Discussion:
Another PayPal phishing scam
(too old to reply)
Julio Cesar Fort
2005-05-02 19:29:24 UTC
Permalink
Today I received a fake message pretending to be from PayPal Security
Center. The most intersting thing is that I don't even have a PayPal
account.

The fake PayPal link points to a possibly compromised server in Spain
(http://217.11.100.3/~cs/paypal/)

Regards,
Julio Cesar Fort (julio at rfdslabs com br)
Recife, PE, Brasil

www.rfdslabs.com.br - computers, sex, human mind, music and more.

-- scam (in raw text) --
Security Center Advisory!

We recently noticed one or more attempts to log in to your PayPal account
from a foreign IP address and we have reasons to belive that your account
was hijacked by a third party without your authorization. If you recently
accessed your account while traveling, the unusual log in attempts may have
been initiated by you.

If you are the rightful holder of the account you must click the link below
and then complete all steps from the following page as we try to verify your
identity.

Click here to verify your account

If you choose to ignore our request, you leave us no choice but to temporaly
suspend your account.

Thank you for using PayPal! The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your
preferences here.

PayPal Email ID PP697
-- end of scam --

________________________________________________
Message
sent using UebiMiau 2.7.2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Morning Wood
2005-05-02 23:05:47 UTC
Permalink
Post by Julio Cesar Fort
Today I received a fake message pretending to be from PayPal Security
Center. The most intersting thing is that I don't even have a PayPal
account.
quite common. i am supprised its your first one.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Vincent Archer
2005-05-03 07:23:25 UTC
Permalink
Post by Morning Wood
Post by Julio Cesar Fort
Today I received a fake message pretending to be from PayPal Security
Center. The most intersting thing is that I don't even have a PayPal
account.
quite common. i am supprised its your first one.
I usually receive about two paypal & ebay "messages" per week, and a dozen
or so bank notices from all over the world.

(plus the obligatory dozen nigerian/irakian/laos/other scams per day. Not
counting duplicates of the same one)

This address has been active for a year and a half, and has been used to
post to about four of the security mailing lists I'm subscribed to.

So, be patient. You'll have your fill quickly.
--
Vincent ARCHER
***@denyall.com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Nigel Horne
2005-05-03 07:26:33 UTC
Permalink
Post by Julio Cesar Fort
Today I received a fake message pretending to be from PayPal Security
Center. The most intersting thing is that I don't even have a PayPal
account.
I would say that's the least interesting thing.

-Nigel
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Joachim Schipper
2005-05-03 09:03:52 UTC
Permalink
how cant authorities do anything about this servers?
Well, the internet was designed to be able to survive nuclear strikes...
let alone any peaceful means of shutting stuff down. It's very, very
difficult.

And don't forget that these servers *are* closed within a couple of
hours, most of the time - but that appears not to be enough to make it
unprofitable.

Joachim
phased
2005-05-03 13:09:21 UTC
Permalink
look dont bother reporting these there are hundreds everyday, no one gives a shit

-----Original Message-----
From: "Julio Cesar Fort" <***@rfdslabs.com.br>
To: full-***@lists.grok.org.uk
Date: Mon, 2 May 2005 19:29:24 -0000
Subject: [Full-disclosure] Another PayPal phishing scam
Post by Julio Cesar Fort
Today I received a fake message pretending to be from PayPal Security
Center. The most intersting thing is that I don't even have a PayPal
account.
The fake PayPal link points to a possibly compromised server in Spain
(http://217.11.100.3/~cs/paypal/)
Regards,
Julio Cesar Fort (julio at rfdslabs com br)
Recife, PE, Brasil
www.rfdslabs.com.br - computers, sex, human mind, music and more.
-- scam (in raw text) --
Security Center Advisory!
We recently noticed one or more attempts to log in to your PayPal account
from a foreign IP address and we have reasons to belive that your account
was hijacked by a third party without your authorization. If you recently
accessed your account while traveling, the unusual log in attempts may have
been initiated by you.
If you are the rightful holder of the account you must click the link below
and then complete all steps from the following page as we try to verify your
identity.
Click here to verify your account
If you choose to ignore our request, you leave us no choice but to temporaly
suspend your account.
Thank you for using PayPal! The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the footer of any page.
To receive email notifications in plain text instead of HTML, update your
preferences here.
PayPal Email ID PP697
-- end of scam --
________________________________________________
Message
sent using UebiMiau 2.7.2
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Todd Towles
2005-05-03 13:31:21 UTC
Permalink
MW is right, it would be better to forward the e-mail as text to
***@paypal.com

If you get a ebay phishing e-mail, send that to ***@ebay.com, then I
try to send all of those WAMU to ***@wamu.com

I also had this phishing attempt in my mailbox, the site is currently
now.
Post by phased
-----Original Message-----
Of Morning Wood
Sent: Monday, May 02, 2005 6:06 PM
Subject: Re: [Full-disclosure] Another PayPal phishing scam
Post by Julio Cesar Fort
Today I received a fake message pretending to be from
PayPal Security
Post by Julio Cesar Fort
Center. The most intersting thing is that I don't even have
a PayPal
Post by Julio Cesar Fort
account.
quite common. i am supprised its your first one.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Nick FitzGerald
2005-05-03 21:03:06 UTC
Permalink
Post by phased
look dont bother reporting these there are hundreds everyday, no one gives a shit
Well, actually, many people do care.

For one, there are those at the targeted organizations concerned that
their "good name" is being further besmirched and confidence in their
irganization being further eroded. There are law enforcement folk
actively tracking some of the major fraudsters behind some of these
scams. There are the folk at the ISPs, etc hosting the fraudulent
sites concerned with improving the security of their systems (recently
many of the phishing scam sites have been hosted on boxes compromised
through awstats, PHP Gallery, phpBB and similar vulns and many of these
boxes are at hosting services where it is the service's responsibility
to provide and update those services).

However, despite the existence of all these possibly interested folk,
Full-Disclosure is not the right, or even a _useful_, place to report
such things. As you and others have pointed out, there are literally
dozens to hundreds of these every day (I have received about a dozen
PayPal and various bank phishing scam messages at this address in the
last few days and if anything that is down slightly from the norm).

There are organizations like the Anti-Phishing Working Group where you
can report ocasional phishing spams. More dedicated "anti-phishers"
will have their own preferred mechanisms.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Loading...