Date Reported 27th February 2005
Apparent Sender PayPal
Return Address Account management, PayPal <fp-agent@paypal.com>
Subject Your account was used in Italy , Sorry For Inconvenience Last Request
Format HTML
Method Spoof email links to a spoof webpage where victim is prompted to enter their details believing the site is genuine. Details are then forwarded to a local script and captured.
Bogus Web Content? Yes
URL of web content http://80.33.168.40/paypal.com/cgi-bin/webscr-ID/
RISK LEVEL MEDIUM
WARNINGS 1. Email claims to be from PayPal asking you to confirm your account data by clicking on the link. You will be taken to a spoof login page where your details will be captured by the phishers.
2. PayPal never send users emails requesting details in this way.
3. URL of spoof website disguised as " https://www.paypal.com/cgi-bin/webscr?cmd=_login-run " by an image in the body of the email - a technique used to get past spam filters!
4. Real URL looks nothing like PayPal!
5. Website traced to Madrid, Spain.
" We recently noticed an attempt to log in to your PayPal account from a foreign IP address and we have reason to belive that your account was used by a third party without your authorization."
If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.
|
