Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Malware Authors Will Try Anything | Main | Naive Media At It Again »

May 28, 2007

Phony "PayPal Premier Account" Phish

In comes an attractive-looking phishing email message with all the right logos and appearance of a PayPal web page. This one invites the recipient to join a special service:

Getting Started with Your Premier Account Dear PayPal User,

Make and collect online payments instantly with your upgraded PayPal Premier account. Learn more about how your account works by viewing a topic below, or log in to your PayPal account to get started now.

Click here and GO TO My Upgraded PayPal Premier Account

The link, however, leads to a Russian web address.

Temporarily, at least, the good news is that the phisher is also stupid. The file he points to is a text file (with a .txt extension), which Firefox and Safari (and perhaps IE, too) renders as the source code, not a pretty HTML page. This will keep unsuspecting recipients out of trouble until the next guy saves the file on the hijacked server with a .html extension or reconfigures the server.

I was curious if PayPal (the real one) offered such a "Premier Account" service, but I can find no reference to it. Maybe I'm supposed to confuse "Premier" with "Preferred," which PayPal does offer its customers. No matter. According to the message's headers, the phishing message originated from a swbell.net DSL line in Texas.

Oh, and if the phony web page had rendered correctly, the form into which visitors entered their usernames and passwords would have been sent to a Google email account (by way of an automated form-to-email redirector in Brazil). Not very bright.

Ah, well. Since I won't be grilling hot dogs or hamburgers on this Memorial Day holiday (in the U.S.), I can at least do my best to light some coals under this two-bit phisher.

Posted on May 28, 2007 at 01:10 PM