Monday, December 8, 2008

Another paypal phishing example

Hi all, last week, I found following mail in my junk-box :



If you look at the "source" of the message, you'll see that the link is not pointing to "paypal.com" but to "http://paypal.user-data-confirmation.com/index.htm"

And it turns out that the "user-data-confirmation.com" domain is owned by a "phishy" chinese company. If you want to know where they live:

Registrant:
Organization : LIUXIUYING
Name : LIUXIUYING
Address : JIANSHELU122
City : hangzhoushi
Province/State : zhejiangsheng
Country : china
Postal Code : 312062

Have you found similar mails in you mailbox ? Please let us know so we can warn other users about it !

Jan
Geplaatst door op No comments:

Monday, December 1, 2008

Blog about banking phishing scams

Following blog serves as a repository for examples of phishing scams to help information security professionals, bankers, and consumers become familiar with the latest ploys used by phishers to try to gain access to sensitive information.

http://www.bankersonline.com/phishing/

It provides interesting answers to questions like "What response rate is needed for spam to make money?"

Check it out !

Jan
Geplaatst door op No comments:
Labels:

Google Adwords phishing


A few days ago, I received following mail in my inbox:

As the chance is small that Google would send such an e-mail to its customers, I decided to have a closer look at the links inside this message.

If you look at the html-source of the e-mail, you can see that it is not linking to google but to a site somewhere in China. (http://www.adwords.google.com.wwwgroup.cn/select/Login) Some further research shows that this domainname is owned by a certain "Mister gfdthy", so it would not be wise to pass your login details to these guys :)

Domain Name: wwwgroup.cn
ROID: 20081120s10001s66930159-cn
Domain Status: clientHold
Registrant Organization: gfdthy
Registrant Name: hrthhtfhrth
Geplaatst door op No comments:
Labels:

Monday, November 24, 2008

American Express Phishing



ANOTHER CASE
Here is a reproduction of a fraudulent email recently reported to American Express. The phishers tried to get information about ones account.
The warning from Amex clearly highlights not to give any information under this type of requests since they are not originated in Amex.

You can see the whole story in the following URL (in french) from american express Belgium:
Geplaatst door op 1 comment:
Labels:

Sunday, November 23, 2008

Paypal - L'acces a votre compte est restreint

One of our friends recently received following e-mail in his inbox:

Bonjour Utilisateur PayPal,


Dans le cadre de nos mesures de securite, nous contrlons regulierement les activites en cours dans le systeme PayPal. Au cours d'une recente verification, nous avons releve un probleme sur votre compte PayPal.

En etudiant votre compte, nous nous sommes rendu compte que nous avions besoin d'informations supplementaires pour vous fournir un service securise.


Numero de reference : PP-538-718-203

Vous pouvez consulter votre compte et prendre connaissance de tout ou partie des informations utilisees par PayPal dans sa decision de restreindre l'acces a votre compte en consultant le Gestionnaire de litiges. Si, apres avoir pris connaissance des informations concernant votre compte, vous souhaitez obtenir de plus amples informations sur l'acces a votre compte, veuillez contacter PayPal en cliquant sur le lien 'Service clientele' , present dans les pages d'aide.

Nous apprecions l'attention que vous voudrez porter a cette question. Nous esperons que vous comprendrez qu'il s'agit d'une mesure de securite destinee a vous proteger et a proteger votre compte PayPal.

Nous vous prions de nous excuser pour la gne occasionnee.

Cordialement,
PayPal


----------------------------------------------------------------
Copyright 1999-2008 PayPal. Tous droits reserves.

PayPal (Europe) S.a r.l. & Cie, S.C.A.
Societe en Commandite par Actions
Siege social : 5eme etage 22-24 Boulevard Royal L-2449, Luxembourg
RCS Luxembourg B 118 349

Email PayPal n PP522


At first sight it looks like a genuin mail from PayPal. However, the text highlighted in red should already raise some suspicions. Secondly, if you would look at the source of the e-mail, you'll see that the link "Cliquez ici pour verifier votre compte PayPal" is not linking to PayPal, but to another website: http://www.tongknweb.com/design03/confirmation=_account-run/login.jsp/



Fortunately there are some tools on the internet that allow you to find out more information about this link.

If you look who owns this domain name, you'll see that it is registered by a Korean company in Seoul. (http://whois.domaintools.com/tongknweb.com).

On www.millersmiles.co.uk you can even see the location of the company (http://www.millersmiles.co.uk/server_information/www.tongknweb.com)

And on following link, you can see that Paypal customers are not the only victim of this company.





Geplaatst door op No comments:
Labels:
Subscribe to: Comments (Atom)