Phish of the Day: PayPal
Received a PayPal Phish from 209.239.40.157 (host2.gracenet.org) on Mon, 14 Mar 2005 11:02:38 -0000. Nothing terribly remarkable, so far as these things go. For the record, it looked something like this...
[Insert PayPal logo here.]
Dear Paypal member,
PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service.
Until we can collect this information, your access to sensitive account features will be limited.
Your account access has been limited for the following reason(s):
Our system requires further account verification.
Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure.
We encourage you to log in and perform the steps necessary to restore your account access as soon as possible.
Case ID Number: PP-xxx-xxx-xxx
Please follow the link below and renew your account information: https://www.paypal.com/cgi-bin/webscr?cmd=login-run
Sincerely, PayPal Account Review Department
PayPal Email ID PPxxx
Accounts Management as outlined in our User Management , Paypal will periodically send you information about site changes and enhancements
Visit our Privacy Policy and User Agreement if you have any questions : http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy -outside
The first link actually goes to http://64.33.64.182/ (caveat: go to that address at your own risk), which, when I tested it, gave a redirect to PayPal's security page, and opened up a fake "login" window in a pop-up. The fake login was hosted at http://70.84.138.98/~updateinfo/users/res.htm (again, visit at your own risk). This is a hosting account that appears to have been set up explicitly for this job. I've notified the hosting company.
PayPal has a page about protecting yourself from fraudulent emails.
No comments:
Post a Comment