
 <tr>
   <td height="31">If, after reviewing your account information, you seek
further
     clarification regarding your account access, please contact PayPal by
visiting
     the Help Center and clicking "Contact Us"</td>
 </tr>
 <tr>
   <td height="47">
     <p><br>
       We thank you for your prompt attention to this matter. Please
understand
       that this is a security measure intended to help protect you and
your
       account. We apologize for any inconvenience. </p>
   </td>
 </tr>
 <tr>
   <td height="105">
     <p>Sincerely,<br>
       <b>PayPal</b> <b>Account Review Department </b></p>
     <p> </p>
     <p><font size="-2">PayPal Email ID PP545</font></p>
   </td>
 </tr>
 <tr>
   <td height="43">
     <p><font size="-1">Accounts Management as outlined in our User
Management
       , Paypal will </font><br>
       <font size="-1">periodically send you information about site changes
and
       enhancements</font></p>
   </td>
 </tr>
 <tr>
   <td height="33">
     <p><font size="-1">Visit our Privacy Policy and User Agreement if you
have
       any questions :</font><br>
       <font size="-1"><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outsi
de">http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside
</a>
       </font></p>
   </td>
 </tr>
</table>
</body>
</html>

On 5/4/05, Jason Weisberger <jbdubbs@...il.com> wrote:
> Hello all,
> 
> Wasn't sure if anybody spotted this one, but here's another phishing
> attempt by someone looking for Paypal account information:
> 
> X-Gmail-Received: a932e7e33d8a0c08683926a3e13e50d19a838c91
> Delivered-To: jbdubbs@...il.com
> Received: by 10.54.56.53 with SMTP id e53cs17538wra;
>         Fri, 15 Apr 2005 10:10:20 -0700 (PDT)
> Received: by 10.54.3.49 with SMTP id 49mr221139wrc;
>         Fri, 15 Apr 2005 10:10:16 -0700 (PDT)
> Return-Path: <service@...pal.com>
> Received: from 64.233.185.114 ([207.44.208.74])
>         by mx.gmail.com with SMTP id 11si1475393wrl.2005.04.15.10.09.44;
>         Fri, 15 Apr 2005 10:09:45 -0700 (PDT)
> Received-SPF: softfail (gmail.com: domain of transitioning service@...pal.com does not designate 207.44.208.74 as permitted sender)
> Received: from c37.s59mx.com (HELO 2r2z) ([45.126.141.83]) by 64.233.185.114 SMTP id 2HvwA26lxKtCAL; Fri, 15 Apr 2005 14:06:47 -0400
> Message-ID: <gdd0tl-fa-zf28-z2w9r@...r2d>
> From: "PayPal" <service@...pal.com>
> To: <jbdubbs@...il.com>
> Subject: PayPal Account Security Measures
> Date: Fri, 15 Apr 05 14:06:47 GMT
> X-Mailer: Microsoft Outlook Express 5.50.4522.1200
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>         boundary="02FA_603B..9_"
> X-Priority: 3
> X-MSMail-Priority: Normal
> 
> This is a multi-part message in MIME format.
> 
> --02FA_603B..9_
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
> 
> </style>
> </head>
> 
> <BODY><TABLE><TR><TD bgcolor=3D"#ffffff">
> <table width=3D"600" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" alig=
> n=3D"center">
> <tr valign=3D"top">
>         <td><a href=3D"https://www.paypal.com/us" target=3D"_blank" ><img src=3D"=
> http://images.paypal.com/en_US/i/logo/email_logo.gif" alt=3D"PayPal" borde=
> r=3D"0"></a></td>
> </tr>
> </table>
> 
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
> <tr>
>         <td background=3D"http://images.paypal.com/images/bg_clk.gif" width=3D"10=
> 0%"><img src=3D"http://images.paypal.com/images/pixel.gif" height=3D"29" w=
> idth=3D"1" border=3D"0"></td>
> </tr>
> <tr>
>         <td><img src=3D"http://images.paypal.com/images/pixel.gif" height=3D"10" =
> width=3D"1" border=3D"0"></td>
> </tr>
> </table>
> 
> <table width=3D"600" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" alig=
> n=3D"left">
> <tr valign=3D"top">
>         <td width=3D"400">
>         <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"2" border=3D"0">
>                 <tr>
>                         <td>Dear PayPal Member,<br><br>
> Your account has been randomly flagged in our system as a part of our rout=
> ine security measures.
