2). SupportSoft - HTML.Phishing.Pay-152
This email targets customers of SupportSoft.
Message Details
| Malware Name: | HTML.Phishing.Pay-152 |
| Origin: |  United States |
| Date first seen: | 12/07/2006 10:50:17 |
| From: | "PayPal Inc" <billing@support.com> |
| Subject: | PayPal Account Security Measures |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://195.113.162.195/.www.paypal.com/index.htm | ||||
|
http://www.ssl-motors.com/ws4/eBayISAPIFES.dll.php |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[pixel.gif] [email_logo.gif] June 2006 [pixel.gif]
[pixel.gif]
[pixel.gif]
[pixel.gif]
[hdr_photo02_200x213.jpg]
[pixel.gif] [email_ts_120x80.gif]
Dear users of PayPal services,
Due to upcoming year 2006, and recent changes in PayPal's Service
Agreement you need to submit additional details on your PayPal account.
Starting from 2006 all PayPal accounts will come with complete detailed
information! Identity protection matters. And PayPal works day and night to
help keep your identity safe.
Secure Server
Identity protection matters. [1]Get Verified!
According the new changes in Service Agreement any unverified account will
be deleted from the system in 72 hours after receiving this letter.
[pixel.gif]
[pixel.gif] [email_triangleTrans_6x20.gif] Your Account
Tips to Protect Your Account [email_new_28x8.gif]
PayPal's world class fraud investigators share 5 important actions you can
take to help prevent identity theft and protect your account.
Update Your Profile
If you've closed a credit card or bank account recently, remember to go to
PayPal's website to update your profile.
[pixel.gif]
[pixel.gif]
[pixel.gif] [email_triangleTrans_6x20.gif] Identity Protection Highlights
[pixel.gif]
[pixel.gif]
[email_spoof_90x81.gif] [pixel.gif]
New spoof tutorial
Learn how to spot and avoid fraudulent "spoof" emails and websites with
PayPal's handy 5-step spoof tutorial.
[pixel.gif]
[sep_422onwhite.gif]
[pixel.gif]
[pixel.gif] [email_safetyBar_90x81.gif] [pixel.gif] Protect yourself with
tools
Guard yourself against "spoof" emails with the SafetyBar, and against
fraudulent websites with the eBay Toolbar.
[pixel.gif]
[sep_422onwhite.gif]
[pixel.gif]
[pixel.gif]
[email_manChecklist_90x81.gif]
[pixel.gif]
Checklist if you are a victim...
When you suspect a problem with your identity, you have to act fast. Use
PayPal's checklist for what you should do.
[pixel.gif]
[pixel.gif] [email_triangleTrans_6x20.gif] Merchant Offers
[pixel.gif] [pixel.gif]
[email_new_28x8.gif] [pixel.gif] [email_dotLineVertical_3x125.gif]
[pixel.gif] [pixel.gif] [email_dotLineVertical_3x125.gif] [pixel.gif]
[email_symantecLogo_110x34.gif] [email_napsterLogo_110x34.gif]
[email_globalgivingLogo_115x34.gif]
FREE Norton AntiSpam download with purchase of Norton AntiVirus. Unlimited
listening and downloading. All the music you want. FREE trial. Learn about
and fund locally run social and environmental projects.
[pixel.gif]
[pixel.gif] [email_triangleTrans_6x20.gif]
Thank You for using PayPal!
This notification was sent to you by PayPal. To modify your notification
preferences, log in to your PayPal account, click the Profile sub-tab, then
click the Notifications link under Account Information. Changes may take up
to 10 days to be reflected in our mailings. PayPal will not sell or rent any
of your personally identifiable information to third parties. For more
information about the security of your information, read our Privacy Policy
at https://www.paypal.com/privacy.
[pixel.gif]
[pixel.gif]
Copyright © 2006 PayPal Inc. All rights reserved. Designated trademarks and
brands are the property of their respective owners. PayPal is located at
2211 N. First St., San Jose, CA 95131.
[1x1.dyn?0WkGL8-ChrTPbnlHKa37=0]
References
1. http://195.113.162.195/.www.paypal.com/index.htm
Embedded Images
The following images were embedded in the email. Sometimes, the message text is just there to confuse anti-spam filters, while the reader is presented with a clickable image which shows the "real" message.
