March 8, 2009

New PayPal Phishing attack

Cyber criminals are introducing new Phishing technics to steal username and password of PayPal accounts. Recently we received a mail from support[at]securitynet.com with subject "PayPal Notification" , the mails says that,
"We recently have determined that different computers have logged onto your PayPal account,and multiple password failures were present before the logins. We now need you to re-confirm your account information to us. If this is not completed by March 10, 2009, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. To confirm your Account records click on the following link"

www.paypal.com.webscr.login.using.ssl.dll22kp.info:8085/service/login.htm?cmd=_login-submit

At first sight you will believe that this is a genuine link from Paypal because when you see www.paypal.com at the begning of a link/URL or website address not only you but also everybody trust or believe or think this is genuine, but actually this is a perfectly crafted url for phishing attack.

Look at the link once again ...
www.paypal.com.webscr.login.using.ssl.dll22kp.info:8085/service/login.htm?cmd=_login-submit

This link is not from PayPal Web server, In this link the Web Server is dll22kp.info.
"www.paypal.com.webscr.login.using.ssl" is only a host part under that webserver. When you click this link the browser will be directed to webpage hosted under dll22kp.info and will display a username and password submit form exactly similar to PayPal website.

So we recommend you not to submit your username and password of PayPal or any other online accounts through links via email. Go directly to the original websites by typing in the web address.

This phisihng mail has been send from host "s228.n22.vds2000.com" .

The phishing mail..
Return-path:
Received: from cyberalbos.com
by <***>
Message-Id: <200903081840.n28IeCdH028967@cyberalbos.com>
X-Orig: static-64-223-70-226.burl.east.myfairpoint.net [64.223.70.226]
X-Authentication-Warning: cyberalbos.com: cyberalb owned process doing -bs
From: "Support"
Subject: PayPal Notification.
Date: Sun, 8 Mar 2009 13:40:22 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000



We recently have determined that different computers have logged onto your PayPal account, and multiple password failures were present before the logins. We now need you to re-confirm your account information to us. If this is not completed by March 10, 2009, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. To confirm your Account records click on the following link:


www.paypal.com.webscr.login.using.ssl.dll22kp.info:8085/service/login.htm?cmd=_login-submit

Thank you for your patience in this matter. PayPal Customer Service.
Please do not reply to this e-mail as this is only a notification.
Mail sent to this address cannot be answered.

1999-2009 PayPal. All rights reserved.


What is Phising?

Download Trend Micro Internet Security 2009 Free
Download Kingsoft Internet Security 9 with 6 Months Free Trial
Panda's Antivirus, Firewall and Internet Security With 3 Months ...
Posted by Vidhu at 10:12 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)