Thursday, March 22, 2007

Full headers of the phishing email ...

X-Apparently-To: @yahoo.com via 209.191.87.92; Thu, 22 Mar 2007 01:38:34 -0700
X-YahooFilteredBulk: 64.151.53.220
X-Originating-IP: [64.151.53.220]
Return-Path:
Authentication-Results: mta222.mail.re3.yahoo.com from=paypal.com; domainkeys=neutral (no sig)
Received: from 64.151.53.220 (HELO 192.168.1.252) (64.151.53.220) by mta222.mail.re3.yahoo.com with SMTP; Thu, 22 Mar 2007 01:38:34 -0700
Received: from 60.76.174.246 by ; Thu, 22 Mar 2007 04:35:46 -0500
Message-ID:
From: "service@paypal.com"
Reply-to: "service@paypal.com"
To: @yahoo.com
Subject: Compromised PayPal Account
Date: Thu, 22 Mar 2007 13:35:46 +0400
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--202896902971285"
X-Priority: 1
X-MSMail-Priority: High
Content-Length: 1308




This is a very bad way to send "scam" emails. Honestly no "smart" phisher would send his emails from AOL.com and using Outlook express... Why do all people want Paypal... ??

LOL !

How does this work ?
The phisher redirects the user to his host pointed with the arrow, rather than paypal, and collects data for his "own profit"

Reported to a APWG & F-Secure.

What can you do ? Don't click on the link blindly, take a minute to check the status bar, and copy/paste links on your browser, if you're suspicious of the person who sent this, then send it to reportphishing >at< antiphishing >dot< org

/Quit