ML Archiv: Re: [OM] fake paypal message!!!

Subject:	Re: [OM] fake paypal message!!!
From:	"John A. Lind" <jlind@xxxxxxxxxxxx>
Date:	Thu, 20 Nov 2003 02:28:30 -0500

I've gotten a couple of these in the past several weeks. Additionalobservations about them:

a. The hyperlink itself (most browsers show the actual URL on the bottombar of the window) is set up to have the appearance of a legitimate link toPayPal with the actual numeric IP address obscured in hexidecimal. Seeingan internet address or portions of a URL in hex sets off alarm bells forme. Only one reason to do it . . . to obscure something and make it verydifficult for The Masses to understand or translate.

b. The entire message with embedded GIF is designed to make it verydifficult to forward the original message in its entirety toPayPal. There's hidden plain text past the GIF that looks like contentsfrom some innocuous, frivolous email totally unrelated to PayPal. On topof that, the hex string with IP for the fraud site and the rest of theemail (including hidden text) exceeded the number of text characters theirreport form allowed.

c. PayPal asked me to forward it to an email address. Their email serverfiltered out the GIF and html when I sent it there! Took a couple emailexchanges with them to get them to see what I had received.

Whoever created it (latest one came from somewhere in Korea) intimatelyknows the Achilles Heels in PayPal's fraud reporting system, both on-lineform and their email server, and is leveraging on them to prevent thereports from containing the damning evidence or revealing the source.


-- John

At 02:56 PM 11/19/03, Jim Caldwell wrote:

There is another 'clever' variation of this fake message that puts the
email text into a graphic (however, it looks just like a regular text
message).  The link in the 'text' is the actual link to PayPal, but when
you click on it, since the entire message is an embedded graphic with a
hyperlink, the link actually goes to a fake PayPal site where your
information is forwarded to the author.

I just reported this new one to PayPal.

Jim Caldwell



< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >

<Prev in Thread]	Current Thread	[Next in Thread>
[OM] fake paypal message!!!, tOM Trottier Re: [OM] fake paypal message!!!, Winsor Crosby Re: [OM] fake paypal message!!!, jamesfc@xxxxxxx Re: [OM] fake paypal message!!!, Bernard Frangoulis Re: [OM] fake paypal message!!!, Doug Re: [OM] fake paypal message!!!, John A. Lind <= Re: [OM] fake paypal message!!!, Jim Caldwell Re: [OM] fake paypal message!!!, Andrew Gullen

Previous by Date:	Re: [OM] Two questions, andrew fildes
Next by Date:	[OM] ( OM ) Tope topics in the future, Brian Swale
Previous by Thread:	Re: [OM] fake paypal message!!!, Doug
Next by Thread:	Re: [OM] fake paypal message!!!, Jim Caldwell
Indexes:	[Date] [Thread] [Top] [All Lists]