RE-2: [Dshield] Paypal fraud revisited: bit more info

AAA aaa at
Tue Oct 28 15:18:44 GMT 2003

Here is the original email I received.

Now, I use a commercial email firewall (MXtreme), encrypted, and
(should) accept text only......not html..

The incoming email text from the fraudulent Paypal site looks like a
normal email, but is actually an http ref (see email)

The rubbish text thereunder does not show up in html, but becomes only
visible when responding or forwarding (MXtreme only does that in text
only mode), so probably incoming email rubbish text has font colour set
same as background.

Just checking a bit further:

Doing a check on whois

inetnum: -
netname: KRNIC-KR
descr: KRNIC
descr: Korea Network Information Center

New Zealand

-----Original Message-----
From:   PayPal (userssupports at
Sent:   Sun 26/10/03 15:35
To:     Arjen
Subject:        PayPal official notice


in 1869 loook at JFZ in 1862 Shall we... Open your Thank you yUDlcqA
IFxFFbbidTf CW

in 1979 in 1966 for me 517 What's the difference? 1 let me add 120 No,
i'm sorry smash barricades

in 1915 in 1972 How are you? Illinois man in 1872 Right, thank you. Ufa
Blackout rescue Illinois man would you like of WEATHER children are in

More information about the list mailing list