|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Orac
WsIRT Handler
Joined: Oct 28, 2006
Posts: 18
Location: Third stone from the Sun
|
 Posted: Wed Jul 02, 2008 2:33 pm Post subject: PayPal phishing attempt. |
|
|
Details
| Quote: | Return-Path: <akstcacesemnsdgs@acese.com>
Delivered-To: 29-****@*********.com
Received: (qmail 3897 invoked from network); 2 Jul 2008 06:29:42 +0000
Received: from e176102064.adsl.alicedsl.de (HELO shri-fm6d2dbkts) (85.176.102.64)
by malwareremoval.com with SMTP; 2 Jul 2008 06:29:41 +0000
Received-SPF: none (malwareremoval.com: domain at acese.com does not designate permitted sender hosts)
Received: from [85.176.102.64] by mail.acese.com; Wed, 2 Jul 2008 07:29:40 +0100
Date: Wed, 2 Jul 2008 07:29:40 +0100
From: abuse@intl.paypal.com
X-Mailer: The Bat! (v3.71.04) Home
Reply-To: akstcacesemnsdgs@acese.com
X-Priority: 3 (Normal)
Message-ID: <190841254.59227895522953@acese.com>
To: ****@**********.com
Subject: PayPal Security Measures
MIME-Version: 1.0
Content-Type: text/html;
charset=Windows-1252
Content-Transfer-Encoding: 7bit
X-NAS-Bayes: #0: 4.62939E-035; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 42965
X-NAS-Validation: {18FA6F6D-E771-4733-B913-C2DDDD6D3B88}
|
Source
| Quote: |
Return-Path: <akstcacesemnsdgs@acese.com>
Delivered-To: 29-****@**********.com
Received: (qmail 3897 invoked from network); 2 Jul 2008 06:29:42 +0000
Received: from e176102064.adsl.alicedsl.de (HELO shri-fm6d2dbkts) (85.176.102.64)
by malwareremoval.com with SMTP; 2 Jul 2008 06:29:41 +0000
Received-SPF: none (malwareremoval.com: domain at acese.com does not designate permitted sender hosts)
Received: from [85.176.102.64] by mail.acese.com; Wed, 2 Jul 2008 07:29:40 +0100
Date: Wed, 2 Jul 2008 07:29:40 +0100
From: abuse@intl.paypal.com
X-Mailer: The Bat! (v3.71.04) Home
Reply-To: akstcacesemnsdgs@acese.com
X-Priority: 3 (Normal)
Message-ID: <190841254.59227895522953@acese.com>
To: ****@*********.com
Subject: PayPal Security Measures
MIME-Version: 1.0
Content-Type: text/html;
charset=Windows-1252
Content-Transfer-Encoding: 7bit
X-NAS-Bayes: #0: 4.62939E-035; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 42965
X-NAS-Validation: {18FA6F6D-E771-4733-B913-C2DDDD6D3B88}
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>
<html>
<TABLE cellSpacing=0 cellPadding=0 width=350 border=0>
<TBODY>
<TR>
<TD><IMG height=50 alt="" src="https://www.paypal.com/en_US/i/logo/paypal_logo.gif" width=200></TD>
</TR>
<TR>
<TD bgColor=#f3f1e9 rowSpan=2>
<TABLE cellSpacing=2 cellPadding=5 width=350 border=0>
<TBODY>
<TR>
<TD><P><FONT face=Arial size=2><b>Dear PayPal holder,<b></FONT></P>
<P><FONT face=Arial size=1>
PayPal Online Department has recently reviewed your account,<br> and suspect that your
PayPal account may have been<br> accessed from an unauthorized computer or by a third
party.<br> This may be due to changes in your IP address or location.<br> Protecting the
security of your account and the PayPal network<br> is our primary concern.<br><br>
Therefore, for your account protection and integrity,<br> PayPal Online Department has temporarily locked your account and recommends
you to login and report any unnoticed password changes, unauthorized withdrawals, and check
your account profile to make sure no changes have been made.<br><br>
To protect your account, please keep in mind these instructions:<br><br>
* Do not share your password with other users.<br><br>
* Log off and close the Internet explorer window after using your<br> online account,
especially if you are in a public place.<br><br>
Please follow the link below to verify your identity and unlock your account:<br><br>
<a href="http://paypal.data-update.com"
target="_blank">https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-submit&dispatch=5885d80a13c0db1f1ff80d546411d7f823b5265b6559fc2aae010bfb00cf3c64</a><br><br>
<br>We apologize for any inconvenience this may cause, and appreciate your assistance in
helping us maintaining the integrity of the entire PayPal system.
<TD><FONT face=Arial size=2></FONT></TD></TR>
<TR>
<TD><FONT face=Arial size=2></FONT></TD></TR>
<TR>
<TD><FONT face=Arial size=2></FONT></TD></TR>
<TR>
<TD><FONT face=Arial size=2> </FONT></TD></TR>
<TR>
<TD><FONT face=Arial size=2> </FONT></TD></TR>
<TR>
<TD>
<FORM name=login><B> </B><BR></FORM></TD></TR></TBODY></TABLE></TD>
</TR>
</TBODY></TABLE></CENTER>
</html>
</BODY></HTML>
|
Email address obfuscated for obvious reasons.
|
|
| Back to top |
|
 |
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2665
|
| Posted: Wed Jul 02, 2008 3:37 pm Post subject: |
|
|
The correct place to post this is  /pirt
That will fetch the source code for the site itself and will put it into the queue to have one of the PIRT handlers work on it. They gather evidence for law enforcement and look for ways to stop the personal data that victims have already entered from being collected by the phishers.
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
