This morning I found in my personal inbox a paypal phish that looks pretty darn legit (or at least tries to take on a professional approach in its message delivery unlike all the paypal phish we usually see which mispellings, and poor communication). The subject starts: Simple Steps to Protect Against Fraud and ID Theft PayPal <paypal@email.paypal.com>. The body takes on a PayPal newsletter and discusses in its main column "Financial Fitness". There are other side columns like "Suspect your identity has been stolen?" which is called a "Tip". With the exception of the phish link, all other links point to email1.paypal.com.
The main column used for the phish reads:
Financial Fitness
Be Cautious About Sharing Information
When Phil Ferguson made a New Year's resolution to get fit, the last thing he worried about was putting himself at risk for identity theft. After all, Phil is cautious about how he shares financial information, and he tracks the balance in his bank account.
So Phil was taken aback when, a few weeks after joining a gym, he tried to withdraw $40 from the ATM and was told "no funds available." Then a light bulb went off.
A snapshot of the email can be seen here. A snapshot of the phish page can be seen here.
For a full detailed report of this phish, visit PIRT#79502. On this same server is an eBay phish which has been running for quite some time. So now PIRT is on it.
Posted on Sunday, 05 November 2006 @ 12:27:15 UTC by Paul (4162 reads) [ Trackback ]
