PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Paypal Notice: Your account has been suspended



corlis
30.09.2005, 18:05
Heute bei mir eingeschlagen:

From - Fri Sep 30 xx:xx:xx 2005
X-UIDL: [UID filtered]
X-Mozilla-Status: 1001
X-Mozilla-Status2: 00000000
Received: from [200.75.31.235] (helo=mail.via.cl)
by mx23.web.de with esmtp (WEB.DE 4.105 #297)
ID: [ID filtered]
for poor [at] spamvictim.tld; Wed, 28 Sep 2005 xx:xx:xx +0200
Received: by mail.via.cl (Postfix, from userID: [ID filtered]
ID: [ID filtered]
To: poor [at] spamvictim.tld
Subject: PayPal Notice: ( Your Account Has Been Suspended. )
Message-ID: [ID filtered]
From: <support [at] paypal.com>
Content-Type: text/html
Date: Wed, 28 Sep 2005 xx:xx:xx -0400 (CLT)
Sender: mcortes [at] via.cl

Inhalt:

Erstmal ein Paypal-Logo
http://images.paypal.com/en_US/i/logo/email_logo.gif

allerdings verlinkt auf:

http://host.yahoosense.com/~temp/%20/www.paypal.com/update/secure/cgi-bin/webscrcmd_login.php

weitere Bilder wurden ebenfalls von images.paypal.com entnommen.

Dann folgt der Text:


Notification of Limited Account Access


As part of our security measures, we regularly screen activity in the PayPal system. We recently noticed the following issue on your account:

Unusual account activity has made it necessary to limit sensitive account features until additional verification information can be collected.

We have been notified that a card associated with your account has been reported as lost or stolen, or that there were additional problems with your card.

Case ID: [ID filtered]

Click here to verify your account




Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.


If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely,
PayPal Account Review Department.
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here.


Jegliche sonstigen Links verlinken auf:

ht tp://www . paypalupdate . ve . gs/

Ziemlich dummer Fisch allerdings...

Die Mail stammt offensichtlich aus Chile, über gtdinternet.com (das mit via.cl scheint also zu stimmen, es sei denn, ich hab was übersehen :P)

ve.gs ist übrigens ein spanischer Freehoster, der übrigens auch schon reagiert hat (Dominiosfree.com no permite el SPAM!)

Werden die Phisher eigentlich immer dümmer?

Bretzelsepp
01.10.2005, 01:11
Keine ahnung ob die dümmer werden...
megawebservers.com (server über die die letzte PaypalPhishingmail gekommen ist) haben mir versichert die domain geschlossen zu haben... :rolleyes:
Ein Kampf gegen Windmühlen... :o

SpamRam
13.11.2005, 22:41
header:
01: Return-Path: <kilhokim [at] main.haninlok.com>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to myname [at] gmx.net
04: Received: (qmail invoked by alias); 13 Nov 2005 xx:xx:xx -0000
05: Received: from ip67-92-84-125.z84-92-67.customer.algx.net (EHLO main.haninlok.com)
06: [67.92.84.125]
07: by mx0.gmx.net (mx007) with SMTP; 13 Nov 2005 xx:xx:xx +0100
08: Received: from main.haninlok.com (mainhaninlok.com [127.0.0.1])
09: by main.haninlok.com (8.13.1/8.13.1) with ESMTP ID: [ID filtered]
10: for <myname [at] gmx.net>; Sun, 13 Nov 2005 xx:xx:xx -0500
11: Received: (from kilhokim [at] localhost)
12: by main.haninlok.com (8.13.1/8.13.1/Submit) ID: [ID filtered]
13: for myname [at] gmx.net; Sun, 13 Nov 2005 xx:xx:xx -0500
14: Date: Sun, 13 Nov 2005 xx:xx:xx -0500
15: Message-ID: [ID filtered]
16: From: service [at] paypal.com
17: Reply-To: service [at] paypal.com
18: MIME-Version: 1.0 Content-Type: text/html\r\n
19: Content-Type: text/html Content-Transfer-Encoding: 8bit\r\n
20: Subject: PayPal Account Suspension Notice - PayPal Account Limited
21: To: myname [at] gmx.net
22: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
23: X-GMX-Antispam: 0 (Mail was not recognized as spam)
24: X-GMX-UID: [UID filtered]

bla bla bla ...
Please click on the link below to confirm your information:
Der Link wird angezeigt als: https:// www. paypal.com/cgi-bin/webscr?cmd=_login-run
Dahinter verbirgt sich der

http://evansfood.com/resolution_center/index.php

bla bla bla ...

Alles ist unterzeichnet mit: The PayPal Fraud Management Team

Eingeworfen bei http://main.haninlok.com

PayPal ist benachrichtigt.

corlis
14.11.2005, 11:06
Paypal hat schon reagiert. So wurde ich z.B. heute nach dem Einloggen mit einer Phishing-Warnung beglückt. So langsam werden sie schneller. Jetzt müsste ebay nur noch kapieren, dass Harvester Müll sind, und nicht versteigert werden sollten...

SpamRam
05.12.2005, 15:55
header:
01: Return-Path: <apache [at] wmgf31.eticodns2.com>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
04: Received: (qmail invoked by alias); 05 Dec 2005 xx:xx:xx -0000
05: Received: from unknown (EHLO wmgf31.eticodns2.com) [193.254.240.50]
06: by mx0.gmx.net (mx055) with SMTP; 05 Dec 2005 xx:xx:xx +0100
07: Received: (from apache [at] localhost)
08: by wmgf31.eticodns2.com (8.11.6/8.11.6) ID: [ID filtered]
09: Mon, 5 Dec 2005 xx:xx:xx +0100
10: Date: Mon, 5 Dec 2005 xx:xx:xx +0100
11: Message-ID: [ID filtered]
12: To: XXXXX [at] gmx.net
13: Subject: PayPal - Account Access Limited
14: From: service [at] paypal.com
15: Content-Type: text/html;
16: charset=iso-8859-1;
17: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
18: X-GMX-Antispam: 0 (Mail was not recognized as spam)
19: X-GMX-UID: [UID filtered]

Abgekippt anscheinend über ein Netzwerk in Italien: http://wmgf31.eticodns2.com

Dorthin auch Return-Mail; aber der im Text verschleierte Link geht nach Korea
http://mail.jangup.com/https/www.paypal.com/webscr/secure/ssl/resolution_center/index.php