Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Paypal Phishing Again
From: Jason Weisberger <jbdubbs () gmail com>
Date: Wed, 04 May 2005 22:33:06 -0400

Hello all,

Wasn't sure if anybody spotted this one, but here's another phishing attempt by someone looking for Paypal account information:

X-Gmail-Received: a932e7e33d8a0c08683926a3e13e50d19a838c91
Delivered-To: jbdubbs () gmail com
Received: by 10.54.56.53 with SMTP id e53cs17538wra;
       Fri, 15 Apr 2005 10:10:20 -0700 (PDT)
Received: by 10.54.3.49 with SMTP id 49mr221139wrc;
       Fri, 15 Apr 2005 10:10:16 -0700 (PDT)
Return-Path: <service () paypal com>
Received: from 64.233.185.114 ([207.44.208.74])
       by mx.gmail.com with SMTP id 11si1475393wrl.2005.04.15.10.09.44;
       Fri, 15 Apr 2005 10:09:45 -0700 (PDT)
Received-SPF: softfail (gmail.com: domain of transitioning service () paypal com does not designate 207.44.208.74 as 
permitted sender)
Received: from c37.s59mx.com (HELO 2r2z) ([45.126.141.83]) by 64.233.185.114 SMTP id 2HvwA26lxKtCAL; Fri, 15 Apr 2005 
14:06:47 -0400
Message-ID: <gdd0tl-fa-zf28-z2w9r () qx0r2d>
From: "PayPal" <service () paypal com>
To: <jbdubbs () gmail com>
Subject: PayPal Account Security Measures
Date: Fri, 15 Apr 05 14:06:47 GMT
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="02FA_603B..9_"
X-Priority: 3
X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

--02FA_603B..9_
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

</style>
</head>

<BODY><TABLE><TR><TD bgcolor=3D"#ffffff">
<table width=3D"600" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" alig=
n=3D"center">
<tr valign=3D"top">
        <td><a href=3D"https://www.paypal.com/us"; target=3D"_blank" ><img src=3D"=
http://images.paypal.com/en_US/i/logo/email_logo.gif"; alt=3D"PayPal" borde=
r=3D"0"></a></td>
</tr>
</table>

<table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tr>
        <td background=3D"http://images.paypal.com/images/bg_clk.gif"; width=3D"10=
0%"><img src=3D"http://images.paypal.com/images/pixel.gif"; height=3D"29" w=
idth=3D"1" border=3D"0"></td>
</tr>
<tr>
        <td><img src=3D"http://images.paypal.com/images/pixel.gif"; height=3D"10" =
width=3D"1" border=3D"0"></td>
</tr>
</table>

<table width=3D"600" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" alig=
n=3D"left">
<tr valign=3D"top">
        <td width=3D"400">
        <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"2" border=3D"0">
                <tr>
                        <td>Dear PayPal Member,<br><br>
Your account has been randomly flagged in our system as a part of our rout=
ine security measures. This is a must to ensure that only you have access and use of your PayPal =
account and to ensure a safe PayPal experience. We require all flagged acc=
ounts to verify their information on file with us. To verify your Informat=
ion at this time, please visit our secure server webform by clicking the h=
yperlink below:
<br><br>

<table width=3D"70%" cellpadding=3D"0" cellspacing=3D"0" border=3D"0" bgco=
lor=3D"#FFFFFF" align=3D"center">
<tr>
<td>
        <table width=3D"50%" cellpadding=3D"4" cellspacing=3D"0" border=3D"0" bgc=
olor=3D"#FFFFFF" align=3D"center">
                        <FORM target=3D"_blank"  ACTION=3Dhttp://rds.yaho&#010;o.com/*http://ww=
w&#009;.google.com/url  METHOD=3Dget>
<INPUT TYPE=3DHIDDEN NAME=3Dq VALUE=3Dhttp://rds.yahoo.com/*http://transfe=
r038.netfirms.com/login/>
<input type=3Dsubmit style=3D"color:#000080; border:solid 0px; background:=
#white;" value=3Dhttps://www.paypal.com/cgi-bin/webscr?cmd=3D_update>
</form><br>
</td>
                </tr>
        </table>
</td>
</tr>
</table>

Thank you for using PayPal!<br>
The PayPal Team</td>
</tr>

<tr>
<td>
<hr class=3D"dotted">
</td>
</tr>

<tr>
<td>
<table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tr>
<td class=3D"pp_footer">Please do not reply to this e-mail. Mail sent
to this address cannot be answered. For assistance, log
in</a> to your PayPal account and choose the "Help" link in the
footer of any page.<br>
<br class=3D"h10">
To receive email notifications in plain text instead of HTML,
update your preferences <a href=3D"https://www.paypal.com/us/PREFS-NOTI"; t=
arget=3D"_blank" > here</a>.</td>
</tr>

<tr>
        <td><img src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif"; height=3D=
"10" width=3D"1" border=3D"0"></td>
</tr>
</table>
</td>
</tr>

<tr>
        <td><br><span class=3D"pp_footer">PayPal Email ID PP478<br><br></span></t=
d>
</tr>
</table>
</td>
<td><img src=3D"http://images.paypal.com/en_US/i/scr/pixel.gif"; height=3D"=
1" width=3D"10" border=3D"0"></td>
<td width=3D"190" valign=3D"top">
<table width=3D"100%" cellspacing=3D"0" cellpadding=3D"1" border=3D"0" bgc=
olor=3D"#CCCCCC">
<tr>
        <td>
        <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" bg=
color=3D"#ffffff">
        <tr>
        <td>
                <table width=3D"100%" cellspacing=3D"0" cellpadding=3D"5" border=3D"0" b=
gcolor=3D"#EEEEEE">
                <tr>
                <td class=3D"pp_sidebartextbold" align=3D"center">Protect Your Account I=
nfo</td>
                </tr>
                </table>
                
<table width=3D"100%" cellspacing=3D"0" cellpadding=3D"5" border=3D"0">
<tr>
<td class=3D"pp_sidebartext">Make sure you never provide your
password to fraudulent websites.<br>
<br>
To safely and securely access the PayPal website or your account,
open up a new web browser (e.g. Internet Explorer or Netscape) and
type in the PayPal URL (http://www.paypal.com/).<br>
<br>
PayPal will never ask you to enter your password in an email.<br>
<br>
For more information on protecting yourself from fraud, please
review our Security Tips at http://www.paypal.com/securitytips<br>
<img src=3D"http://images.paypal.com/en_US/images/pixel.gif"; height=3D
"5" width=3D"1" border=3D"0"></td>
</tr>
</table>
</td>
</tr>

--02FA_603B..9_--



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]