Users are being transparently redirected to a bogus website
Phishing attack hits PayPal subscribers
/v3-uk/news/2007095/phishing-attack-hits-paypal-subscribers
04 Nov 2005, Ken Young , V3
A new phishing attack is targeting PayPal users, redirecting them to a fake site in an attempt to collect password details.
Websense Security Labs has reported the problem which begins with a spoofed email message that provides a link to download the executable 'PayPal security tool' file.
The executable, named 'PayPal-2.5.200-MSWin32-x86-2005.exe', is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests are then transparently redirected to a bogus website.
This same DNS server could also be used to redirect requests for additional websites, but currently appears to redirect only PayPal subscribers.
The next time the user attempts to visit the PayPal website, they will instead arrive at a phishing site even though the web address shown in the browser's toolbar will appear to be correct.
When the user logs in, the phishing site requests that they update their account. They are prompted to enter the following information: Name, Credit/ATM Card, Billing Address, Phone Number, Social Security Number, Mother's Maiden Name, Date of Birth, Driver's License, and Bank Account/Routing Numbers.
Below is a section of one of the malicious phishing emails being used:
'Security Measures - Are You Traveling?
PayPal is committed to maintaining a safe environment for its community of
buyers and sellers. To protect the security of your account, PayPal employs some
of the most advanced security systems in the world and our anti-fraud teams
regularly screen the PayPal system for unusual activity.
'We recently noted one or more attempts to log in to your account from a foreign country. If you accessed your account while traveling, the attempt(s) may have been initiated by you.
'Because the behavior was unusual for your account, we would like to take an extra step to ensure your security and you will now be taken through a series of identity verification pages.'
The Trojan is currently not detected by any antivirus vendors. The malicious DNS server is hosted in Romania, while the phishing server is hosted in India.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
I got one of these~
I got one of those emails and I wrote to Paypal about this before answering anything however I got no response from them. It stated that someone had tried to get money out of my account or something like that and I got scared. This happened to me a few months ago., I have deleted it though cause I was going to copy and paste it here but I guess I deleted it. Scarey!!! Thanks for informing me of this!
Posted by Angie, 07 Nov 2005
Here's a copy of the phishing email I received today
It arrived in my junkmail - it wasn't addressed to me (no email address in the recipient box) and also you will notice that it mentions me 'borrowing' my account to someone and also says my inquiry (sic) WOULD not be received - this is shit english and a dead giveaway
PayPal Security Center: Urgent PayPal Account Login Request.
Notice of account temporary suspension
Dear PayPal member :
* We regret to inform you that your PayPal account, has been temporarily blocked due to various login attempts from different global locations.
* As Romania is one of the most high rated fraudulent countries, we temporarily blocked your account to avoid future problems or misusage of your PayPal account.
* Here are the last 3 login attempts :
1. IP address : 194.102.104.2
ISP host : st13.i-cafe.onix.ro
Location : Romania
2. IP address : 217.156.19.129
ISP host : rds-net.vl.ro
Location : Romania
3. IP address : 62.177.188.59
ISP host : adsl.bbeyond.ro
Location : Romania
* If you are traveling and made these login attempts yourself or borrowed your PayPal account to someone else , please log in below.
Travelling confirmation Here
* If you want to re-activate your PayPal account , please follow our instructions.
Re-activate your account Here
* If this situation is not solved in the next 24 hours your account will be permanently suspended.
Sincerely, PayPal
________________________________
This is an automated email, please do not respond to it as your inquiry would not be received.
Posted by lynx, 14 Aug 2009