
Full Disclosure mailing list archives
Re: Fwd: [cryptography] Paypal phish using EV certificate
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 13 Aug 2013 07:26:47 -0400
On Tue, Aug 13, 2013 at 7:22 AM, Julius Kivimäki <julius.kivimaki () gmail com> wrote:
All of the domains involved just happen to be registered on markmonitor by PayPal. Really doubt this has anything to do with phishing.
According to http://www.linuxevolution.net/?p=12 (referenced in the original email), Paypal stated the site "paypal-communication.com" was a phishing site.
2013/8/13 Jeffrey Walton <noloader () gmail com>It looks like Paypal has suffered a break-in and phishing attempts are being made on its users. Time to sell you stock (or buy it short) for the immediate future. ---------- Forwarded message ---------- From: Jeffrey Walton <noloader () gmail com> Date: Tue, Aug 13, 2013 at 5:25 AM Subject: Re: [cryptography] Paypal phish using EV certificate To: Peter Gutmann <pgut001 () cs auckland ac nz> Cc: cryptography () randombit net On Tue, Aug 13, 2013 at 5:10 AM, Peter Gutmann <pgut001 () cs auckland ac nz> wrote:I recently got a another of the standard phishing emails for Paypal, directing me to https://email-edg.paypal.com, which redirects to https://view.paypal-communication.com, which has a PayPal EV certificate from Verisign. According to this post http://www.onelogin.com/a-paypal-phishing-attack/ it may or may not be a phishing attack (no-one's really sure), and this post http://www.linuxevolution.net/?p=12 says it is a phishing attack and the site will be shut down by Paypal... back in May 2011. Can anyone explain this? It's either a really clever phish (or the CAs are following their historically lax levels of checking), or Paypal has joined the ranks of US banks in training their users to become phishing victims.If that's true, I think the more interesting fact is: it appears email-edg.paypal.com is controlled by the attacker. Why else would Paypal redirect from a host in their domain to a host not in their domain controlled by the adversary? (Its a bit different than standard phishing training where both hosts/domains are controlled by Paypal). Has Paypal fess'ed up to any break-ins or breaches?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: [cryptography] Paypal phish using EV certificate Jeffrey Walton (Aug 13)
- Re: Fwd: [cryptography] Paypal phish using EV certificate Julius Kivimäki (Aug 13)
- Re: Fwd: [cryptography] Paypal phish using EV certificate Jeffrey Walton (Aug 13)
- Re: Fwd: [cryptography] Paypal phish using EV certificate Julius Kivimäki (Aug 13)
- Re: Fwd: [cryptography] Paypal phish using EV certificate Jeffrey Walton (Aug 13)
- Re: Fwd: [cryptography] Paypal phish using EV certificate Julius Kivimäki (Aug 13)