192). PayPal - HTML.Phishing.Bank-424
This email targets customers of PayPal.
Message Details
| Malware Name: | HTML.Phishing.Bank-424 |
| Origin: |  Croatia |
| Date first seen: | 17/07/2006 10:50:15 |
| Number seen: | 2 |
| Date last seen: | 18/07/2006 05:31:39 |
| From: | "PayPal Department" <service@paypal.com> |
| Subject: | Notification of Limited Account Access |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
17/07/2006 10:58:09 | 17/07/2006 22:39:04 |  80.38.149.66 |
http://www.santquirze.be/wp-filez/update/cgi-bin/webscrcmd_login.php | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
_________________________________________________________________
[pixel.gif]
PayPal Department Notice
You have received this email because you or someone had used your account
from different locations. For security purpose, we are required to open an
investigation into this matter.
PayPal is committed to maintaining a safe environment for its community of
customers. To protect the security of your account, PayPal employs some of
the most advanced security systems in the world and our anti-fraud teams
regularly screen the PayPal system for unusual activity.
Our Account Review Team identified some unusual activity in your account. In
accordance with PayPal's User Agreement and to ensure that your account has
not been compromised, access to your account was limited. Your account
access will remain limited until this issue has been resolved. To securely
confirm your PayPal information please click on the link bellow:
[1]https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Please Note:
If we do no receive the appropriate account verification within 48 hours,
then we will assume this PayPal account is fraudulent and will be suspended.
The purpose of this verification is to ensure that your account has not been
fraudulently used and to combat the fraud from our community.
Thank you for using PayPal!
The PayPal Team
Copyright © 1999-2006 PayPal. All rights reserved.
[2]Information about FDIC pass-through insurance
References
1. http://www.santquirze.be/wp-filez/update/cgi-bin/webscrcmd_login.php
2. http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/fdic-outside
Additional Examples