Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Paypal scam uses Korean school Web server

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Mon, 21 Apr 2003 08:40:12 -0400
Hi,

Some criminal type has apparently broken into a Web server belonging to
an elementary school in Korea and has set up a CGI script to collect
people's credit card and bank account information.  To get people to
supply this private information, the scammer has been sending out the
attached spam email message which gives the impression it is from the
PayPal billing department.

The CGI script is located at this URL:

   http://211.34.252.132/secure/PayPalSecurity

The IP address 211.34.252.132 is owned by:

   Haengjoo Kim
   Hajang Elemantary School
   76-1 Goangdong-Ri Hajang-Mayn Samchok-Si
   KANGWON
   +82-33-552-0034
   kngreung () soback kornet net

If someone on this list speaks Korean, can they please let the folks at
Hajang Elementary School that there is a problem and that the scam needs
to be shutdown ASAP.

Richard M. Smith
http://www.ComputerBytesMan.com

Return-Path: <security () paypal com>
Delivered-To: rms2000-computerbytesman:com-rms () computerbytesman com
X-Envelope-To: rms () computerbytesman com
Received: (qmail 84944 invoked from network); 19 Apr 2003 18:23:15 -0000
Received: from adsl-64-109-171-17.dsl.chcgil.ameritech.net (HELO
linux8b.local.7188.us) (64.109.171.17)
  by siyazi.pair.com with SMTP; 19 Apr 2003 18:23:15 -0000
Received: from localhost (linux8b.local.7188.us [127.0.0.1])
        by linux8b.local.7188.us (8.12.8/8.12.8) with SMTP id
h3JIXIwD008939
        for <rms () computerbytesman com>; Sat, 19 Apr 2003 13:33:25 -0500
Message-Id: <200304191833.h3JIXIwD008939 () linux8b local 7188 us>
From: <security () paypal com>
To: <rms () computerbytesman com>
Subject: PayPal Security check
Date: Sat, 19 Apr 2003 13:33:18 -0500
X-Mailer: sendEmail-1.40
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Dear valued PayPal member,

It has come to our attention that your eBay Billing Information records
are out of date. That requires you to update the Billing Information If
you could please take 5-10 minutes out of your online experience and
update your billing records, you will not run into any future problems
with eBay's online service. However, failure to update your records will
result in account termination. Please update your records in maximum 24
hours.

Once you have updated your account records, your eBay session will not
be interrupted and will continue as normal. Failure to update will
result in cancellation of service, Terms of Service (TOS) violations or
future billing problems.

Please click here to update your billing records.

Thank you for your time!
Marry Kimmel,
PayPal Billing Department team.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: