TOKYO (MacHouse) – Criminals never quit. We reported an active PayPal phishing website about just 10 days ago. And we’ve found a new one. This PayPal phishing website is apparently targeting German users.
Screenshot 01 – Source: MacHouse
Screenshot 02 – Source: backlink-superchargers.com
Screenshot 03 – Source: backlink-superchargers.com
An organized cyber scum group circulated at least two copies of an identical spam message more than 10 hours ago. The subject line of the message is Bitte antworten Sie bis spatestens 9.12.2008 hinsichtlich Fall Nr. PP-720-135-625. It says something like “Please answer to spatestens 9.12.2008 regarding case No. PP-720-135-625.” (See Screenshot 01.) The entire message is written in German, which we can’t read. There are several URLs pasted in the message. The underlying link behind one of the URLs is http://webgameinfo.se//Privatkunden-passw0rt/index.htm. Clicking on the link, you will be redirected to a PayPal phishing website hosted at the domain of backlink-superchargers.com. More specifically, a phishing website is installed inside popin-video > .online-id. (See Screenshot 02-3.)
Our preliminary analysis shows that the spam message originates from a web server in Ottawa, Ontario, Canada. We don’t know if this is the true origin. Anyway, it seems that the spam message was then passed to a web server of Vail Mountain School (vms.edu), a school located in Vail, Colorado, USA.
Warning: Active PayPal Phishing Website Found at APLUS.NET – Part 2
Warning: Active PayPal Phishing Website Found at APLUS.NET – Part 1
Active PayPal Phishing Website Ex San Diego, CA, USA – Part 2
Active PayPal Phishing Website Ex San Diego, CA, USA – Part 1
Beware of French PayPal Phishing Website Hosted at WordPress Blog (Prenez garde d’un site Web phishing de PayPal accueilli à infantmemories.com.)
Beware of PayPal Phishing Mail Circulated by Moroccan Cyber Criminal Group