16 replies to this topic

[DeeEss]

Hi all
The following email was in my account today. I immediately copied
it and came here to get your opinions. Don't worry, this was in the JunkMail folder
so the links and images were inactive. I just wanted to let the SWI malware fighters
know that they are very appreciated. I wouldn't have known about this if I didn't
come here and read just about everything I could about phishing.
Thanks!

From : Paypal Security Departament <security@paypal.com>
Sent : Saturday, February 24, 2007 1:03 AM
To : email addy deleted by me
Subject : Confirms that you have paid for this product


Go to previous message | Go to next message | Junk E-Mail | Inbox

Received: from mail.epictelevision.com ([67.158.31.202]) by bay0-mc6-f6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Sat, 24 Feb 2007 06:58:31 -0800
Received: from localhost (localhost [127.0.0.1])by mail.epictelevision.com (Postfix) with ESMTP id A00DC29C088for <>; Sat, 24 Feb 2007 05:43:27 -0700 (MST)
Received: from mail.epictelevision.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04895-08 for <>; Sat, 24 Feb 2007 05:43:27 -0700 (MST)
Received: by mail.epictelevision.com (Postfix, from userid 1025)id 6E36723FA80; Sat, 24 Feb 2007 00:03:40 -0700 (MST)
X-Message-Info: txF49lGdW41dv3wfn3C2Gx3aqODRA0FA5YMnrLseJ1I=
X-Virus-Scanned: by amavisd-new at mail.epictelevision.com
Return-Path: bud@mail.epictelevision.com
X-OriginalArrivalTime: 24 Feb 2007 14:58:33.0280 (UTC) FILETIME=[40D02C00:01C75824]
We've identified this mail as junk. Please tell us if we were right or wrong by clicking Junk or Not Junk


Dear member,

This email confirms that you have paid orders@dell.com $699.99 USD using PayPal.

This credit card transaction will appear on your bill as "PAYPAL *DELL INC".


Payment Details

Purchased From:Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.Dell.Inc

Item # Item Title Quantity Price Subtotal
250016390196 New Dell 6400 e1505 Intel Core Duo 1.66GHz 1GB Laptop 1 $669.95 USD $669.95 USD

Shipping & Handling via USPS First Class Mail to 154XX
(includes any seller handling fees) $19.16 USD
Shipping Insurance (optional): --
Sales Tax (6.000% inPA) : $10.88 USD
Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.
Total: $699.99 USD
Note:Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.Thank you!



Shipping Information

Shipping Info: Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.
Wayne E Bakewell
16 elm st
Brownsville, PA 15417
United States
Address Status: Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message. ConfirmedHotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.

If you have questions about the shipping and tracking of your purchased item or service, please contact the seller orders@dell.com.

Do you confirm this transaction?

If this transaction was not made by you please immediately take the following steps:

* Login to your account by clicking on the link below
* Provide requested information to ensure you are the owner of the account
* Find this transaction in HISTORY and click 'Cancel Transaction'


Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message. CANCEL TRANSACTION!Hotmail has replaced this image to help protect your privacy. Click 'Show images once or Add sender to safe list' above to display images if you trust the sender of this message.

Thank you for using PayPal!
The PayPal Team

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and choose the Help link located in the top right corner of any PayPal page.

PayPal Email ID PP843

[cnm]

Our friends at CastleCops have set up a wonderful anti-fishing project.
Read about it: http://blog.washingt...sh_fighter.html
and take your Phish to http://www.castlecops.com/pirt for electrocution.

[Budfred]

It sure looks like phish... However, I suggest going to PayPal by your usual means and check your account to make sure that there has been no activity... DO NOT use the link in the email (of course)...

[DeeEss]

Thank you for the links, cnm!
Y'all are awesome!

Edit: Thanks Budfred, but I don't have a PayPal account.

Edit Again: I'm such an idiot. I deleted the actual email, so I can't submit
the URL to Castlecops. Thanks for your help anyway.

Dee

Edited by DeeEss, 24 February 2007 - 10:39 PM.

[Budfred]

Edit: Thanks Budfred, but I don't have a PayPal account.
Dee

Then I would say the chance that it is a phish is 100%...

[DeeEss]

To cnm and Budfred,
Just wanted to let you know that I submitted the phish to Castlecops
and to thank you once again for your help.

Then I would say the chance that it is a phish is 100%...

Yep!

[cnm]

You're welcome, DeeEss.

(I picture you joining the PIRT squad and zapping many more...)

[DeeEss]

You're welcome, DeeEss.

(I picture you joining the PIRT squad and zapping many more...)

Now that's a good idea, but I'm not sure if I'm up to it.
I'm not very computer savvy.

[racooper]

Looks like these scammers finally got a little smarter...the same message was being used a few months ago, also from "Dell", but invoicing a "Sony Vaio" laptop....I don't think Dell sells Sony (and for that matter, I don't believe they accept PayPal either....)

[Deny]

I receive every couple days similar messages from paypal, different banks, many letters from Nigerians scams etc...
What i do is simple: ignore it.

[fredvries]

Yes, it is phishing.

PayPal, if they want to contact you via e-mail, will always have your correct name in the mail. That's because they know who you are...

Phishing mails will say, as this mail does, 'Dear member'.

Edited by fredvries, 25 April 2007 - 12:44 AM.

[Blue Ice]

Yes, it is phishing.

PayPal, if they want to contact you via e-mail, will always have your correct name in the mail. That's because they know who you are...

