PayPal Spoof - Phishing ... Again

[Mark]

Yet another PayPal Spoof - Phishing ... Again ....

Here's what I See :

Dear [email protected],
We recently noticed one or more attempts to log in to your PayPal account
from a different IP address.
If you recently accessed your account while traveling, the unusual log in
attempts may have been initiated by you. However, if you did not initiate
the log ins, please visit PayPal as soon as possible to check-up your
account information:

"http://www.paypal.com/cgi-bin/webscr?cmd=_login-run"

"http://pacspartner.com/bbs/data/main.htm" <<< Actual Link Under ^^^

Thanks for your patience.
Sincerely,
PayPal
----------------------------------------------------------------
Please do not reply to this e-mail. Mail sent to this address cannot be
answered.
Email ID PP32461

Here's What I See under Properties of it :

X-Message-Status: n
X-SID-PRA: [email protected]
X-SID-Result: SoftFail
X-Message-Info: JGTYoYF78jF87JIL6tenGYAAUhLCw+v+jHl1cRifM2U=
Received: from web.hsphereweb.com ([209.208.123.129]) by mc11-f27.hotmail.com with Microsoft SMTPSVC(6.0.3790.211);
Sat, 26 Feb 2005 03:39:19 -0800
Received: from web.hsphereweb.com (localhost [127.0.0.1])
by web.hsphereweb.com (8.12.8p1/8.12.8) with ESMTP id j1QBhhhn083980
for <[email protected]>; Sat, 26 Feb 2005 06:43:43 -0500 (EST)
(envelope-from [email protected])
Received: (from httpd@localhost)
by web.hsphereweb.com (8.12.8p1/8.12.8/Submit) id j1QBhhNc083979;
Sat, 26 Feb 2005 06:43:43 -0500 (EST)
Date: Sat, 26 Feb 2005 06:43:43 -0500 (EST)
Message-Id: <[email protected]>
To: [email protected]
Subject: PayPal Account Security Measures
X-PHP-Script: canadachildren.com/bbs/templates.php for 194.158.202.185
From: <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Return-Path: [email protected]
X-OriginalArrivalTime: 26 Feb 2005 11:39:19.0955 (UTC) FILETIME=[CF598630:01C51BF7]

Whois for pacspartner.com

Redirected to whois.opensrs.net ...
Registrant:
medicalstandard
3F HIT 17 Haengdang-dong Seongdong-gu
Seoul, 133.070
KR

Domain name: PACSPARTNER.COM

Administrative Contact:
Yoo, Byung Chun [email protected]
3F HIT 17 Haengdang-dong Seongdong-gu
Seoul, 133.070
KR
82.222826600
Technical Contact:
blueweb, blueweb [email protected]
Yeoksam-dong 607-10
#5F Miele Building
Gangnam-gu
Seoul, kr 135-080
KR
+82.234291901 Fax: +82.25673400



Registration Service Provider:
blueweb, [email protected]
+82.34291901
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.


Registrar of Record: TUCOWS, INC.
Record last updated on 15-Oct-2004.
Record expires on 15-Oct-2006.
Record created on 15-Oct-2003.

Domain servers in listed order:
DNS1.HRNOC.NET 216.120.225.19
DNS2.HRNOC.NET 216.120.238.254


Domain status: ACTIVE

And Whois on hsphereweb.com (Mail Server)

Registrant:
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com
Domain Name: HSPHEREWEB.COM
Created on: 01-Aug-03
Expires on: 01-Aug-05
Last Updated on: 17-Jul-04

Administrative Contact:
Private, Registration [email protected]
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax --
Technical Contact:
Private, Registration [email protected]
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax --

Domain servers in listed order:
DNS1.HSPHEREWEB.COM
DNS2.HSPHEREWEB.COM

Already forwarded to PayPal and a few other Parties as well ...

 

[Jarrid]

That is very interesting! So its true and legit form PayPal?

 

[danBoT]

i don't get why people try to steal money from people on paypal by getting logins becaseu you can track that shit and they are dumb haha

o and why would they make it on a copany site they mst have been hacked or something

 

[Mark]

That is very interesting! So its true and legit form PayPal?

