12Wonder
June 2nd, 2005, 12:08 PM
Interesting and sneaky new phishing scheme is making the rounds. This one appears to be from PayPal but is not.
The intended victim gets an email with a Subject line similar to "You have successfully added a new email address". The body of the email says "You have added (some random email address). It then tells you that if you have not added this email address to your PayPal account, you should click a provided link in the email.
Of course, many people would be alarmed at the possibility that some other email address had been added to their PayPal account without their authorization, so they would click on the link - which then gathers information from the user so it can be used fraudulently for identity theft. The link *looks* like a PayPal link, BUT it actually goes to some site owned by someone in Korea.
DON'T CLICK ANY LINK IN THE EMAIL!
I get all my emails in text-only format, so each email shows the actual underlying code, including the real location of links. Below is an example of one of these new PayPal phishing emails, shown in text-only format. You can see the link does not really belong to PayPal. If you go to DNS Stuff (http://www.dnsstuff.com) and enter the IP into a whois check, you can see clearly that this IP does not belong to PayPal.
You have added brian12313@yahoo.com <http://220.80.212.211/.secure/transactions/.paypal/pl/index.htm?a%20s%20d%20h%20a%20j%20d%20h%20a%20s%20 g%20d%20a%20s%20d%20fa%20s%20g%20h%20f%20g%20a%20s %20h%20d%20f%20a%20s%20d%20a%20s%20d%20a%20s%20d%2 0a%20s%20d%20a%20s%20d> as a new email address for your PayPal account.
If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:*
https://www.paypal.com/row/wf/f=ap_email <http://220.80.212.211/.secure/transactions/.paypal/pl/index.htm?a%20s%20d%20h%20a%20j%20d%20h%20a%20s%20 g%20d%20a%20s%20d%20fa%20s%20g%20h%20f%20g%20a%20s %20h%20d%20f%20a%20s%20d%20a%20s%20d%20a%20s%20d%2 0a%20s%20d%20a%20s%20d>
Thank you for using PayPal!
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.
----------------------------------------------------------------
* * * * * * * * * * PROTECT YOUR PASSWORD
** NEVER give your password to anyone and ONLY log in at https://www.paypal.com/. <http://220.80.212.211/.secure/transactions/.paypal/pl/index.htm?a%20s%20d%20h%20a%20j%20d%20h%20a%20s%20 g%20d%20a%20s%20d%20fa%20s%20g%20h%20f%20g%20a%20s %20h%20d%20f%20a%20s%20d%20a%20s%20d%20a%20s%20d%2 0a%20s%20d%20a%20s%20d>* Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.
---------------------------------------------------------------* **
PayPal Email ID PP007
If you receive your emails in HTML format or any format that is not text-only, you will not see the IP url for the link -- you will only see what appears to be a legitimate url. Don't be fooled. As PayPal tells everyone, they ALWAYS address you by your actual name in the body of every email they send out. Note that this false email does not.
Best solution: As always, NEVER click a link in emails like this. Instead, go to PayPal directly by typing https://www.paypal.com in your browser's address bar. Login at paypal and click Profile -> Email. Check to verify that the only email addresses in your account are ones you put in there yourself.
Anne
The intended victim gets an email with a Subject line similar to "You have successfully added a new email address". The body of the email says "You have added (some random email address). It then tells you that if you have not added this email address to your PayPal account, you should click a provided link in the email.
Of course, many people would be alarmed at the possibility that some other email address had been added to their PayPal account without their authorization, so they would click on the link - which then gathers information from the user so it can be used fraudulently for identity theft. The link *looks* like a PayPal link, BUT it actually goes to some site owned by someone in Korea.
DON'T CLICK ANY LINK IN THE EMAIL!
I get all my emails in text-only format, so each email shows the actual underlying code, including the real location of links. Below is an example of one of these new PayPal phishing emails, shown in text-only format. You can see the link does not really belong to PayPal. If you go to DNS Stuff (http://www.dnsstuff.com) and enter the IP into a whois check, you can see clearly that this IP does not belong to PayPal.
You have added brian12313@yahoo.com <http://220.80.212.211/.secure/transactions/.paypal/pl/index.htm?a%20s%20d%20h%20a%20j%20d%20h%20a%20s%20 g%20d%20a%20s%20d%20fa%20s%20g%20h%20f%20g%20a%20s %20h%20d%20f%20a%20s%20d%20a%20s%20d%20a%20s%20d%2 0a%20s%20d%20a%20s%20d> as a new email address for your PayPal account.
If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:*
https://www.paypal.com/row/wf/f=ap_email <http://220.80.212.211/.secure/transactions/.paypal/pl/index.htm?a%20s%20d%20h%20a%20j%20d%20h%20a%20s%20 g%20d%20a%20s%20d%20fa%20s%20g%20h%20f%20g%20a%20s %20h%20d%20f%20a%20s%20d%20a%20s%20d%20a%20s%20d%2 0a%20s%20d%20a%20s%20d>
Thank you for using PayPal!
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.
----------------------------------------------------------------
* * * * * * * * * * PROTECT YOUR PASSWORD
** NEVER give your password to anyone and ONLY log in at https://www.paypal.com/. <http://220.80.212.211/.secure/transactions/.paypal/pl/index.htm?a%20s%20d%20h%20a%20j%20d%20h%20a%20s%20 g%20d%20a%20s%20d%20fa%20s%20g%20h%20f%20g%20a%20s %20h%20d%20f%20a%20s%20d%20a%20s%20d%20a%20s%20d%2 0a%20s%20d%20a%20s%20d>* Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.
---------------------------------------------------------------* **
PayPal Email ID PP007
If you receive your emails in HTML format or any format that is not text-only, you will not see the IP url for the link -- you will only see what appears to be a legitimate url. Don't be fooled. As PayPal tells everyone, they ALWAYS address you by your actual name in the body of every email they send out. Note that this false email does not.
Best solution: As always, NEVER click a link in emails like this. Instead, go to PayPal directly by typing https://www.paypal.com in your browser's address bar. Login at paypal and click Profile -> Email. Check to verify that the only email addresses in your account are ones you put in there yourself.
Anne