Security Incidents mailing list archives
RE: New PayPal Email Scam
From: Charles Hamby <fixer () gci net>
Date: Mon, 10 Nov 2003 17:09:49 -0900
Isaac, Might I also suggest contacting the ISP of the IP address that the scam is being run from? OrgName: Affinity Internet, Inc OrgID: AFFI Address: 101 Continental 4th Floor City: El Segundo StateProv: CA PostalCode: 90245 Country: US OrgTechHandle: ZA94-ARIN OrgTechName: Affinity Internet IP Management Group OrgTechPhone: +1-310-524-3000 OrgTechEmail: ip-admin () affinity com I ran across a similar Paypal scam about 8 months ago and contacted Paypal. They weren't much help. Roughly a month later the website was still up and running (and presumably still scamming people). After contacting the ISP the site was taken offline within 3 days. Charles Hamby -----Original Message----- From: Isaac Hopper [mailto:inhopp01 () yahoo com] Sent: Monday, November 10, 2003 9:19 AM To: incidents () securityfocus com Subject: New PayPal Email Scam This morning (Nov. 10, 2003) I received yet another in the seemingly endless string of spam messages. This one caught my eye though. The message purports to be from PayPal, and states the following: <--- Begin Message Text This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes. The inactive customers are subject to restriction and removal in the next 3 months. Please confirm your email address and and Credit Card info number by logging in to your PayPal account using the form below: Your Address Information - You may only enter English characters during Sign Up. This does NOT include characters with accents. Please enter your name and address as they are listed for your credit card or bank account. Your primary currency is the currency in which you are expecting to send and receive the majority of your payments. <--- End Message text When I saw the demand for Credit details, I immediately opened the code in UltraEdit to take a look. It appears that the form is submitting to the following address: http://207.150.192.12/temp/top0az/cgi-bin/p.php Everything else on the page, including the other links point to the actual PayPal site, making this a fairly effective ruse for the unsuspecting user. I have made PayPal aware of the problem, but I don't want it to get lost in the shuffle, so I thought I would post the information here for your review. If you would like a copy of the email in its entirety (HTML format), please let me know via email, and I will be happy to send it along. Sincerely, Isaac N. Hopper __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ----------------------------------------------------------------------------
Current thread:
- New PayPal Email Scam Isaac Hopper (Nov 10)
- RE: New PayPal Email Scam Charles Hamby (Nov 12)
- Re: New PayPal Email Scam mis (Nov 13)
- <Possible follow-ups>
- RE: New PayPal Email Scam Turpin Mark Contr AFCA/GCF (Nov 12)
- RE: New PayPal Email Scam Charles Hamby (Nov 12)