RE: New PayPal phish?
I saw one of these nearly a month ago, but that was it. That it comes addressed to a personal name is a bit disturbing. - Skip
RE: New PayPal phish?
> > At 08:10 AM 9/28/2007, Kenneth Porter wrote: > >Is there a new PayPal phish going about? This almost looks > >legitimate, and I imagine it would have a lot of appeal to the > >survey-lovers. (I had no communication with PayPal this week, so I > >know this is bogus.) some time ago when setup on ebay and paypal we received a legitimate email implying from and/or approved by paypal so to speak from a paypal email address and server and it was a essentially UCE spam. I checked the headers and doing a traceroute took me straight to the InfoUSA gateway... Doing a dig or two forward and reverse revealed *proper* dns forward and reverse for the paypal.com aliased smtp server inside the infousa ip network. The proper forward and reverse dns alone implies some type of agreement and consent between those orgs to any knowledgeable internetwork admin that ive ever met. Imagine that boys and girls. Deception, money, and power talk eh? Tif I remember correctly, there was essentially no comment from paypal regarding it being real or a phish. I was trying to dig it up in our archives and will post info if I find it - rh
Re: New PayPal phish?
> Is there a new PayPal phish going about? This almost > looks legitimate, and I imagine it would have a lot of > appeal to the survey-lovers. (I had no communication with > PayPal this week, so I know this is bogus.) I received those too, and before that, an email from their customer support telling me that they did not have my email in their database. What was strange, that the email was an answer to something that I had posted to THIS SpamAssassin list! The person I replied had some [EMAIL PROTECTED] address, so I though he was somehow connected with PayPal germany (if there is such!). I replied to the PayPal message that my mail was about SpamAssassin and not PayPal, and they should tell their webmaster not using a Reply-To which gets to PayPal customer service. Well, they responded... again telling that my email address can not be found from their database. Seems impossible to reach them without being a customer;) And then came those surveys... They wanted to know how they managed to help me in my problem;) They are legitimate IMO, and may be because you have replied to the sender of a message here. I enclose here the first contact from PayPal to me. It is a reply to a message to this list. --(8<)- Dear Jari Fredriksson, Thank you for contacting PayPal with your concern. Hello my name is Jorge, I am sorry to hear about the situation regarding your account and understand your frustration and concern over this issue. I am happy to assist you with your questions. Unfortunately, we didn't receive sufficient information to proceed with your question. Please provide us with additional information such as: · What issue are you experiencing? · Are you receiving an error message? (If so, please include the full error message.) · What steps are being taken when you are encountering the issue? We appreciate your assistance in resolving your question. We appreciate your patience and understanding regarding this matter, and wish you continued success on PayPal. Sincerely, Jorge PayPal Consumer Support PayPal, an eBay Company Original Message Follows: > Hello Jari! > > First here are my Config-Files: > > > The system runs with qmail, clamav and spamassassin > (xinet.d) > > > I just recognized that when I write in my config files > "ok_languages de" and some content analysis written in > the body of the mail produced by Spamassissin are not > translated into German the mail would give a reason for > another run for the Scanner? Could this be? > > Greetings Your SA-config propably is not the cause. I don't know about qmail, and how it calls SpamAssassin, but could it be that SpamAssassin is called in two separate places? First in some QMail configuration, and then later in procmail or whatever delivers the mail to the user mailbox. Something like that might look possible to me. SpamAssassin itself does not call itself no matter how you configure. The problem propably lies in qmail and other mail delivery configuration files. --(8<)-
RE: New PayPal phish?
disgusting as it is, this is almost certainly genuine. ... and to them we trust them with out money ~:( Mup. -Original Message- From: Kenneth Porter [mailto:[EMAIL PROTECTED] Sent: 28 September 2007 16:11 To: users@spamassassin.apache.org Subject: New PayPal phish? Is there a new PayPal phish going about? This almost looks legitimate, and I imagine it would have a lot of appeal to the survey-lovers. (I had no communication with PayPal this week, so I know this is bogus.)
Re: New PayPal phish?
It IS legitimate. I received one 07/14 referencing a e-mail on 07/12, and yes, on 07/12, Paypal did e-mail me (I had asked about a broken security key). At 08:10 AM 9/28/2007, Kenneth Porter wrote: Is there a new PayPal phish going about? This almost looks legitimate, and I imagine it would have a lot of appeal to the survey-lovers. (I had no communication with PayPal this week, so I know this is bogus.)
Re: New PayPal phish?
On Fri, 28 Sep 2007, Kenneth Porter wrote: > Is there a new PayPal phish going about? This almost looks > legitimate, and I imagine it would have a lot of appeal to the > survey-lovers. (I had no communication with PayPal this week, so I > know this is bogus.) I reported it to paypal as such. If not, somebody needs to take a cluebat to whoever at paypal decided to use a third party for this. "Hey! Let's train our account holders to click on random links!" -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Pelley: Will you pledge not to test a nuclear weapon? Ahmadeinejad: CIA! Secret prison in Europe! Abu Ghraib! -- Mahmoud Ahmadeinejad clumsily dodges a question (60 minutes interview, 9/20/2007) --- 240 days until the Mars Phoenix lander arrives at Mars
Re: New PayPal phish?
I saw one of these nearly a month ago, but that was it. That it comes addressed to a personal name is a bit disturbing. Yea, I got one a couple weeks back also. Having the correct name is more than a little disturbing. Makes me think that either Paypal are idiots contracting with a third party, or their database has been stolen again. Neither are happy ideas. Loren
Re: New PayPal phish?
It IS legitimate. I received one 07/14 referencing a e-mail on 07/12, and yes, on 07/12, Paypal did e-mail me (I had asked about a broken security key). But on the other hand, I very carefully checked the spam bucket plus any paypal communications when I got one of these, and I did NOT have any message from PP on or even near the specified date in the thing from echosurveys. Loren
Re: New PayPal phish?
Am 2007-09-28 10:32:47, schrieb Skip: > I saw one of these nearly a month ago, but that was it. That it comes > addressed to a personal name is a bit disturbing. > > - Skip > - END OF REPLIED MESSAGE - Right, but PayPal write the ful name in the "From:" header too. So, the message from the OP is definitivly a phish. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: New PayPal phish?
The message the OP Kenneth Porter sent? No, it wasn't a phish. At 10:01 AM 9/30/2007, Michelle Konzack wrote: Right, but PayPal write the ful name in the "From:" header too. So, the message from the OP is definitivly a phish.
