Thus spake Cole Schweikhardt <[EMAIL PROTECTED]>, circa 3/16/2004 9:16 AM: > This is the second apparently fake PayPal email I have received this week. > They show the paypal.com domain and use PayPal logos but the language is > very suspect as is the fact that this one was crashing E-rage repeatedly.
Anyone can forge a message to include a Paypal.com "From" address and PayPal graphics. They can even craft a URL that *looks* like a PayPal URL but isn't, e.g.: http://www.paypal.com:[EMAIL PROTECTED] Because of the @ sign, the URL really points to 17.112.152.32 which is the Apple site. (There are better ways than the above to hide the address, but they don't work in all browsers.) In the case above, it tries to use www.paypal.com as the USERNAME and security-updates as the PASSWORD at the site listed after the @ sign. So pay attention to what you're clicking on. As to why the message is crashing Entourage, I couldn't say, but I hope Microsoft takes this very seriously. A crashing bug like that generally indicates something like a buffer overflow, which can (in theory) be exploited as a security hole with a carefully crafted email message. It happened with Outlook -- in one case, merely receiving a message was enough to infect a PC with a virus. Please, if anyone captures such a message, send it to the Entourage team! peter -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
