« Are AV Researchers Feeding the Spam/Malware Economy? | Main | The Spamit_New_Subj Flood »

January 03, 2010

The PayPal phishermen are dropping their lines into the ice holes of northern hemisphere winter to try to snag some scrumptious login credentials and any money you might have hanging around in a PayPal account or bank account linked thereto.

Here's one that comes with a cute little seasonal PayPal logo, telling you that "You have 1 new Security Message Alert!". The automated bot that generated the message was even programmed to insert today's date into a gray small-type line at the top — presumably to make it look legitimate.

As the link rollover shows, this crook has managed to plant his phony PayPal page and software on a hijacked mail server belonging to a small web services provider in New York state (oops!). All the goodies are quasi-hidden in a subdirectory whose name begins with a period, meaning that inexperienced admins may not see the directory if they view file lists without the right switch set.

As for regular users who might receive such phishing email messages, if you can't just let it go, then log into PayPay via your normal avenue — preferably a bookmark that you saved from a previous visit. If there are any problems with your account, you'll find out then. Chances are, you're in the clear.