Jump to content


Photo

Is This Phishing?


  • Please log in to reply
16 replies to this topic

#1 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 24 February 2007 - 09:48 PM

Hi all :)
The following email was in my account today. I immediately copied
it and came here to get your opinions. Don't worry, this was in the JunkMail folder
so the links and images were inactive. I just wanted to let the SWI malware fighters
know that they are very appreciated. I wouldn't have known about this if I didn't
come here and read just about everything I could about phishing.
Thanks!

From : Paypal Security Departament <security@paypal.com>
Sent : Saturday, February 24, 2007 1:03 AM
To : email addy deleted by me :)
Subject : Confirms that you have paid for this product


Go to previous message | Go to next message | Junk E-Mail | Inbox

Received: from mail.epictelevision.com ([67.158.31.202]) by bay0-mc6-f6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Sat, 24 Feb 2007 06:58:31 -0800
Received: from localhost (localhost [127.0.0.1])by mail.epictelevision.com (Postfix) with ESMTP id A00DC29C088for <>; Sat, 24 Feb 2007 05:43:27 -0700 (MST)
Received: from mail.epictelevision.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04895-08 for <>; Sat, 24 Feb 2007 05:43:27 -0700 (MST)
Received: by mail.epictelevision.com (Postfix, from userid 1025)id 6E36723FA80; Sat, 24 Feb 2007 00:03:40 -0700 (MST)
X-Message-Info: txF49lGdW41dv3wfn3C2Gx3aqODRA0FA5YMnrLseJ1I=
X-Virus-Scanned: by amavisd-new at mail.epictelevision.com
Return-Path: bud@mail.epictelevision.com
X-OriginalArrivalTime: 24 Feb 2007 14:58:33.0280 (UTC) FILETIME=[40D02C00:01C75824]
We've identified this mail as junk. Please tell us if we were right or wrong by clicking Junk or Not Junk


Dear member,

This email confirms that you have paid orders@dell.com $699.99 USD using PayPal.

This credit card transaction will appear on your bill as "PAYPAL *DELL INC".


Payment Details

Purchased From:Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.Dell.Inc

Item # Item Title Quantity Price Subtotal
250016390196 New Dell 6400 e1505 Intel Core Duo 1.66GHz 1GB Laptop 1 $669.95 USD $669.95 USD

Shipping & Handling via USPS First Class Mail to 154XX
(includes any seller handling fees) $19.16 USD
Shipping Insurance (optional): --
Sales Tax (6.000% inPA) : $10.88 USD
Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.
Total: $699.99 USD
Note:Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.Thank you!



Shipping Information

Shipping Info: Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.
Wayne E Bakewell
16 elm st
Brownsville, PA 15417
United States
Address Status: Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message. ConfirmedHotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.

If you have questions about the shipping and tracking of your purchased item or service, please contact the seller orders@dell.com.

Do you confirm this transaction?

If this transaction was not made by you please immediately take the following steps:

* Login to your account by clicking on the link below
* Provide requested information to ensure you are the owner of the account
* Find this transaction in HISTORY and click 'Cancel Transaction'


Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message. CANCEL TRANSACTION!Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.

Thank you for using PayPal!
The PayPal Team

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and choose the Help link located in the top right corner of any PayPal page.

PayPal Email ID PP843
"Gort! Klaatu.. barada.. nikto!"

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 24 February 2007 - 10:08 PM

Our friends at CastleCops have set up a wonderful anti-fishing project.
Read about it: http://blog.washingt...sh_fighter.html
and take your Phish to http://www.castlecops.com/pirt for electrocution.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,466 posts

Posted 24 February 2007 - 10:12 PM

It sure looks like phish... However, I suggest going to PayPal by your usual means and check your account to make sure that there has been no activity... DO NOT use the link in the email (of course)...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#4 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 24 February 2007 - 10:12 PM

Thank you for the links, cnm!
Y'all are awesome!

Edit: Thanks Budfred, but I don't have a PayPal account. :lol:

Edit Again: I'm such an idiot. I deleted the actual email, so I can't submit
the URL to Castlecops. Thanks for your help anyway. :)

Dee

Edited by DeeEss, 24 February 2007 - 10:39 PM.

"Gort! Klaatu.. barada.. nikto!"

