new paypal scam email
- Thread starter skyking
- Start date
the trojan is just a spoof to make the address bar in ie display something different from the site you are accessing. nothing malicious to infect your pc. it is expected from these sites.
mcafee promptly deleted the file for me.
edit: odd since the trojan slipped through though i'm using firefox 1.06
mcafee promptly deleted the file for me.
edit: odd since the trojan slipped through though i'm using firefox 1.06
- Nov 21, 2001
- 22,685
- 5,807
- 146
source: german URL hosted in Korea, probably
From - Sun Sep 04 12:09:14 2005
X-UIDL: 00761e181133b90a9c38230c3b0092e1
X-Mozilla-Status: 1001
X-Mozilla-Status2: 00000000
Return-path: <huangh@huanghochu.com>
Envelope-to: myemailhere
Delivery-date: Sun, 04 Sep 2005 11:58:46 -0700
Received: from mail19a.dulles19-verio.com ([204.202.242.24] helo=mail19a.g19.rapidsite.net)
by myserverhere with smtp (Exim 4.41)
id 1EBzhV-0004Gs-Mc
for myemailhere; Sun, 04 Sep 2005 11:58:46 -0700
Received: from mx36.stngva01.us.mxservers.net (204.202.242.11)
by mail19a.g19.rapidsite.net (RS ver 1.0.95vs) with SMTP id 3-071703323
for < myemailhere>; Sun, 4 Sep 2005 14:58:44 -0400 (EDT)
Received: from www.huanghochu.com [207.56.102.188] (EHLO huanghochu.com)
by mx36.stngva01.us.mxservers.net (mxl_mta-1.3.8-10p4) with ESMTP id 3e34b134.31207.273.mx36.stngva01.us.mxservers.net;
Sun, 04 Sep 2005 14:58:43 -0400 (EDT)
Received: (from huangh@localhost)
by huanghochu.com (8.12.11/8.12.9/Submit) id j84Iwhb1042119;
Sun, 4 Sep 2005 14:58:43 -0400 (EDT)
(envelope-from huangh)
Date: Sun, 4 Sep 2005 14:58:43 -0400 (EDT)
Message-Id: <200509041858.j84Iwhb1042119@huanghochu.com>
To: myemailhere
Subject: PayPal Security Notification of Limited Account Access [Sun, 04 Sep 2005 08:13:10 +0100]
Content-Type: text/html; charset=us-ascii
From: "service@paypal.com" <service@paypal.com>
Reply-to: "service@paypal.com" <service@paypal.com>
Content-Transfer-Encoding: 7bit
X-Accept-Language: en-us, en
X-Spam: [F=0.8460645376; heur=0.746(2900); stat=0.651; spamtraq-heur=0.500(2005090402)]
X-MAIL-FROM: <huangh@huanghochu.com>
X-SOURCE-IP: [207.56.102.188]
X-Loop-Detect:1
X-DistLoop-Detect:1
X-Virus-Scanned: Scanned by Clam Antivirus
X-Spam-Score: 3.3 (+++)
X-Spam-Report: Bayes score: 0.3388
BAYES_30=-0.904 , HTML_50_60=0.1 , HTML_IMAGE_ONLY_02=1.23 , HTML_MESSAGE=0.1 , HTML_MIME_NO_HTML_TAG=1.184 , MIME_HTML_ONLY=0.32 , SARE_FORGED_PAYPAL_C=1.3
<DIV> <A href="http://hometown.aol.de/cecylstar/" target=_blank><IMG alt="PayPal Service" src="http://hometown.aol.de/cecylstar/images/letter.jpg"> </DIV></A>
From - Sun Sep 04 12:09:14 2005
X-UIDL: 00761e181133b90a9c38230c3b0092e1
X-Mozilla-Status: 1001
X-Mozilla-Status2: 00000000
Return-path: <huangh@huanghochu.com>
Envelope-to: myemailhere
Delivery-date: Sun, 04 Sep 2005 11:58:46 -0700
Received: from mail19a.dulles19-verio.com ([204.202.242.24] helo=mail19a.g19.rapidsite.net)
by myserverhere with smtp (Exim 4.41)
id 1EBzhV-0004Gs-Mc
for myemailhere; Sun, 04 Sep 2005 11:58:46 -0700
Received: from mx36.stngva01.us.mxservers.net (204.202.242.11)
by mail19a.g19.rapidsite.net (RS ver 1.0.95vs) with SMTP id 3-071703323
for < myemailhere>; Sun, 4 Sep 2005 14:58:44 -0400 (EDT)
Received: from www.huanghochu.com [207.56.102.188] (EHLO huanghochu.com)
by mx36.stngva01.us.mxservers.net (mxl_mta-1.3.8-10p4) with ESMTP id 3e34b134.31207.273.mx36.stngva01.us.mxservers.net;
Sun, 04 Sep 2005 14:58:43 -0400 (EDT)
Received: (from huangh@localhost)
by huanghochu.com (8.12.11/8.12.9/Submit) id j84Iwhb1042119;
Sun, 4 Sep 2005 14:58:43 -0400 (EDT)
(envelope-from huangh)
Date: Sun, 4 Sep 2005 14:58:43 -0400 (EDT)
Message-Id: <200509041858.j84Iwhb1042119@huanghochu.com>
To: myemailhere
Subject: PayPal Security Notification of Limited Account Access [Sun, 04 Sep 2005 08:13:10 +0100]
Content-Type: text/html; charset=us-ascii
From: "service@paypal.com" <service@paypal.com>
Reply-to: "service@paypal.com" <service@paypal.com>
Content-Transfer-Encoding: 7bit
X-Accept-Language: en-us, en
X-Spam: [F=0.8460645376; heur=0.746(2900); stat=0.651; spamtraq-heur=0.500(2005090402)]
X-MAIL-FROM: <huangh@huanghochu.com>
X-SOURCE-IP: [207.56.102.188]
X-Loop-Detect:1
X-DistLoop-Detect:1
X-Virus-Scanned: Scanned by Clam Antivirus
X-Spam-Score: 3.3 (+++)
X-Spam-Report: Bayes score: 0.3388
BAYES_30=-0.904 , HTML_50_60=0.1 , HTML_IMAGE_ONLY_02=1.23 , HTML_MESSAGE=0.1 , HTML_MIME_NO_HTML_TAG=1.184 , MIME_HTML_ONLY=0.32 , SARE_FORGED_PAYPAL_C=1.3
<DIV> <A href="http://hometown.aol.de/cecylstar/" target=_blank><IMG alt="PayPal Service" src="http://hometown.aol.de/cecylstar/images/letter.jpg"> </DIV></A>
Jeff7
Lifer
- Jan 4, 2001
- 41,596
- 19
- 81
I got a new one too:
This was the content of the e-mail. Title was Your PayPal Payment.
Initial thought was of course "WTH, who is that?" and was about to click, but thought....hmm, odd e-mail. Better go to Paypal directly, don't click link. Plus, the "Dispute Charges" link was unusual.
No odd charges were on file. The link takes you to this site, where a fake address bar appears (in IE, but it goes away in Firefox) below the real address bar.
This was the content of the e-mail. Title was Your PayPal Payment.
Initial thought was of course "WTH, who is that?" and was about to click, but thought....hmm, odd e-mail. Better go to Paypal directly, don't click link. Plus, the "Dispute Charges" link was unusual.
No odd charges were on file. The link takes you to this site, where a fake address bar appears (in IE, but it goes away in Firefox) below the real address bar.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter