Full Disclosure mailing list archives
RE: Paypal Phishing Again
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 5 May 2005 08:09:10 -0500
I would guess that almost everyone on this list, can spot a phishing e-mail. I reported one to Paypal yesterday, and another the day before that. I would say that I can around 8-10 a week. Should I post them all on FD? It doesn't help. The phishing site will be down in a matter of days (perhaps hours)..and it will be put up on another zombie that is in the botnet. Report these to paypal and to the anti-phishing group. FD is a place to talk about phishing, but not to report each e-mail...just my 2 cents.
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Jason Weisberger Sent: Wednesday, May 04, 2005 9:33 PM To: full-disclosure () lists grok org uk Subject: [Full-disclosure] Paypal Phishing Again Hello all, Wasn't sure if anybody spotted this one, but here's another phishing attempt by someone looking for Paypal account information: X-Gmail-Received: a932e7e33d8a0c08683926a3e13e50d19a838c91 Delivered-To: jbdubbs () gmail com Received: by 10.54.56.53 with SMTP id e53cs17538wra; Fri, 15 Apr 2005 10:10:20 -0700 (PDT) Received: by 10.54.3.49 with SMTP id 49mr221139wrc; Fri, 15 Apr 2005 10:10:16 -0700 (PDT) Return-Path: <service () paypal com> Received: from 64.233.185.114 ([207.44.208.74]) by mx.gmail.com with SMTP id 11si1475393wrl.2005.04.15.10.09.44; Fri, 15 Apr 2005 10:09:45 -0700 (PDT) Received-SPF: softfail (gmail.com: domain of transitioning service () paypal com does not designate 207.44.208.74 as permitted sender) Received: from c37.s59mx.com (HELO 2r2z) ([45.126.141.83]) by 64.233.185.114 SMTP id 2HvwA26lxKtCAL; Fri, 15 Apr 2005 14:06:47 -0400 Message-ID: <gdd0tl-fa-zf28-z2w9r@qx0r2d> From: "PayPal" <service () paypal com> To: <jbdubbs () gmail com> Subject: PayPal Account Security Measures Date: Fri, 15 Apr 05 14:06:47 GMT X-Mailer: Microsoft Outlook Express 5.50.4522.1200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="02FA_603B..9_" X-Priority: 3 X-MSMail-Priority: Normal This is a multi-part message in MIME format. --02FA_603B..9_ Content-Type: text/html; Content-Transfer-Encoding: quoted-printable </style> </head> <BODY><TABLE><TR><TD bgcolor=3D"#ffffff"> <table width=3D"600" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" alig= n=3D"center"> <tr valign=3D"top"> <td><a href=3D"https://www.paypal.com/us" target=3D"_blank" ><img src=3D"= http://images.paypal.com/en_US/i/logo/email_logo.gif" alt=3D"PayPal" borde= r=3D"0"></a></td> </tr> </table> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0"> <tr> <td background=3D"http://images.paypal.com/images/bg_clk.gif" width=3D"10= 0%"><img src=3D"http://images.paypal.com/images/pixel.gif" height=3D"29" w= idth=3D"1" border=3D"0"></td> </tr> <tr> <td><img src=3D"http://images.paypal.com/images/pixel.gif" height=3D"10" = width=3D"1" border=3D"0"></td> </tr> </table> <table width=3D"600" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" alig= n=3D"left"> <tr valign=3D"top"> <td width=3D"400"> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"2" border=3D"0"> <tr> <td>Dear PayPal Member,<br><br> Your account has been randomly flagged in our system as a part of our rout= ine security measures. This is a must to ensure that only you have access and use of your PayPal = account and to ensure a safe PayPal experience. We require all flagged acc= ounts to verify their information on file with us. To verify your Informat= ion at this time, please visit our secure server webform by clicking the h= yperlink below: <br><br> <table width=3D"70%" cellpadding=3D"0" cellspacing=3D"0" border=3D"0" bgco= lor=3D"#FFFFFF" align=3D"center"> <tr> <td> <table width=3D"50%" cellpadding=3D"4" cellspacing=3D"0" border=3D"0" bgc= olor=3D"#FFFFFF" align=3D"center"> <FORM target=3D"_blank" ACTION=3Dhttp://rds.yaho
o.com/*http://ww= w	.google.com/url METHOD=3Dget> <INPUT TYPE=3DHIDDEN NAME=3Dq VALUE=3Dhttp://rds.yahoo.com/*http://transfe= r038.netfirms.com/login/> <input type=3Dsubmit style=3D"color:#000080; border:solid 0px; background:= #white;" value=3Dhttps://www.paypal.com/cgi-bin/webscr?cmd=3D_update> </form><br> </td> </tr> </table> </td> </tr> </table> Thank you for using PayPal!<br> The PayPal Team</td> </tr> <tr> <td> <hr class=3D"dotted"> </td> </tr> <tr> <td> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0"> <tr> <td class=3D"pp_footer">Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in</a> to your PayPal account and choose the "Help" link in the footer of any page.<br> <br class=3D"h10"> To receive email notifications in plain text instead of HTML, update your preferences <a href=3D"https://www.paypal.com/us/PREFS-NOTI" t= arget=3D"_blank" > here</a>.</td> </tr> <tr> <td><img src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif" height=3D= "10" width=3D"1" border=3D"0"></td> </tr> </table> </td> </tr> <tr> <td><br><span class=3D"pp_footer">PayPal Email ID PP478<br><br></span></t= d> </tr> </table> </td> <td><img src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif" height=3D"= 1" width=3D"10" border=3D"0"></td> <td width=3D"190" valign=3D"top"> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"1" border=3D"0" bgc= olor=3D"#CCCCCC"> <tr> <td> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" bg= color=3D"#ffffff"> <tr> <td> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"5" border=3D"0" b= gcolor=3D"#EEEEEE"> <tr> <td class=3D"pp_sidebartextbold" align=3D"center">Protect Your Account I= nfo</td> </tr> </table> <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"5" border=3D"0"> <tr> <td class=3D"pp_sidebartext">Make sure you never provide your password to fraudulent websites.<br> <br> To safely and securely access the PayPal website or your account, open up a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal URL (http://www.paypal.com/).<br> <br> PayPal will never ask you to enter your password in an email.<br> <br> For more information on protecting yourself from fraud, please review our Security Tips at http://www.paypal.com/securitytips<br> <img src=3D"http://images.paypal.com/en_US/images/pixel.gif" height=3D "5" width=3D"1" border=3D"0"></td> </tr> </table> </td> </tr> --02FA_603B..9_-- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Paypal Phishing Again Jason Weisberger (May 04)
- Re: Paypal Phishing Again Nick FitzGerald (May 05)
- Re: Paypal Phishing Again Jeremy Heslop (May 05)
- Re: Paypal Phishing Again Nick FitzGerald (May 05)
- Re: Paypal Phishing Again Valdis . Kletnieks (May 05)
- Re: Paypal Phishing Again Nick FitzGerald (May 05)
- Re: Paypal Phishing Again Mike Mohr (May 07)
- <Possible follow-ups>
- RE: Paypal Phishing Again Todd Towles (May 05)
- RE: Paypal Phishing Again Todd Towles (May 05)