REPORT SUMMARY
Date Reported
23rd December 2003
Apparent Sender
Paypal
Subject
Verify Your
Identity
Senders Address
(spoofed)
verification@
paypal.com
Content
text and a
link to a fake
Paypal
web page
(see images)
Spoofed Web page/site?
Yes
Web page/site
content
forged Paypal web
page with web form
requiring Paypal user
name & password,
name & address,
bank, credit or debit
card
details, etc
Web page/site origin
URL
cloaked to show
www.paypal.com but
is actually
pp.youlikeshe.com
Identity Theft method
Web form information
is captured and
relayed to the
scammers utilising
PHP script
More...
Latest
phishing
scam
Another
Bank Email Scam
See our guide to
phishing scams
Other
Resources...
See our guides to
Free Utilities...
List of
Auction Sites
Paypal
'Verify your identity' -
Email Scam
23rd December 2003
Paypal server upgrade needs you to renew your account? Its a scam ...
This spoof email (as eBay and Paypal like to call these email scams) takes the form of a text email with a link (see images below).
The email text implies that Paypal are upgrading their server for security reasons, and asks that you renew your account by using the link provided. The ink is cloaked and utilises a vulnerability in mozilla browsers (which include Internet Explorer) to show a forged Paypal web page in your browser while deceptively displaying the proper Paypal URL in the browser address bar. The page is actually hosted outside of Paypal's web space. The link firstly will transport you to at a subdomain of youlikeshe.com which is hosted by joker.com, but that page is redirected to another domain - smbc.pl which is hosted by Kei in Krakow, Poland. This last page is further URL cloaked to show the same page with the incorrect address as shown below.
This browser vulnerability to
URL cloaking is a growing problem in email scams, but you can check
to see if your browser has this by using our URL cloaking checker (see
right of page).
Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
Email
Alerts
Add your email address to our email alert service...
Subscribe
Privacy Policy
RSS
News Feed
Tap into our Scam Alert service using your News Reader or Aggregator (including
My Yahoo!).
Scam Alert News Feed
You can even put the latest alerts on your own web site.
FORWARD
YOUR EMAIL SCAMS
TO KU.OC.SELIMSRELLIM@FOOPS
and help us to
build awareness and
help others
This
forged Paypal page asks is incredibly convincing and requests a
multitude
of personal and financial information (see images below).
Any data submitted
into this fake form is captured by the scammers using a PHP script located
on the same server.
If you have received this hoax email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.
Take a good look at the following images, because this hoax email scam may be coming to an inbox near you!
The Email ...
The fake web page...
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
