Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Spam, Scam and Phishbusters » [Phishing] ALERT!! New Vicious PAYPAL phishing
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
[Spam] Spamcop »
« [Spam] It seems i all been getting spam from one domain all this  
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable

Re: [Phishing] ALERT!! New Vicious PAYPAL phishing

Assuming that the Pay Pal system keeps the client database on a server different from their WWW server, that is exactly how it is set up.

The phisher does not access the database directly. It logs in to the WWW site just like any other PayPal member, using the user name and password which the yokel provides.

Until it bans the IP associated with the phisher, there is no way to separate this fake inquiry from a legitimate customer log-in.

I think it would have been better to have said "sceen scraper" in my earlier post.
permalink · 2006-05-08 17:20:58 · Print · Reply to this
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL

Re: [Phishing] ALERT!! New Vicious PAYPAL phishing

K Patterson See Profile is spot on, that is precisely how it works. A snippet of the source code confirms it. The phishers login.php script has a line: href="ht*tps://www.paypal.com/cgi-bin/webscr?cmd=_login-run

<html>
<head>
<title>PayPal - Log In</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="data.css" rel="stylesheet" type="text/css">
</head>

<body>
<TABLE width="620" height="68" border=0 align=center cellPadding=0 cellSpacing=0 class=main>
  <TBODY>
    <TR>
      <TD width="200" noWrap><A><IMG
      height=50 src="img/logo.gif" width=200
      border=0></A></TD>
      <TD>&nbsp;</TD>
      <TD width="161" align=right noWrap class=pptext><A href="https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run"><strong>Sign&nbsp;Up</strong></A> | <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_login-run">Log&nbsp;In</a> | <A href="https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&source_page=p/gen/jobs-outside">Help</A></TD>
    </TR>
    <TR>
      <TD height="18" noWrap>&nbsp;</TD>
      <TD width="259">&nbsp;</TD>
      <TD class=pptext noWrap align=right>&nbsp;</TD>
    </TR>
  </TBODY>
</TABLE>
<table width="100%" height="63"  border="0" cellpadding="0" cellspacing="0" background="img/bg.gif">

Banning the IP would be an effective method to block this validation and retrieval process.

MGD
permalink · 2006-05-08 19:40:33 · Print · Reply to this
Forums » Up and Running » Security » Spam, Scam and Phishbusters[Spam] Spamcop »
« [Spam] It seems i all been getting spam from one domain all this  

Wednesday, 09-Dec 19:50:38 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [198] Sprint Sued For Distracted Driving Death
· [106] AT&T Launching New 24 Mbps U-Verse Tier
· [82] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [66] Sprint Poised For A Turnaround?
· [63] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [56] AT&T Hints At Usage-Based iPhone Data Pricing
· [51] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [44] Microwaving Your Innards Is Not 'Extreme'
Most people now reading
· MicroSoft Discontinues Sale of Windows 7 Family Pack in US [Microsoft Help]
· Is sleeping similar to being dead? [General Questions]
· Comcast refused to install 400' feet. [Comcast HSI]
· RG Firmware update to VDSL2 this morning [AT&T U-verse]
· Man Downloads Child Porn "Accidentally," Faces 20 Years [Security]
· Adobe Flash Player version 10.0.42.34 [Security]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· UBB round 2 at the CRTC [Canadian Broadband]
· Cross Server Dungeon Experience [World of Warcraft]
· ICC strats [World of Warcraft]