Re: CRIME Suspicious PayPal Verification Email

From: Crispin Cowan (crispin@private)
Date: Mon Sep 16 2002 - 14:30:23 PDT

Next message: George Heuston: "CRIME FW: [Cyber_threats] Daily News 09/17/02"

Previous message: Wil Cooley: "Re: CRIME Suspicious PayPal Verification Email"
In reply to: Andrew Plato: "CRIME Suspicious PayPal Verification Email"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Plato wrote:

>This looks like a scam, did anybody else get this?
>
>I got this email last week. If you look at the URL, it goes to a different IP address (212.159.188.6). I did a reverse lookup on the name and traced it back to some dialup account in England. 
>
Yes, it appears to be the same scam I mentioned here a few days ago.

What isn't evident from Andrew's post (because he posted in plain ASCII 
instead of HTML) is that the URL the scammer provides has a text 
representation that says paypal.com, but the ACTUAL URL underneith it 
points to paypalsys.com. Since Andrew is discussing funky IPs going to 
end-users in the UK, I presume that they're at it again.

Crispin

>
>I don't know - looks like a scam to me. If you click the link you go to an apparently legitimite looking PayPal site. But that could have been easily duplicated. I didn't investigate any further than that. I have to be on my way to a customer meeting. 
>
>------------------------------------
>Andrew Plato, CISSP
>President / Principal Consultant
>Anitian Corporation
>
>(503) 644-5656 office
>(503) 201-0821 cell
>http://www.anitian.com
>------------------------------------
>
>-----Original Message-----
>From: service@private [mailto:service@private]
>Sent: Sunday, September 15, 2002 1:29 PM
>To: Andrew Plato
>Subject: PayPal Verification
>
>
>Dear PayPal Member,
>Please log into your PayPal account using the following link to confirm you are still an active PayPal user asap. 
>We are now requesting the password to the e-mail address you signed up to PayPal with. This is so our systems can confirm the confirmation e- mails off PayPal stay in your account because there has been a rise in the amount of fraudsters getting access to users e-mail addresses and deleting the Paypal confirmations. 
>This is to protect you and ourselves. 
>PayPal will use this information for fraud protection only. 
>This is our new yearly checkup process to screen any inactive accounts. 
>https://www.paypal.com/cgi-bin/webscr?cmd=_login- run - run 
>Thankyou for your co-operation. 
>Regards
>PayPal Support
>
>  
>

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html

Next message: George Heuston: "CRIME FW: [Cyber_threats] Daily News 09/17/02"
Previous message: Wil Cooley: "Re: CRIME Suspicious PayPal Verification Email"
In reply to: Andrew Plato: "CRIME Suspicious PayPal Verification Email"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 16 2002 - 14:58:59 PDT