[nsp-sec] Paypal phishing data going to Ukraine
Tarmo Randel
tarmo.randel at cert.ee
Tue Jul 31 03:42:34 EDT 2012
Hello Paypal,
distributed via spam and collected @
hxxp://psrv1286425620481024cdnbeef.mimesarewelcome.od.ua/fs.php
Attached file is Verify.Account.zip (zipped Account.html, available on
request)
Source
------
Subject: PayPal Account Review Team
From: "PayPal" <members at accounts.com>
Date: 07/31/2012 02:29 AM
Dear Valued Customer,
We ask for your time to carefully read this notification sent by our
Account Review Team.
Our security system has blocked unusual charges to a credit card linked
to your account.
An intrusion into your account has been detected which
shows that someone
tried to access your PayPal account without your permission. we have
limited access to
your account due to this problem. Moreover, we have sent you an
attachment which contains
necessary steps in order to restore your account access. Please download
and open it in your
browser.
Thanks for your high attention. Please do understand
that this is a security
measure taken with intention to protect you and your account. We
apologize for any inconvenience.
Sincerely,
PayPal Account Review Team
Additional data
---------------
inetnum: 194.54.80.0 - 194.54.83.255
netname: DC-SERVER-UKRAINE
descr: Realon Service LLC
remarks: www.server.ua
---
Tarmo Randel
CERT-EE
+372 663 0254
More information about the nsp-security
mailing list