Security Incidents mailing list archives

New PayPal Email Scam

From: Isaac Hopper <inhopp01 () yahoo com>
Date: Mon, 10 Nov 2003 10:19:19 -0800 (PST)

This morning (Nov. 10, 2003) I received yet another in
the seemingly endless string of spam messages.  This
one caught my eye though.  The message purports to be
from PayPal, and states the following:

<--- Begin Message Text
This e-mail is the notification of recent innovations
taken by PayPal to detect inactive customers and
non-functioning mailboxes.

The inactive customers are subject to restriction and
removal in the next 3 months.

Please confirm your email address and and Credit Card
info number by logging in to your PayPal account using
the form below:

Your Address Information - You may only enter English
characters during Sign Up. This does NOT include
characters with accents. Please enter your name and
address as they are listed for your credit card or
bank account. Your primary currency is the currency in
which you are expecting to send and receive the
majority of your payments.
<--- End Message text

When I saw the demand for Credit details, I
immediately opened the code in UltraEdit to take a
look.  It appears that the form is submitting 
to the following address:

http://207.150.192.12/temp/top0az/cgi-bin/p.php


Everything else on the page, including the other links
point to the actual PayPal site, making this a fairly
effective ruse for the unsuspecting user.  I have made
PayPal aware of the problem, but I don't want it to
get lost in the shuffle, so I thought I would post the
information here for your review.  If you would like a
copy of the email in its entirety (HTML format),
please let me know via email, and I will be happy 
to send it along.

Sincerely,

Isaac N. Hopper


__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------

Current thread:

New PayPal Email Scam Isaac Hopper (Nov 10)
- RE: New PayPal Email Scam Charles Hamby (Nov 12)
  - Re: New PayPal Email Scam mis (Nov 13)
- <Possible follow-ups>
- RE: New PayPal Email Scam Turpin Mark Contr AFCA/GCF (Nov 12)