Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Posible PayPall Scam? FW: Your PayPal account is Limited.
From: "Information from transientimages.net" <info () transientimages net>
Date: Wed, 05 Mar 2003 13:13:23 -0500

Yeah. Have not seen any sort of announcements on this list on this in
past month. Is it as 'on topic' as the social engineering comments? ;) 

safeharbour () ebay com; abuse () paypal com; fraud () paypal com are recipients
that will normally get an auto 'we are investigating' response.

It is one of MANY scam html page emails coming out of paypal and ebay.
Just a little poorer in execution than most. Normally the final url in a
post form is a compromised webserver in the US. 
Note: It would be very nice for some of the hats (I am merely a cap by
comparison) here to investigate the owned servers and provide some sort
of analysis of tools used and amount of fish caught.

Thanks
Oliver (first post) Raymond



On Wed, 2003-03-05 at 12:32, Epic wrote:
I wanted to put this out and get some feedback on it,  I have looked
through the source, and it is obvious that the data is not going to
paypal,  rather to a .ru host.  Has anyone else seen this, and if so
what is the proper action for me to take at this point?
 
Robert
 
 
----- Original Message ----- 
From: info () paypal com 
To: bl00k () hack3r com 
Sent: Wednesday, March 05, 2003 12:01 PM
Subject: Your PayPal account is Limited.
 
  _____  


 <https://www.paypal.com/> PayPal
 

  <http://www.paypal.com/images/pixel.gif> 

  <http://www.paypal.com/images/pixel.gif> 
 

Dear PayPal Customer

 
PayPal is currently performing regular maintenance of our security
measures. Your account has been randomly selected for this maintenance,
and placed on Limited Access status. Protecting the security of your
PayPal account is our primary concern, and we apologize for any
inconvenience this may cause. 
To restore your account to its regular status, you must confirm your
email address by logging in to your PayPal account using the form below:


Email Address:
 
 
   

Password:
 
 


 

Bank Account
 

Enter Bank Account #:
 
 

 

Credit Card
 

Enter Credit Card #:
 
 

Exp. date :
 01    02    03    04    05    06    07    08    09    10    11    12
/  03    04    05    06    07  
 

This notification expires March 31, 2003 


Thanks for using PayPal! 

  <http://www.paypal.com/images/dot_row_long.gif> 

This PayPal notification was sent to your mailbox. Your PayPal account
is set up to receive the PayPal Periodical newsletter and product
updates when you create your account. To modify your notification
preferences and unsubscribe, go to https://www.paypal.com/PREFS-NOTI and
log in to your account. Changes to your preferences may take several
days to be reflected in our mailings. Replies to this email will not be
processed. 

If you previously asked to be excluded from Providian product offerings
and solicitations, they apologize for this e-mail. Every effort was made
to ensure that you were excluded from this e-mail. If you do not wish to
receive promotional e-mail from Providian, go to
http://removeme.providian.com/
<http://removeme.providian.com/?cnum=pp710402> . 

CopyrightC 2002 PayPal Inc. All rights reserved. Designated trademarks
and brands are the property of their respective owners. 
 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault