Thursday, March 22, 2007

Full headers of the phishing email ...

X-Apparently-To: via; Thu, 22 Mar 2007 01:38:34 -0700
X-Originating-IP: []
Authentication-Results:; domainkeys=neutral (no sig)
Received: from (HELO ( by with SMTP; Thu, 22 Mar 2007 01:38:34 -0700
Received: from by ; Thu, 22 Mar 2007 04:35:46 -0500
From: ""
Reply-to: ""
Subject: Compromised PayPal Account
Date: Thu, 22 Mar 2007 13:35:46 +0400
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--202896902971285"
X-Priority: 1
X-MSMail-Priority: High
Content-Length: 1308

This is a very bad way to send "scam" emails. Honestly no "smart" phisher would send his emails from and using Outlook express... Why do all people want Paypal... ??


How does this work ?
The phisher redirects the user to his host pointed with the arrow, rather than paypal, and collects data for his "own profit"

Reported to a APWG & F-Secure.

What can you do ? Don't click on the link blindly, take a minute to check the status bar, and copy/paste links on your browser, if you're suspicious of the person who sent this, then send it to reportphishing >at< antiphishing >dot< org