[nsp-sec] Paypal phishing data going to Ukraine
Maher, Kevin
kmaher at ebay.com
Tue Jul 31 12:42:08 EDT 2012
Ack.
Kevin
On 7/31/12 12:42 AM, "Tarmo Randel" <tarmo.randel at cert.ee> wrote:
>----------- nsp-security Confidential --------
>
>Hello Paypal,
>
>distributed via spam and collected @
>hxxp://psrv1286425620481024cdnbeef.mimesarewelcome.od.ua/fs.php
>
>Attached file is Verify.Account.zip (zipped Account.html, available on
>request)
>
>Source
>------
>
>Subject: PayPal Account Review Team
>From: "PayPal" <members at accounts.com>
>Date: 07/31/2012 02:29 AM
>
>Dear Valued Customer,
>
>We ask for your time to carefully read this notification sent by our
>Account Review Team.
>
>Our security system has blocked unusual charges to a credit card linked
>to your account.
>
> An intrusion into your account has been detected which
>shows that someone
>tried to access your PayPal account without your permission. we have
>limited access to
>your account due to this problem. Moreover, we have sent you an
>attachment which contains
>necessary steps in order to restore your account access. Please download
>and open it in your
>browser.
>
> Thanks for your high attention. Please do understand
>that this is a security
>measure taken with intention to protect you and your account. We
>apologize for any inconvenience.
>
>Sincerely,
>PayPal Account Review Team
>
>Additional data
>---------------
>inetnum: 194.54.80.0 - 194.54.83.255
>netname: DC-SERVER-UKRAINE
>descr: Realon Service LLC
>remarks: www.server.ua
>
>---
>Tarmo Randel
>CERT-EE
>+372 663 0254
>
>
>
>_______________________________________________
>nsp-security mailing list
>nsp-security at puck.nether.net
>https://puck.nether.net/mailman/listinfo/nsp-security
>
>Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>community. Confidentiality is essential for effective Internet security
>counter-measures.
>_______________________________________________
More information about the nsp-security
mailing list