This kind of 'phishing' is quite common, and is used with addesses harvested in any way the spammer can get them. I get over 100 spams, including phishes, at an e-mail address I have never ever used in any public context. Citibank, e-bay and PayPal have had to send out announcements to their clients, reminding them that ANY unsolicited mail asking for personal information is evil.
Bill -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of James Melin Sent: Monday, February 09, 2004 10:06 AM To: [EMAIL PROTECTED] Subject: Re: PayPal Scam Well then, is the address being mined from the online archive, or are these addresses being mined from actual e-mails in some poor bastards personal machine? Until I started being active on the rexx forum, mvs-oe forum and this forum I didn't get much spam. Now I get a couple dozen per day. That in an of itself, does not prove anything. I've written to hundreds of people at dozens of vendors for a variety of reasons over the last 10 years. Could have started from any one of them. |---------+----------------------------> | | Phil Payne | | | <[EMAIL PROTECTED]| | | arch.com> | | | Sent by: Linux on| | | 390 Port | | | <[EMAIL PROTECTED]| | | IST.EDU> | | | | | | | | | 02/09/2004 08:52 | | | AM | | | Please respond to| | | Linux on 390 Port| | | | |---------+----------------------------> >------------------------------------------------------------------------------------------------------------------------------| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: PayPal Scam | >------------------------------------------------------------------------------------------------------------------------------| Yup - I've been around online since 19xx (YERY early contributor to Usenet) and I realise fully that reponding to a mailing list about a virus is of itself contrbuting to the problem. But this one's nasty. The only place the source of this address COULD have been is the Linux mailing list - so it's possibly pervasive here. It's well constructed, too: Headers first: Return-path: <[EMAIL PROTECTED]> Envelope-to: [EMAIL PROTECTED] Delivery-date: Mon, 09 Feb 2004 03:32:28 +0100 Received: from [211.230.41.194] (helo=localhost) by mxng08.kundenserver.de with smtp (Exim 3.35 #1) id 1Aq1Ci-0000r7-00 for [EMAIL PROTECTED]; Mon, 09 Feb 2004 03:31:35 +0100 From: "PayPal.com" <[EMAIL PROTECTED]> To: Linux <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] X-Priority: 1 (High) Subject: IMPORTANT fvohykwe MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------3016BE7E000547C" X-RBL-Warning: (dialup.bl.kundenserver.de) This mail has been received from a dialup host. Message-Id: <[EMAIL PROTECTED]> Date: Mon, 09 Feb 2004 03:31:35 +0100 A quite well forged envelope. with only my German ISP warning me that it's from a dial-up host. Body next: Dear PayPal member, We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information. To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions. IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore. Thank you for using PayPal. fvofykwy Fails at the first hurdle for me - I'm not and never have been a PayPal member. The "attached application" (obviously deleted) is a 13KB .PIF file which neither Norton nor AVG picked up on its way through. -- Phil Payne http://www.isham-research.com +44 7785 302 803