All the latest UK technology news, reviews and analysis
|
|
|
04 Nov 2005
A new phishing attack is targeting PayPal users, redirecting them to a fake site in an attempt to collect password details.
Websense Security Labs has reported the problem which begins with a spoofed email message that provides a link to download the executable 'PayPal security tool' file.
The executable, named 'PayPal-2.5.200-MSWin32-x86-2005.exe', is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests are then transparently redirected to a bogus website.
This same DNS server could also be used to redirect requests for additional websites, but currently appears to redirect only PayPal subscribers.
The next time the user attempts to visit the PayPal website, they will instead arrive at a phishing site even though the web address shown in the browser's toolbar will appear to be correct.
When the user logs in, the phishing site requests that they update their account. They are prompted to enter the following information: Name, Credit/ATM Card, Billing Address, Phone Number, Social Security Number, Mother's Maiden Name, Date of Birth, Driver's License, and Bank Account/Routing Numbers.
Below is a section of one of the malicious phishing emails being used:
'Security Measures - Are You Traveling?
PayPal is committed to maintaining a safe environment for its community of
buyers and sellers. To protect the security of your account, PayPal employs some
of the most advanced security systems in the world and our anti-fraud teams
regularly screen the PayPal system for unusual activity.
'We recently noted one or more attempts to log in to your account from a foreign country. If you accessed your account while traveling, the attempt(s) may have been initiated by you.
'Because the behavior was unusual for your account, we would like to take an extra step to ensure your security and you will now be taken through a series of identity verification pages.'
The Trojan is currently not detected by any antivirus vendors. The malicious DNS server is hosted in Romania, while the phishing server is hosted in India.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Leading Financial Trading Systems Brokerage / Capital...
Technical Consultant - Windows, Virtualisation, HP, Server...
The role requires an experienced Project Manager, particularly...
iPhone and iPad developer required! We are seeking...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Here's a copy of the phishing email I received today
It arrived in my junkmail - it wasn't addressed to me (no email address in the recipient box) and also you will notice that it mentions me 'borrowing' my account to someone and also says my inquiry (sic) WOULD not be received - this is shit english and a dead giveaway PayPal Security Center: Urgent PayPal Account Login Request. Notice of account temporary suspension Dear PayPal member : * We regret to inform you that your PayPal account, has been temporarily blocked due to various login attempts from different global locations. * As Romania is one of the most high rated fraudulent countries, we temporarily blocked your account to avoid future problems or misusage of your PayPal account. * Here are the last 3 login attempts : 1. IP address : 194.102.104.2 ISP host : st13.i-cafe.onix.ro Location : Romania 2. IP address : 217.156.19.129 ISP host : rds-net.vl.ro Location : Romania 3. IP address : 62.177.188.59 ISP host : adsl.bbeyond.ro Location : Romania * If you are traveling and made these login attempts yourself or borrowed your PayPal account to someone else , please log in below. Travelling confirmation Here * If you want to re-activate your PayPal account , please follow our instructions. Re-activate your account Here * If this situation is not solved in the next 24 hours your account will be permanently suspended. Sincerely, PayPal ________________________________ This is an automated email, please do not respond to it as your inquiry would not be received.
Posted by: lynx 14 Aug 2009
I got one of these~
I got one of those emails and I wrote to Paypal about this before answering anything however I got no response from them. It stated that someone had tried to get money out of my account or something like that and I got scared. This happened to me a few months ago., I have deleted it though cause I was going to copy and paste it here but I guess I deleted it. Scarey!!! Thanks for informing me of this!
Posted by: Angie 07 Nov 2005