PayPal 的釣魚網站

在 Gmail 收到一封屬名 PayPal 寄出的信件,說我的帳戶因安全因素暫停使用,還沒打開信件就已經知道這是一封釣魚信件,因為寄件者顯示:

PayPal Security Center <tp-verification@gmail.com>

根本就不是 PayPal 官方會用的信箱,信件後面附上了一個連結:

200.57.158.130/cmd\cgi_bin\cmd_login/

隨便想也知道是個釣魚網站,用 firefox 打開,firefox 馬上就出現警告:

假的 PayPal

用 wget 下載網頁下來,發現這個釣魚網站裡面所有的連結都是使用真的網站 https://www.paypal.com/上的連結,只有 Member Log-In 的地方的:

<form action=webscr-cmd_personal-run.php method=post>

是這個網站的東西,很明顯的是來騙帳號密碼的。

比較訝異的是這封信因為是從 gmail 自己的信箱寄出,所以成功逃過了 Gmail 的過濾,沒有被當成 Spam,雖然說眼尖的人很容易察覺到信後所附的網址有問題,但我相信應該不少使用者會被騙到!

信件的原始檔:

From: “PayPal Security Center”<tp-verification@gmail.com>
Subject: PayPal Account Management
Date: Tue, 17 Jul 2007 14:21:38 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset=”Windows-1251”
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20070717182148.DDIO16176.ibm59aec.bellsouth.net@User>

Your account has been flagged!
PayPal Security Measures.

Dear PayPal Member,

Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your Paypal account and to ensure a safe PayPal experience. We require all flagged accounts to verify their information on file with us. To verify your information at this time, please visit our secure server webform by clicking the hyperlink below:

200.57.158.130/cmd\cgi_bin\cmd_login/

If you choose to ignore our request, you leave us no choice but to temporarily suspend your account.
Thank you for your patience as we work together to protect your account.

One comment on “PayPal 的釣魚網站

  1. 對阿, 這類金流公司最怕釣魚信件了~ 為了打擊phishing, paypal跟google有合作利用spf作MX驗證,來自paypal的合法郵件在header都會有spf=pass之類的訊息 ^^

Leave a Reply

Your email address will not be published. Required fields are marked *