MacHouse video tutorials for Mac search engine optimization Spam database Web Hosting providers Web Hosting review web hosting providers MacHouse Help

December 7, 2008

Active Phishing Website Targeting German PayPal Users - Part 1

Filed under: Internet security — Administrator @ 10:31 pm
Posted about 1 years and 8 months ago

anti spam






TOKYO (MacHouse) - Criminals never quit. We reported an active PayPal phishing website about just 10 days ago. And we’ve found a new one. This PayPal phishing website is apparently targeting German users.





PayPal phishing webgameinfo.se backlink-superchargers.com
Screenshot 01 - Source: MacHouse
  PayPal phishing webgameinfo.se backlink-superchargers.com
Screenshot 02 - Source: backlink-superchargers.com
  PayPal phishing webgameinfo.se backlink-superchargers.com
Screenshot 03 - Source: backlink-superchargers.com






An organized cyber scum group circulated at least two copies of an identical spam message more than 10 hours ago. The subject line of the message is Bitte antworten Sie bis spatestens 9.12.2008 hinsichtlich Fall Nr. PP-720-135-625. It says something like “Please answer to spatestens 9.12.2008 regarding case No. PP-720-135-625.” (See Screenshot 01.) The entire message is written in German, which we can’t read. There are several URLs pasted in the message. The underlying link behind one of the URLs is http://webgameinfo.se//Privatkunden-passw0rt/index.htm. Clicking on the link, you will be redirected to a PayPal phishing website hosted at the domain of backlink-superchargers.com. More specifically, a phishing website is installed inside popin-video > .online-id. (See Screenshot 02-3.)

Our preliminary analysis shows that the spam message originates from a web server in Ottawa, Ontario, Canada. We don’t know if this is the true origin. Anyway, it seems that the spam message was then passed to a web server of Vail Mountain School (vms.edu), a school located in Vail, Colorado, USA.

We will have a more detailed report in several hours.






Click on the button to watch a documentation video. VTC
Click on the button to watch more documentation videos. VTC






References:

Warning: Active PayPal Phishing Website Found at APLUS.NET - Part 2
Warning: Active PayPal Phishing Website Found at APLUS.NET - Part 1
Active PayPal Phishing Website Ex San Diego, CA, USA - Part 2
Active PayPal Phishing Website Ex San Diego, CA, USA - Part 1
Beware of French PayPal Phishing Website Hosted at WordPress Blog (Prenez garde d’un site Web phishing de PayPal accueilli à infantmemories.com.)
Beware of PayPal Phishing Mail Circulated by Moroccan Cyber Criminal Group





********** ********** ********** ********** ********** ********** ********** **********

MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?







2 Responses to “Active Phishing Website Targeting German PayPal Users - Part 1”

  1. Danny Says:

    Hey. We got this “payPal” fishing stuff too. we are a german company so i can translate the mail for you:

    the subject “Bitte antworten Sie bis spatestens 9.12.2008 hinsichtlich Fall Nr. PP-720-135-625″ means:

    “Please answer by 9th december 2008 regarding Case No. PP-720-135-625″

    i do not have the emailtext (out mailfilter filters the complete mail) but if you send it to my mailadress, i can translate it for you, if you like.

    regards
    danny

  2. Administrator Says:

    That would be very nice of you. Thanks for your offer. But that’s not necessary.

Leave a Reply


You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.

Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.

Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.

Subscribe without commenting