#5 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,466 posts

Posted 24 February 2007 - 10:25 PM

Edit: Thanks Budfred, but I don't have a PayPal account. :lol:
Dee

Then I would say the chance that it is a phish is 100%... :rofl: :rofl:
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#6 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 26 February 2007 - 06:29 PM

To cnm and Budfred,
Just wanted to let you know that I submitted the phish to Castlecops
and to thank you once again for your help. :)


Then I would say the chance that it is a phish is 100%... :rofl: :rofl:




Yep! :lol:
"Gort! Klaatu.. barada.. nikto!"

#7 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 February 2007 - 06:56 PM

You're welcome, DeeEss. :)

(I picture you joining the PIRT squad and zapping many more...)
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#8 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 10 March 2007 - 03:28 PM

You're welcome, DeeEss. :)

(I picture you joining the PIRT squad and zapping many more...)



Now that's a good idea, but I'm not sure if I'm up to it.
I'm not very computer savvy. :)
"Gort! Klaatu.. barada.. nikto!"

#9 racooper

racooper

    Master of my own Domain

  • Retired Staff
  • PipPipPipPipPip
  • 1,420 posts

Posted 14 March 2007 - 09:48 PM

Looks like these scammers finally got a little smarter...the same message was being used a few months ago, also from "Dell", but invoicing a "Sony Vaio" laptop....I don't think Dell sells Sony (and for that matter, I don't believe they accept PayPal either....)

#10 Deny

Deny

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 March 2007 - 10:55 AM

I receive every couple days similar messages from paypal, different banks, many letters from Nigerians scams etc...
What i do is simple: ignore it.

#11 fredvries

fredvries

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 345 posts

Posted 25 April 2007 - 12:43 AM

Yes, it is phishing. :alarm:

PayPal, if they want to contact you via e-mail, will always have your correct name in the mail. That's because they know who you are...

Phishing mails will say, as this mail does, 'Dear member'.

Edited by fredvries, 25 April 2007 - 12:44 AM.

www.pdd-nos.com

#12 Blue Ice

Blue Ice

    Member

  • Banned
  • Pip
  • 2 posts

Posted 09 November 2007 - 08:10 AM

Yes, it is phishing. :alarm:

PayPal, if they want to contact you via e-mail, will always have your correct name in the mail. That's because they know who you are...

Phishing mails will say, as this mail does, 'Dear member'.



when looking at these phising emails, Hover your mouse over the link they have, and look at your status bar, It goes to a ip. Write down that ip, and open a new browser, and Goto JUST the ip. You'll be surprised where they lead to. Most are university's LOL I get those all the time in my email On accounts I don;t have a Paypal with. Whats really fun to do, is click the link Put in username Get A Clue password Your So Lame. It's funny casue them dumbass's actually try itLOL, I had site setup, and Got these idiots to goto it, It was a mock of newegg, And They tried these different address and stuff, From things I sent in. LOL It was funny.

BTW, I only open these on my linux box LOL So I have no concern for saftey on that box, Casue there is ZERO personal info on it LOL, links are copied to wordpad, and then sent over. So It's a well hidden box. LOL and It runs off a Live CD when I do that, So I really have nothing to worry about, Reboot afterwards, and poof Its all gone LOL, And Also, when you run custom partitions, That are NOT what virue's work on, It makes things even better. LOL

I run off a Live Cd, Anything I need I then save to the proper drive. Other Then that NOTHING is saved on the machine. I haven't had a Issue is 6-8 yrs now Since doing that. Heck I still have my WinME Live CD. :p

Only issue on a live cd, Is hardware changes, If you put in a new part you have t remake the cd so I doesnt act like it is installing on every startup :p

If you think you have a Virus or what not, Just reboot. :) Good by problems :)

Linux FTW

#13 DeeEss

DeeEss

    Advanced Member

  • Full Member
  • PipPipPip
  • 160 posts

Posted 06 July 2008 - 05:58 PM

I think I found another one in my yahoo account, listed as spam.
Opinions please? :)

INVESTMENT OPPORTUNITY?
From: Mrs. Mitchell Arnold Tsvangirai (mrszimfamily1@yahoo.co.in)
Medium riskYou may not know this sender.Mark as safe|Mark as unsafe
Sent: Sun 7/06/08 12:16 PM
To: :):)@yahoo.co.in<----addy is not mine





241 Sidney Ave

Waterkloof, Pretoria

South Africa

Direct Line : 27 84 647 3254



Dear Uncle



I feel quite safe dealing with you in this important business. Although, this medium (Internet) has been greatly abused, I choose to reach you through it because it still remains the fastest medium of communication worldwide . However, this correspondence is private, and I hope you treat it the same.



