Re: [Full-disclosure] Another PayPal phishing scam
phased wrote: > look dont bother reporting these there are hundreds everyday, no one gives a > shit Well, actually, many people do care. For one, there are those at the targeted organizations concerned that their "good name" is being further besmirched and confidence in their irganization being further eroded. There are law enforcement folk actively tracking some of the major fraudsters behind some of these scams. There are the folk at the ISPs, etc hosting the fraudulent sites concerned with improving the security of their systems (recently many of the phishing scam sites have been hosted on boxes compromised through awstats, PHP Gallery, phpBB and similar vulns and many of these boxes are at hosting services where it is the service's responsibility to provide and update those services). However, despite the existence of all these possibly interested folk, Full-Disclosure is not the right, or even a _useful_, place to report such things. As you and others have pointed out, there are literally dozens to hundreds of these every day (I have received about a dozen PayPal and various bank phishing scam messages at this address in the last few days and if anything that is down slightly from the norm). There are organizations like the Anti-Phishing Working Group where you can report ocasional phishing spams. More dedicated "anti-phishers" will have their own preferred mechanisms. Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Another PayPal phishing scam
MW is right, it would be better to forward the e-mail as text to [EMAIL PROTECTED] If you get a ebay phishing e-mail, send that to [EMAIL PROTECTED], then I try to send all of those WAMU to [EMAIL PROTECTED] I also had this phishing attempt in my mailbox, the site is currently now. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Morning Wood > Sent: Monday, May 02, 2005 6:06 PM > To: Julio Cesar Fort; full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Another PayPal phishing scam > > > Today I received a fake message pretending to be from > PayPal Security > > Center. The most intersting thing is that I don't even have > a PayPal > > account. > > > > quite common. i am supprised its your first one. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Another PayPal phishing scam
look dont bother reporting these there are hundreds everyday, no one gives a shit -Original Message- From: "Julio Cesar Fort" <[EMAIL PROTECTED]> To: full-disclosure@lists.grok.org.uk Date: Mon, 2 May 2005 19:29:24 -0000 Subject: [Full-disclosure] Another PayPal phishing scam > > Today I received a fake message pretending to be from PayPal Security > Center. The most intersting thing is that I don't even have a PayPal > account. > > The fake PayPal link points to a possibly compromised server in Spain > (http://217.11.100.3/~cs/paypal/) > > Regards, > Julio Cesar Fort (julio at rfdslabs com br) > Recife, PE, Brasil > > www.rfdslabs.com.br - computers, sex, human mind, music and more. > > -- scam (in raw text) -- > Security Center Advisory! > > We recently noticed one or more attempts to log in to your PayPal account > from a foreign IP address and we have reasons to belive that your account > was hijacked by a third party without your authorization. If you recently > accessed your account while traveling, the unusual log in attempts may have > been initiated by you. > > If you are the rightful holder of the account you must click the link below > and then complete all steps from the following page as we try to verify your > identity. > > Click here to verify your account > > If you choose to ignore our request, you leave us no choice but to temporaly > suspend your account. > > Thank you for using PayPal! The PayPal Team > Please do not reply to this e-mail. Mail sent to this address cannot be > answered. For assistance, log in to your PayPal account and choose the > "Help" link in the footer of any page. > > To receive email notifications in plain text instead of HTML, update your > preferences here. > > PayPal Email ID PP697 > -- end of scam -- > > > Message > sent using UebiMiau 2.7.2 > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Another PayPal phishing scam
On Tue, May 03, 2005 at 10:44:43AM +0300, cumhur onat wrote: > how cant authorities do anything about this servers? Well, the internet was designed to be able to survive nuclear strikes... let alone any peaceful means of shutting stuff down. It's very, very difficult. And don't forget that these servers *are* closed within a couple of hours, most of the time - but that appears not to be enough to make it unprofitable. Joachim pgpSiEWC3BVHh.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Another PayPal phishing scam
how cant authorities do anything about this servers? On 5/2/05, Julio Cesar Fort <[EMAIL PROTECTED]> wrote: Today I received a fake message pretending to be from PayPal SecurityCenter. The most intersting thing is that I don't even have a PayPalaccount.The fake PayPal link points to a possibly compromised server in Spain (http://217.11.100.3/~cs/paypal/)Regards,Julio Cesar Fort (julio at rfdslabs com br)Recife, PE, Brasilwww.rfdslabs.com.br - computers, sex, human mind, music and more.-- scam (in raw text) --Security Center Advisory!We recently noticed one or more attempts to log in to your PayPal accountfrom a foreign IP address and we have reasons to belive that your account was hijacked by a third party without your authorization. If you recentlyaccessed your account while traveling, the unusual log in attempts may havebeen initiated by you.If you are the rightful holder of the account you must click the link below and then complete all steps from the following page as we try to verify youridentity.Click here to verify your accountIf you choose to ignore our request, you leave us no choice but to temporaly suspend your account.Thank you for using PayPal! The PayPal TeamPlease do not reply to this e-mail. Mail sent to this address cannot beanswered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.To receive email notifications in plain text instead of HTML, update yourpreferences here.PayPal Email ID PP697-- end of scam -- Messagesent using UebiMiau 2.7.2___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Another PayPal phishing scam
On Monday 02 May 2005 20:29, Julio Cesar Fort wrote: > Today I received a fake message pretending to be from PayPal Security > Center. The most intersting thing is that I don't even have a PayPal > account. I would say that's the least interesting thing. -Nigel ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Another PayPal phishing scam
On Mon, May 02, 2005 at 04:05:47PM -0700, Morning Wood wrote: > > Today I received a fake message pretending to be from PayPal Security > > Center. The most intersting thing is that I don't even have a PayPal > > account. > > quite common. i am supprised its your first one. I usually receive about two paypal & ebay "messages" per week, and a dozen or so bank notices from all over the world. (plus the obligatory dozen nigerian/irakian/laos/other scams per day. Not counting duplicates of the same one) This address has been active for a year and a half, and has been used to post to about four of the security mailing lists I'm subscribed to. So, be patient. You'll have your fill quickly. -- Vincent ARCHER [EMAIL PROTECTED] Tel : +33 (0)1 40 07 47 14 Fax : +33 (0)1 40 07 47 27 Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Another PayPal phishing scam
> Today I received a fake message pretending to be from PayPal Security > Center. The most intersting thing is that I don't even have a PayPal > account. > quite common. i am supprised its your first one. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Another PayPal phishing scam
Today I received a fake message pretending to be from PayPal Security Center. The most intersting thing is that I don't even have a PayPal account. The fake PayPal link points to a possibly compromised server in Spain (http://217.11.100.3/~cs/paypal/) Regards, Julio Cesar Fort (julio at rfdslabs com br) Recife, PE, Brasil www.rfdslabs.com.br - computers, sex, human mind, music and more. -- scam (in raw text) -- Security Center Advisory! We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address and we have reasons to belive that your account was hijacked by a third party without your authorization. If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. If you are the rightful holder of the account you must click the link below and then complete all steps from the following page as we try to verify your identity. Click here to verify your account If you choose to ignore our request, you leave us no choice but to temporaly suspend your account. Thank you for using PayPal! The PayPal Team Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page. To receive email notifications in plain text instead of HTML, update your preferences here. PayPal Email ID PP697 -- end of scam -- Message sent using UebiMiau 2.7.2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/