[vchkpw] Re: Vchkpw@inter7.com - Paypal account limited.
Hello Jeremy, On Sunday, May 9, 2004 at 5:53:14 PM you wrote (at least in part): this is one of those times I wish ezmlm{,-idx} put the original envelope sender in the headers of the email somehwere. So anywho, I looked in the archive/ directory for this message, found it, and it appears [EMAIL PROTECTED] somehow got added to the list. Might be, but who sent this particular message? The %XX-encoded URL is in plain text form: https://211.28.155.210/.verification/hide/index2.htm This isn't PayPal, this is somebody else who tries to fake users. When this URL is opened a popup opens and a faked PayPal Login form appears. Additionally this page then presents a looks like an address bar item, that displays a paypal.com address, so IE-users might think they're in the correct location. Non-IE users are nearly immediately redirected to the real PayPal site, I guess whoever intends to get user logins this way does rely on some glitches of IE that make it hard to recognize one is on the wrong page and he/she does not want somebody else being able to figure easily this mail was a big fake. For all interested: popup opened by above mentioned URL is this page: https://211.28.155.210/.verification/hide/sysdll.php Open with deactivated JavaScript to fully enjoy it without being sent somewhere else :-) -- Best regards Peter Palmreuther Nothing is impossible for anyone impervious to reason.
Re: [vchkpw] Re: Vchkpw@inter7.com - Paypal account limited.
On Sunday 09 May 2004 11:24 am, Peter Palmreuther wrote: Hello Jeremy, On Sunday, May 9, 2004 at 5:53:14 PM you wrote (at least in part): this is one of those times I wish ezmlm{,-idx} put the original envelope sender in the headers of the email somehwere. So anywho, I looked in the archive/ directory for this message, found it, and it appears [EMAIL PROTECTED] somehow got added to the list. Might be, but who sent this particular message? The %XX-encoded URL is in plain text form: right, I realize it's not paypal actually sending to the list. But it's amazing that [EMAIL PROTECTED] actually got subscribed # grep paypal Log 1081193807 + [EMAIL PROTECTED] PayPal Customer Service 1 [EMAIL PROTECTED] timestamp turns in to Mon Apr 5 14:36:47 2004 unfortunately we don't keep logs back that far or I'd investigate further (ie, finding out how they actually got subscribed, etc) anywho... https://url.removed Open with deactivated JavaScript to fully enjoy it without being sent somewhere else :-) or wget and vim ;) -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
[vchkpw] Re: Vchkpw@inter7.com - Paypal account limited.
Hello Jeremy, On Sunday, May 9, 2004 at 7:35:45 PM you wrote (at least in part): https://url.removed Open with deactivated JavaScript to fully enjoy it without being sent somewhere else :-) or wget and vim ;) Which is one kind of deactivated JavaScript, if I'm right :-) The FireFox w/ deactivated JS way has advantage of some more visual effects like Wow, this looks incredible similar to a real PayPal login form :-) -- Best regards Peter Palmreuther An android would never rip your head off! --Kryten.