[ILUG] cute phishing attack...

kevin lyda kevin at ie.suberic.net
Tue Mar 21 10:28:08 GMT 2006 

i got the following cute phishing attack.  obviously since i use mutt +
an htmt2text script it was easy to spot.  but i can see it working on
loads of people.  i've compressed down some of the vertical spacing,
but the misspelling of "payement" was in the subject.  The links are
footnoted at the bottom - note that all but #4 are legit.

kevin

To: kevin at suberic.net
Subject: Receipt of payement to paypal at creative.com
From: "service at paypal.com" <service at paypal.com>

   [1]PayPal

   Dear member,

   This email confirms that you have paid paypal at creative.com $379.12 USD
   using PayPal.

   This credit card transaction will appear on your bill as "PAYPAL
   *CREATIVE".
   --------------------------------------------------------------------------
   Payment Details

   Purchased From:creative.labs

   Item #     Item Title                            Quantity  Price  Subtotal
   8751475190 [2]Creative Labs Gigaworks THX 7.1       1     $349.99  $349.99
              S750 PC Speakers                                 USD        USD

           Shipping & Handling via USPS First Class Mail to 154XX  $18.25 USD
                              (includes any seller handling fees)
                                   Shipping Insurance (optional):          --
                                        Sales Tax (6.000% inPA) :  $10.88 USD
                                                           Total: $379.12 USD
   Note:Thank you!
   --------------------------------------------------------------------------
   Shipping Information
        Shipping Info:     Wayne E Bakewell
                           16 elm st
                           Brownsville, PA 15417
                           United States
       Address Status:     Confirmed[3][IMG]
   --------------------------------------------------------------------------
   If you have questions about the shipping and tracking of your purchased
   item or service, please contact the seller paypal at creative.com.
   --------------------------------------------------------------------------
   Do you confirm this transaction?

   If this transaction was not made by you please immediately take the
   following steps:

     * Login to your account by clicking on the link below
     * Provide requested information to ensure you are the owner of the
       account
     * Find this transaction in HISTORY and click 'Cancel Transaction'

                             [4]CANCEL TRANSACTION!

   Thank you for using PayPal!
   The PayPal Team

   Please do not reply to this email. This mailbox is not monitored and you
   will not receive a response. For assistance, log in to your PayPal account
   and choose the Help link located in the top right corner of any PayPal
   page.

   PayPal Email ID PP843

References

   Visible links
   1. https://www.paypal.com/us
   2. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=8751475190
   3. http://www.paypal.com/us/cgi-bin/webscr?cmd=p/pop/confirmed_address_checkout-outside
   4. http://gillian-rolton.com/www.paypal.com/cgi-bin/webscr.php?cmd=_login-run

-- 
Kevin Lyda                     <diamond> kevin is my comic idol
kevin at ie.suberic.net

More information about the ILUG mailing list