[Dshield] New Paypal scam

Brenden Walker BKWalker at DRBSystems.com
Mon Sep 22 16:15:42 GMT 2003


//www.paypal.com/@211.113.186.42/pp/processing.htm

Everything before the @ is considered a user name, this appears to have
become a common way to trick people into clicking the link...cause gosh it
sure looks like paypal.




> -----Original Message-----
> From: John Dalton [mailto:dubuque_1 at msn.com] 
> Sent: Monday, September 22, 2003 11:29 AM
> To: General DShield Discussion List
> Subject: [Dshield] New Paypal scam
> 
> 
> Interesting twist on the Paypal scam, I can see where it 
> redirects, but the quality of the redirected site is good, as 
> I can not see how they are capturing it htere (I do not see 
> another redirect there) Redirects to 
> http://www.paypal.com/@> 211.113.186.42/pp/processing.htm
> 
> 
> 
> Here is header which is obvious :)
> Return-Path: <service at paypal.com>
> Received: from h000802ca9429.ne.client2.attbi.com 
> ([66.31.243.185] verified)
>   by cgpf1.cgp.netins.net (CommuniGate Pro SMTP 3.5.9)
>   with SMTP id 445158482 for dubuque1 at netins.net; Mon, 22 Sep 
> 2003 08:28:15 -0500
> Received: from visteon.com [63.205.116.3] by 
> h000802ca9429.ne.client2.attbi.com (Postfix) with ESMTP id 
> 7578A1636169 for <dubuque1 at netins.net>; Mon, 22 Sep 2003 
> 21:27:39 +0000
> Date: Mon, 22 Sep 2003 21:27:39 +0000
> From: Service <service at paypal.com>
> Subject: PayPal Account Security Measures
> To: Dubuque1 <dubuque1 at netins.net>
> References: <4CA8CCAF84327D67 at netins.net>
> In-Reply-To: <4CA8CCAF84327D67 at netins.net>
> Message-ID: <CDC3564B9BC042F8 at paypal.com>
> Reply-To: User <user at some.com>
> MIME-Version: 1.0
> Content-Type: text/html
> Content-Transfer-Encoding: 8bit
> 




More information about the list mailing list