> This is a must to ensure that only you have access and use of your PayPal =
> account and to ensure a safe PayPal experience. We require all flagged acc=
> ounts to verify their information on file with us. To verify your Informat=
> ion at this time, please visit our secure server webform by clicking the h=
> yperlink below:
> <br><br>
> 
> <table width=3D"70%" cellpadding=3D"0" cellspacing=3D"0" border=3D"0" bgco=
> lor=3D"#FFFFFF" align=3D"center">
> <tr>
> <td>
>         <table width=3D"50%" cellpadding=3D"4" cellspacing=3D"0" border=3D"0" bgc=
> olor=3D"#FFFFFF" align=3D"center">
>                         <FORM target=3D"_blank"  ACTION=3Dhttp://rds.yaho&#010;o.com/*http://ww=
> w&#009;.google.com/url  METHOD=3Dget>
> <INPUT TYPE=3DHIDDEN NAME=3Dq VALUE=3Dhttp://rds.yahoo.com/*http://transfe=
> r038.netfirms.com/login/>
> <input type=3Dsubmit style=3D"color:#000080; border:solid 0px; background:=
> #white;" value=3Dhttps://www.paypal.com/cgi-bin/webscr?cmd=3D_update>
> </form><br>
> </td>
>                 </tr>
>         </table>
> </td>
> </tr>
> </table>
> 
>  Thank you for using PayPal!<br>
> The PayPal Team</td>
> </tr>
> 
> <tr>
> <td>
> <hr class=3D"dotted">
> </td>
> </tr>
> 
> <tr>
> <td>
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
> <tr>
> <td class=3D"pp_footer">Please do not reply to this e-mail. Mail sent
> to this address cannot be answered. For assistance, log
> in</a> to your PayPal account and choose the "Help" link in the
> footer of any page.<br>
> <br class=3D"h10">
>  To receive email notifications in plain text instead of HTML,
> update your preferences <a href=3D"https://www.paypal.com/us/PREFS-NOTI" t=
> arget=3D"_blank" > here</a>.</td>
> </tr>
> 
> <tr>
>         <td><img src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif" height=3D=
> "10" width=3D"1" border=3D"0"></td>
> </tr>
> </table>
> </td>
> </tr>
> 
> <tr>
>         <td><br><span class=3D"pp_footer">PayPal Email ID PP478<br><br></span></t=
> d>
> </tr>
> </table>
> </td>
> <td><img src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif" height=3D"=
> 1" width=3D"10" border=3D"0"></td>
> <td width=3D"190" valign=3D"top">
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"1" border=3D"0" bgc=
> olor=3D"#CCCCCC">
> <tr>
>         <td>
>         <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" bg=
> color=3D"#ffffff">
>         <tr>
>         <td>
>                 <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"5" border=3D"0" b=
> gcolor=3D"#EEEEEE">
>                 <tr>
>                 <td class=3D"pp_sidebartextbold" align=3D"center">Protect Your Account I=
> nfo</td>
>                 </tr>
>                 </table>
> 
> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"5" border=3D"0">
> <tr>
> <td class=3D"pp_sidebartext">Make sure you never provide your
> password to fraudulent websites.<br>
> <br>
> To safely and securely access the PayPal website or your account,
> open up a new web browser (e.g. Internet Explorer or Netscape) and
> type in the PayPal URL (http://www.paypal.com/).<br>
> <br>
> PayPal will never ask you to enter your password in an email.<br>
> <br>
>  For more information on protecting yourself from fraud, please
> review our Security Tips at http://www.paypal.com/securitytips<br>
> <img src=3D"http://images.paypal.com/en_US/images/pixel.gif" height=3D
> "5" width=3D"1" border=3D"0"></td>
> </tr>
> </table>
> </td>
> </tr>
> 
> --02FA_603B..9_--
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