21 June 2006

still phishing paypal

hard to believe but there are still people attempting to hack our personal information by exploiting the popularity of website merchants such as pay pal, ebay, banks and the day to day scams like the notorious nigerian perfected 419 advance fee fraud spammers. anyway here is a paypal phishing email we received this morning:

click a picture to enlarge

this is a very well crafted work of phishing it looks perfect - however we should always make it a good habit to automatically look down at the status bar to make sure that the url's match....the following screen grab was taken with the mouse hovering over the link the email presents to click to update your paypal account. then when you look down at the status bar in the lower left corner you see they dont match. hiding the true url as an ip number is very clever too as it makes it harder to identify who the domain belongs to. the part where they add :8110 at the end of the ip number must be some very clever coding ploy that hackers have discovered to redirect browsers.

From: wesawthat@gmail.com
To: abuse@rogers.com,reportphishing@antiphishing.org
Cc: spam@uce.gov
Subject: Fw: Notice: Account Review Necessity.
Date: Tue, 20 Jun 2006 16:22:07 -0500
Organization: www.wesawthat.blogspot.com

ROGERS.COM: this spam was sent to advertise a website that you host thats phishing the paypal.com website please would you terminate service to:

http://70.29.248.143

**spam email header here**
X-Gmail-Received: e4870c456a1517f3576d3ceb015973ba8dc20d7f
Delivered-To: wesawthat@gmail.com
Received: by 10.35.10.5 with SMTP id n5cs56235pyi;
Tue, 20 Jun 2006 13:50:14 -0700 (PDT)
Received: by 10.37.12.45 with SMTP id p45mr9483396nzi;
Tue, 20 Jun 2006 13:50:14 -0700 (PDT)
Return-Path:
Received: from black.tsimtung.com (static-ip-140-124-134-202.rev.dyxnet.com [202.134.124.140])
by mx.gmail.com with ESMTP id 5si11989260nzk.2006.06.20.13.50.13;
Tue, 20 Jun 2006 13:50:14 -0700 (PDT)
Received-SPF: pass (gmail.com: domain of igameadmin@igameconsoles.com designates 202.134.124.140 as permitted sender)
Received: from apache by black.tsimtung.com with local (Exim 4.50)
id 1Fsn7L-0004kp-WE
for wesawthat@gmail.com; Wed, 21 Jun 2006 04:46:36 +0800
To: wesawthat@gmail.com
Subject: Notice: Account Review Necessity.
From: PayPal.
Reply-To:
MIME-Version: 1.0
Message-Id:<1130384585.13653@paypal.com>
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Date: Wed, 21 Jun 2006 04:46:35 +0800
**copy and paste message source here**

EXTERNAL LINK