13). PayPal - HTML.Phishing.Pay-162
This email targets customers of PayPal.
Message Details
| Malware Name: | HTML.Phishing.Pay-162 |
| Origin: |  Poland |
| Date first seen: | 13/07/2006 02:12:43 |
| Number seen: | 8 |
| Date last seen: | 30/01/2007 16:11:26 |
| From: | "Customer Support"<support@paypal.com> |
| Subject: | PayPal Notification : Your account is suspended |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
13/07/2006 02:14:15 | 13/07/2006 10:07:10 |  220.225.120.211 |
http://220.225.120.211/www.paypal.com/us/ | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[t1Hdr_securityCtr_760x156.jpg]
Dear PayPal member :
Our comprehensive fraud-prevention program is one of the key reasons PayPal
is a safe way to pay online. We believe that innovation and careful analysis
is the way to beat fraud. That.s why PayPal has developed industry-leading
models to review every transaction.and help detect suspicious activity. Our
Fraud Investigation Team has recently detect suspicious activity in your
PayPal account.
The Information you entered was invalid so in order to continue to operate
the PayPal service and to reduce the risk of fraud, PayPal Corp. ("PayPal"
or "we") must ask you to provide us information about yourself and your
credit card and/or bank account.
To do so please follow the link below.
[1]http://www.paypal.com/us/cgi-bin/webscr?cmd=_contact-general
We believe that innovation and careful analysis is the way to beat fraud.
That.s why PayPal has developed industry-leading models to review every
transaction.and help detect suspicious activity. Our Fraud Investigation
Team is dedicated to creating a safe PayPal community. If we suspect fraud
in your account, we.ll contact you immediately.
[trustseal.gif]
References
1. http://220.225.120.211/www.paypal.com/us/
Additional Examples