I am Mrs. Mitchell Arnold Tsvangirai, from Zimbabwe, I am the wife of Late Mr. Arnold Tsvangirai, owner UZZI farm Ltd , my Husband is a brother to MDC Party Leader Mr. Morgan Tsvangirai, affected by President Robert Mugabe's land reform acts which is depriving us of rights in all facets.



I have US$30 (THIRTY MILLION UNITED STATES DOLLARS) which I will like to invest for my children Miss Agnes and Mr. Frank with your firm /company since I am not business inclined following the loss of my husband.



Meanwhile I hope you are aware of what happened to foreigners here in South Africa last few months by her citizens (Xenophobic) this is a mark that our continuing staying here peacefully is not guaranteed.



You may wish to read about the problems in Zimbabwe my country through the following links clearing any doubt in my proposition and to ascertain my reasons of contacting you and the situation we are in. Although I knew bad people has spoiled the image of the good ones. Carefully read………



hxxp://news.bbc.co.uk/2/hi/africa/6448559.stmhxxp://news.bbc.co.uk/2/hi/africa/6448559.stm[/url]

xxp://news.bbc.co.uk/1/hi/world/africa/918781.stmhxxp://news.bbc.co.uk/1/hi/world/africa/918781.stm[/url]

hxxp://news.bbc.co.uk/1/hi/world/africa/715001.stmhxxp://news.bbc.co.uk/1/hi/world/africa/715001.stm[/url]



We will sign an agreement, but be sure that it is real and a genuine business. with believe in God that you will never let me down in this business. I will invest in your country. Be assured that all the necessary documents backing this fund have been arranged by my attorney, feel free to ask any question regarding this transaction where you do not understand.



BUT BE SURE THAT IT IS REAL AND A GENUINE BUSINESS. I CONTACT YOU BELIEVING THAT YOU WILL NOT LET ME DOWN ONCE THE FUND GOES INTO YOUR ACCOUNT.

Hoping to hear from you soonest, kindly contact me through my mobile phone number to facilitate this transaction and my private email.



Yours sincerely

Mrs. Mitchell Arnold Tsvangirai

(For the F amily)

Direct Line Tel 27 83 957 4520

Email : mrszimfamily1@yahoo.co.in

Email : madamfamily@hotmail.com


EINE FÜR ALLE: die kostenlose WEB.DE-Plattform für Freunde und Deine
Homepage mit eigenem Namen. Jetzt starten! hxxp://unddu.de/?kid=kid@mf2


Edit: Wasn't sure about the urls

Edited by DeeEss, 06 July 2008 - 06:08 PM.

"Gort! Klaatu.. barada.. nikto!"

#14 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,814 posts

Posted 06 July 2008 - 07:47 PM

Yep.. looks, smells, and tastes like phishing.


I suggest forwarding the e-mail to pirt@castlecops.com so the CastleCops PIRT team can do something about it. :)


Come on spambots-- send your garbage to that e-mail address so they can shut you down sooner.

Please consider donating to help support the continued prompt and excellent services of this site.


#15 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,466 posts

Posted 06 July 2008 - 08:10 PM

Yes, definitely phishing and a variation on one of the oldest phish out there... Given the recent increase in this kind of garbage, they must be reeling in a lot of suckers to make it worthwhile... :weep:
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#16 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 16 August 2008 - 03:18 PM

i too had similar email spam:


Fill the below::deal:
1. Name: 2.Address . 3. Marital Status: 4. Occupation: 5. Age:
6. Sex: 7. Nationality: 8. Country of Residence: 9. Telephone Number:

Congratulation!!
Sincerely,
Mrs.Anna Marthin :bangbang: :whistle:


but i didn't know what to do with them :scratchhead: . I was gonna file a complaint here: http://www.ic3.gov/c...nt/default.aspx

Should I instead go to castlecops?
Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#17 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 August 2008 - 03:32 PM

Going to CastleCops would be good, but unfortunately their site is having troubles, which they are currently working on.. In the meantime it is rarely accessible.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button