1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dangerous New Trend In Paypal Phishing Email

Discussion in 'BlackHat Lounge' started by srb888, Aug 8, 2011.

  1. srb888

    srb888 Elite Member

    Joined:
    Jul 30, 2008
    Messages:
    3,260
    Likes Received:
    5,067
    Gender:
    Male
    Occupation:
    WebzSurfer
    Location:
    Sun, Mon, Tue, WTF, Sat!!! :)
    Hi all :)

    I want to bring to the notice of all the following dangerous new trend in the Paypal phishing emails you get. The new trend is
    the actual inclusion of your first and last name in the email (which wasn't the case earlier on), and this inclusion can fool you in giving away your personal details in response to that email. You may even click the links on that phishing email and lose your money in your Paypal account soon.

    So kindly take note of this new trend. Be very careful when any email from Paypal has links on it, or asks you to reply back through the same email. Please never respond with your personal details in ANY such case by clicking on the "Reply" on that email or by clicking any suspicious links.


    There is always another route to find out why you got a serious-looking email from Paypal, and that is to actually log in to your Paypal account and check out the problem/s only there. Even if the Paypal account is unable to open, then you can send a fresh email to PP and not use the received email from "Paypal".


    Forward/Send such suspicious emails to spoof(@)paypal.com (I forwarded the email to them which I had received earlier and got a reply stating that it was indeed a phishing attempt), and I am 99.99999% sure that you will get an authentic reply from the real Paypal (just as I got) stating that you've been correct in sending it to their Spoof address; indeed it was a phishing attempt.


    Please note:

    1. Do not respond to any such email which has links leading you to give away your personal details such as a password...
    2. Always send a fresh email to Paypal and inquire about the problem. Do not use the "Reply" option on the received email.
    3. If you're using gmail, then use the "Show Original" option under the menu on the right-upper corner of the mail. It will open another tab and show you the actual complete details of the email you've received. Copy/paste that details into the email you're sending to spoof(@)paypal.com which will help them identify the source quickly.

    Thanks.

    1. The copy of the suspicious email I got >>


    [​IMG]



    2. Collect additional header info: >>


    [​IMG]



    3. Use the "Forward" option and send that email to spoof(@)paypal.com: >>


    [​IMG]



    Their response >>

    [​IMG]
    (highlights are mine)

    It's a standard reply, nonetheless, it still helps to know that we're doing our duty and they'll hopefully do theirs! :)


    HTH!




    .
     
    • Thanks Thanks x 3
    Last edited: Aug 8, 2011