Nooooo ! It is a Spoof "Fake" trying to get me to type my PAYPAL info into their system - More than likely to Rob me blind :lol:

 

[webgear]

i don't get why people try to steal money from people on paypal by getting logins becaseu you can track that shit and they are dumb haha

o and why would they make it on a copany site they mst have been hacked or something

Can be tracked how?Are you think this is their real adress that they write in domain reg info?I don't think so...
Anyway all4cost thank you for your warning to us!

 

[Kodeking]

They were able to upload the files though this http://pacspartner.com/bbs/data/system.php

People have been using google to find sites with that file. As you can see, google has already blocked the search for that file: http://www.google.com/search?hl=en&...GLD,GGLD:2005-08,GGLD:en&q=inurl:"system.php"

 

[Mark]

Anyone think I'm wrong for posting any part of this ? ... Just wondering if anything I've shown would be "Too" Much - Thx ....

 

[zaros64]

weird...
maybe paypal should never send you emails except they have like a private mesage thing on paypal itself

 

[e39m5]

wat does NetworkFileManagerPHP do?

 

[zaros64]

man them idiots will never learn will they?
they always get caught

 

[e39m5]

im just lookin at this system.php thing, can it steal any file of any site?

e39m5

 

[danBoT]

IP = easy track for FBI and they have there way of finding them

 

[equity78]

No it was good you posted I got this emaill too Just ignored Thnak you all your a good man.

 

[webgear]

IP = easy track for FBI and they have there way of finding them

Proxy = very hard to track.. if the proxy is really good...
Do you think they use their real IP ?Nope..

 

[octobus]

T4NK

You got a too merry picture of FBIs capabilities. Even though if they decide to open an investigation.

What FBI will find:

In order to "cash out" the scammers have opened bank accounts with false or stolen identities. From there the money is wired abroad, usually to Eastern Europe ( latvian banks are popular, one in particular so that even netbank disabled wired transfers with that bank).

IPs point to some average Joe's ISP account, because the scammers are using his computer as a proxy to access the scam page and moving the stolen funds around the world (bank accounts, e-gold washing and etc)

Someone already showed us an inexpensive and easy way for hosting the scam page.

Oh and when/if FBI succeeds in fnding all this, it's a bit late to do anything... If there was something to do in the first place.

 

[webgear]

Yeah octobus you are so right..

 

[octobus]

man them idiots will never learn will they?
they always get caught

Always get caught? Have to disagree with that. The hidden truth is that crime does often pay off. Why would they try to phish your financial data if they're gonna get caught for sure. Because rewards of doing so are greater than risks.

Of course the likelihood of getting caught increases as you continue the criminal activities. But clever and lucky criminals can very well exist without facing the consequences of their illegal activites.

Even better if crimes are orchestrated from abroad, and the internet is accessible worldwide. Thus no wonder that it has become a medium for countless scams and frauds.

 

[PoorDoggie]

Here is the best way to beat phishers.

• Check email addresses against those of the company. IE: make sure the email comes from a legit email address ([email protected] is not a legit email address is it?)
• Always CUT + PASTE URL's into the address bar instead of clicking them
• Look out for the "secure sever" lock sign when submitting information
• Look for out-of-date information (copyright and stuff)
• If you think you are being phished contact the company A.S.A.P about it and find out if they sent you the email or not!

Look it up as well, there are loads of different information sites!

 

[vimkar]

Here is the best way to beat phishers.

• Check email addresses against those of the company. IE: make sure the email comes from a legit email address ([email protected] is not a legit email address is it?)
• Always CUT + PASTE URL's into the address bar instead of clicking them
• Look out for the "secure sever" lock sign when submitting information
• Look for out-of-date information (copyright and stuff)
• If you think you are being phished contact the company A.S.A.P about it and find out if they sent you the email or not!

Look it up as well, there are loads of different information sites!

yes , good advices...
:lala:

 

[PoorDoggie]