Seit gestern erhalte ich wieder Pishingmails, dieses Mal in Sachen PayPal, die versuchen mich über eine false URL in PayPal einzuloggen um meine ID zu klauen. Die Angreifer kommen mit einem Absender Service@paypal.com und sind so kackfrech, dass sie sogar mit Copyright by PayPal ihre Betrügereien beenden.
an alle, die bei PayPal ein Konto haben:
VORSICHT, klickt NIE auf eine URL, die in einer Mail verlinkt ist, deren Ursprung Ihr nicht kennt.
Der Absender, Host und IP sind gefälscht und leiten auf einen fremden Server, der dort Eure Logins abfängt und kopiert.
Wenn Ihr so eine verdächte Mail erhalten habt, schickt sie zur Prüfung an PayPal, die eigens ein Testverfahren dafür haben. E-Mail Adresse: spoof@paypal.com
Dort wird ein automatisierter Testlauf gemacht und wenn es sich wirklich um eine Pishingmail handelt, bekommt man postwendend auch die Bestätigung dafür von PayPal.
Die Bestätigungsmail sieht dann so aus:
To: "Petra Kienast" <Petra.Kienast@XXXX>
Subject: RE: Q510 - Thank you for your email to PayPal (KMM89978315V25952L0KM) :kf1
From: <spoof@paypal.com>
Reply-To: <spoof@paypal.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
X-Mailer: KANA Response 7.0.1.142.12
Message-ID: <USA-ENTOT-002hbE2jZ00130c06@usa-entot-002.corp.ebay.com>
X-OriginalArrivalTime: 02 Oct 2007 11:52:49.0818 (UTC) FILETIME=[C1ABCFA0:01C804EA]
X-TOI-SPAM: u;0;2007-10-02T11:53:01Z
X-TOI-VIRUSSCAN: unchecked
X-TOI-MSGID: 4643e9a1-ac64-4912-9c03-c1c6c0a8eb68
X-Seen: false
X-ENVELOPE-TO: <Petra.Kienast@XXXX>
X-Spam-Level: 8/5
X-FS-Classification-spam: 8
X-FS-Classification-phishing: 9
X-FS-Diagnostics: database-version=2007-09-26 tests=FIRST_UNTRUSTED_NO_RDNS,FS_PHISH_VICTIM_URL_PREFIX,FS_UNTRUSTED_2,NO_REAL_NAME,FS_CLASS_SPAM_8,FS_CLASS_PHISHING_9
X-Spam-Flag: Yes
Dear Petra Kienast,
Thanks for taking an active role by reporting suspicious-looking emails.
The email you forwarded to us is a phishing email, and our security team
is working to disable it.
-------------------------
What is a phishing email?
-------------------------
Phishing emails attempt to steal your identity and will often ask you to
reveal your password or other personal or financial information. PayPal
will never ask for your password over the phone or in an email and will
always address you by your first and last name.
Take our Fight Phishing Challenge at
paypal.com/fightphishing to learn 5 things you should know
about phishing. You'll also see what we're doing to help fight fraud
every day.
-------------------------
You've made a difference.
-------------------------
Every email counts. By forwarding a suspicious-looking email to
spoof@paypal.com, you've helped keep yourself and others safe from
identity theft.
Thanks,
The PayPal Team
_______________________________________________________________________
This email is sent to you by the contracting entity to your User
Agreement, either PayPal Inc, PayPal Pte. Ltd or PayPal (Europe) S.à
r.l. & Cie, S.C.A. Société en Commandite par Actions, Registered Office:
5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118
349.
_______________________________________________________________________
Original Message Follows:
-------------------------
>Return-Path: <service@paypal.com>
>Received: from mailin##.aul.t-online.de
>(mailin##.aul.t-online.de [###.##.##.##])
> by mhead### with LMTP; Tue, ## Oct #### ##:##:## +####
>X-Sieve: CMU Sieve #.#
>Received: from ##-##-##-##.ip.fastwebnet.it
>([##.##.##.##]) by mailin##.aul.t-online.de
> with esmtp id #IcYkJ-#vcH###; Tue, # Oct #### ##:##:## +####
>Received: from localhost (localhost [###.#.#.#])
> by ##-##-##-##.ip.fastwebnet.it (Postfix) with ESMTP id
##C#B#B###B;
> Tue, # Oct #### ##:##:## +#### (CEST)
>Received: from ##-##-##-##.ip.fastwebnet.it ([###.#.#.#])
> by localhost (##-##-##-##.ip.fastwebnet.it
> [###.#.#.#]) (amavisd-new, port #####)
> with ESMTP id #####-##; Tue, # Oct #### ##:##:## +#### (CEST)
>Received: from User (mail.dataflownetworks.com [##.##.#.###])
> by ##-##-##-##.ip.fastwebnet.it (Postfix) with ESMTP id
D###B#ACF##;
> Tue, # Oct #### ##:##:## +#### (CEST)
>From: "service@paypal.com" <service@paypal.com>
>Subject: Dear paypal customer!
>Date: Mon, # Oct #### ##:##:## -####
>MIME-Version: #.#
>Content-Type: text/html;
> charset="Windows-####"
>Content-Transfer-Encoding: #bit
>X-Priority: #
>X-MSMail-Priority: High
>X-Mailer: Microsoft Outlook Express #.##.####.####
>X-MimeOLE: Produced By Microsoft MimeOLE V#.##.####.####
>Message-Id: <##############.D###B#ACF##@##-##-##-##.ip.fastwebnet.it>
>To: undisclosed-recipients: ;
>X-TOI-SPAM: u;#;####-##-##T##:##:##Z
>X-TOI-VIRUSSCAN: unchecked
>X-TOI-MSGID: c######e-##c#-#cb#-#edb-#a#afbfc##b#
>X-Seen: false
>X-ENVELOPE-TO: <petra.kienast@xxxx>
>X-Spam-Level: #/#
>X-FS-Classification-spam: #
>X-FS-Classification-phishing: #
>X-FS-Diagnostics: database-version=####-##-##
>tests=FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FORGED_MUA_O
UTLOOK,FORGED_OUTLOOK_HTML,FS_PHISH_VICTIM_FORGED,FS_PHISH_VICTIM_URL,FS
_PHISH_VICTIM_URL_PREFIX,FS_UNTRUSTED_#,HELO_DYNAMIC_IPADDR#,HTML_##_##,
HTML_MESSAGE,HTML_TITLE_UNTITLED,MIME_HTML_ONLY,UNDISC_RECIPS,X_PRIORITY
_HIGH,FS_CLASS_SPAM_#,FS_CLASS_PHISHING_#
>X-Spam-Flag: Yes
>
Als Beispiel mal eine Original Pishing Mail, die ich heute erhielt, ich löschte allerdings die URL, ich will niemanden auf diese URL leiten. Wenn Ihr sowas erhaltet: MÜLLTONNE!!
From: "service@paypal.com" <service@paypal.com>
Subject: Dear paypal customer!
To: undisclosed-recipients: ;
Dear PayPal Customer,
This email is to inform you, that we had to block your PayPal Account access because we had to upgrade our servers in order to remove online fraud.
Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some unusual activity related to our servers that indicates that other parties may have access and, or control of your informations in your account.
Please follow this link to confirm your account access information :
die gefälschte URL "xxxxxxxxxxxxxxxx"
Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to upgrade your account as instructed above.
Thank you for your time and consideration in this matter .
Sincerely,
PayPal Account Departement.
© Copyright 2007, PayPal. All Rights Reserved.