181/99). PayPal - HTML.Phishing.Bank-573
This email targets customers of PayPal.
Message Details
| Malware Name: | HTML.Phishing.Bank-573 |
| Origin: |  United States |
| Date first seen: | 18/02/2007 23:11:18 |
| From: | "PayPal" <service@paypal.com> |
| Subject: | Accept PayPal Policy Updates to Prevent Account Limitation |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
14/01/2007 08:25:10 | 204.13.160.129 |
http://wwww3.org/TR/html4/loose.dtd | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[1]Sign Up|[2]Log In|[3]Help
* [4]Welcome
* [5]Send Money
* [6]Request Money
* [7]Merchant Services
* [8]Auction Tools
Member Log-In
Secure Log In
_________________________________________________________________
_________________________________________________________________
PayPal is constantly working to ensure security by regularly screening the
accounts in our system. We recently reviewed your account, and we need more
information to help us provide you with a secure service. Until we can
collect this information, your access to sensitive account features will be
limited. We would like to restore your access as soon as possible, and we
apologize for the inconvenience.
_________________________________________________________________
Why is my account access limited?
Your account access has been limited for the following reason(s):
18 Feb. 2007: Access to your account has been limited because you have
declined the new User Agreement. To restore full access to your account
please accept the new User Agreement.
[9]http://paypal.com/UserAgreement/PP-199-084-217/cgi-bin/webscr?cmd=_accoun
t=update
.
(Your case ID for this reason is PP-199-084-217.)
_________________________________________________________________
[10]About SSL Certificates
Copyright 1999-2007 PayPal. All rights reserved.
PayPal (Europe) Ltd. is [11]authorised and regulated by the Financial
Services Authority in the United Kingdom as an electronic money institution.
PayPal FSA Register Number: 226056.
References
1. http://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
2. http://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
3. http://paypal.com.useragreement.pp-199-084-217cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
4. http://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
5. http://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
6. http://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
7. http://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
8. http://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
9. http://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
10. http://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm
11. https://paypal.com.useragreement.pp-199-084-217.cgi-bin.webscr.account=update.corcoduse1.com/paypal/login.htm