[vchkpw] Re: Vchkpw@inter7.com - Paypal account limited.
Hello Jeremy,
On Sunday, May 9, 2004 at 5:53:14 PM you wrote (at least in part):
this is one of those times I wish ezmlm{,-idx} put the original envelope
sender in the headers of the email somehwere.
So anywho, I looked in the archive/ directory for this message, found it, and
it appears [EMAIL PROTECTED] somehow got added to the list.
Might be, but who sent this particular message? The %XX-encoded URL is
in plain text form:
https://211.28.155.210/.verification/hide/index2.htm
This isn't PayPal, this is somebody else who tries to fake users. When
this URL is opened a popup opens and a faked PayPal Login form
appears. Additionally this page then presents a looks like an address
bar item, that displays a paypal.com address, so IE-users might think
they're in the correct location.
Non-IE users are nearly immediately redirected to the real PayPal
site, I guess whoever intends to get user logins this way does rely on
some glitches of IE that make it hard to recognize one is on the wrong
page and he/she does not want somebody else being able to figure
easily this mail was a big fake.
For all interested: popup opened by above mentioned URL is this page:
https://211.28.155.210/.verification/hide/sysdll.php
Open with deactivated JavaScript to fully enjoy it without being
sent somewhere else :-)
--
Best regards
Peter Palmreuther
Nothing is impossible for anyone impervious to reason.
Re: [vchkpw] Re: Vchkpw@inter7.com - Paypal account limited.
On Sunday 09 May 2004 11:24 am, Peter Palmreuther wrote:
Hello Jeremy,
On Sunday, May 9, 2004 at 5:53:14 PM you wrote (at least in part):
this is one of those times I wish ezmlm{,-idx} put the original envelope
sender in the headers of the email somehwere.
So anywho, I looked in the archive/ directory for this message, found it,
and it appears [EMAIL PROTECTED] somehow got added to the list.
Might be, but who sent this particular message? The %XX-encoded URL is
in plain text form:
right, I realize it's not paypal actually sending to the list. But it's
amazing that [EMAIL PROTECTED] actually got subscribed
# grep paypal Log
1081193807 + [EMAIL PROTECTED] PayPal Customer Service 1
[EMAIL PROTECTED]
timestamp turns in to
Mon Apr 5 14:36:47 2004
unfortunately we don't keep logs back that far or I'd investigate further (ie,
finding out how they actually got subscribed, etc)
anywho...
https://url.removed
Open with deactivated JavaScript to fully enjoy it without being
sent somewhere else :-)
or wget and vim ;)
-Jeremy
--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
[EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
[vchkpw] Re: Vchkpw@inter7.com - Paypal account limited.
Hello Jeremy, On Sunday, May 9, 2004 at 7:35:45 PM you wrote (at least in part): https://url.removed Open with deactivated JavaScript to fully enjoy it without being sent somewhere else :-) or wget and vim ;) Which is one kind of deactivated JavaScript, if I'm right :-) The FireFox w/ deactivated JS way has advantage of some more visual effects like Wow, this looks incredible similar to a real PayPal login form :-) -- Best regards Peter Palmreuther An android would never rip your head off! --Kryten.