Phishing mails will say, as this mail does, 'Dear member'.

when looking at these phising emails, Hover your mouse over the link they have, and look at your status bar, It goes to a ip. Write down that ip, and open a new browser, and Goto JUST the ip. You'll be surprised where they lead to. Most are university's LOL I get those all the time in my email On accounts I don;t have a Paypal with. Whats really fun to do, is click the link Put in username Get A Clue password Your So Lame. It's funny casue them dumbass's actually try itLOL, I had site setup, and Got these idiots to goto it, It was a mock of newegg, And They tried these different address and stuff, From things I sent in. LOL It was funny.

BTW, I only open these on my linux box LOL So I have no concern for saftey on that box, Casue there is ZERO personal info on it LOL, links are copied to wordpad, and then sent over. So It's a well hidden box. LOL and It runs off a Live CD when I do that, So I really have nothing to worry about, Reboot afterwards, and poof Its all gone LOL, And Also, when you run custom partitions, That are NOT what virue's work on, It makes things even better. LOL

I run off a Live Cd, Anything I need I then save to the proper drive. Other Then that NOTHING is saved on the machine. I haven't had a Issue is 6-8 yrs now Since doing that. Heck I still have my WinME Live CD.

Only issue on a live cd, Is hardware changes, If you put in a new part you have t remake the cd so I doesnt act like it is installing on every startup

If you think you have a Virus or what not, Just reboot. Good by problems

Linux FTW

[DeeEss]

I think I found another one in my yahoo account, listed as spam.
Opinions please?

INVESTMENT OPPORTUNITY?
From: Mrs. Mitchell Arnold Tsvangirai (mrszimfamily1@yahoo.co.in)
Medium riskYou may not know this sender.Mark as safe|Mark as unsafe
Sent: Sun 7/06/08 12:16 PM
To: :)@yahoo.co.in<----addy is not mine





241 Sidney Ave

Waterkloof, Pretoria

South Africa

Direct Line : 27 84 647 3254



Dear Uncle



I feel quite safe dealing with you in this important business. Although, this medium (Internet) has been greatly abused, I choose to reach you through it because it still remains the fastest medium of communication worldwide . However, this correspondence is private, and I hope you treat it the same.



I am Mrs. Mitchell Arnold Tsvangirai, from Zimbabwe, I am the wife of Late Mr. Arnold Tsvangirai, owner UZZI farm Ltd , my Husband is a brother to MDC Party Leader Mr. Morgan Tsvangirai, affected by President Robert Mugabe's land reform acts which is depriving us of rights in all facets.



I have US$30 (THIRTY MILLION UNITED STATES DOLLARS) which I will like to invest for my children Miss Agnes and Mr. Frank with your firm /company since I am not business inclined following the loss of my husband.



Meanwhile I hope you are aware of what happened to foreigners here in South Africa last few months by her citizens (Xenophobic) this is a mark that our continuing staying here peacefully is not guaranteed.



You may wish to read about the problems in Zimbabwe my country through the following links clearing any doubt in my proposition and to ascertain my reasons of contacting you and the situation we are in. Although I knew bad people has spoiled the image of the good ones. Carefully read………



hxxp://news.bbc.co.uk/2/hi/africa/6448559.stmhxxp://news.bbc.co.uk/2/hi/africa/6448559.stm[/url]

xxp://news.bbc.co.uk/1/hi/world/africa/918781.stmhxxp://news.bbc.co.uk/1/hi/world/africa/918781.stm[/url]

hxxp://news.bbc.co.uk/1/hi/world/africa/715001.stmhxxp://news.bbc.co.uk/1/hi/world/africa/715001.stm[/url]



We will sign an agreement, but be sure that it is real and a genuine business. with believe in God that you will never let me down in this business. I will invest in your country. Be assured that all the necessary documents backing this fund have been arranged by my attorney, feel free to ask any question regarding this transaction where you do not understand.



BUT BE SURE THAT IT IS REAL AND A GENUINE BUSINESS. I CONTACT YOU BELIEVING THAT YOU WILL NOT LET ME DOWN ONCE THE FUND GOES INTO YOUR ACCOUNT.

Hoping to hear from you soonest, kindly contact me through my mobile phone number to facilitate this transaction and my private email.



Yours sincerely

Mrs. Mitchell Arnold Tsvangirai

(For the F amily)

Direct Line Tel 27 83 957 4520

Email : mrszimfamily1@yahoo.co.in

Email : madamfamily@hotmail.com


EINE FÜR ALLE: die kostenlose WEB.DE-Plattform für Freunde und Deine
Homepage mit eigenem Namen. Jetzt starten! hxxp://unddu.de/?kid=kid@mf2


Edit: Wasn't sure about the urls

Edited by DeeEss, 06 July 2008 - 06:08 PM.

[screen317]

Yep.. looks, smells, and tastes like phishing.


I suggest forwarding the e-mail to pirt@castlecops.com so the CastleCops PIRT team can do something about it.


Come on spambots-- send your garbage to that e-mail address so they can shut you down sooner.

[Budfred]

Yes, definitely phishing and a variation on one of the oldest phish out there... Given the recent increase in this kind of garbage, they must be reeling in a lot of suckers to make it worthwhile... :weep:

[Dark Hobo]

i too had similar email spam:


Fill the below:
1. Name: 2.Address . 3. Marital Status: 4. Occupation: 5. Age:
6. Sex: 7. Nationality: 8. Country of Residence: 9. Telephone Number:

Congratulation!!
Sincerely,
Mrs.Anna Marthin


but i didn't know what to do with them . I was gonna file a complaint here: http://www.ic3.gov/c...nt/default.aspx

Should I instead go to castlecops?

[cnm]

Going to CastleCops would be good, but unfortunately their site is having troubles, which they are currently working on.. In the meantime it is rarely accessible.