this site: http://202.108.69.147/webscr/ is an example of how well a phishing site can be designed. never click on a link and expect to get to a specific site. always type the site into address bar or use a bookmark ( favourites for infernal exploiter users )

It goes to an unregistered Asian IP address, possibly in PRC, Indonesia, Philippines, Malaysia or Korea. I recall a report on CNN that this is how terrorists are getting their cash now. It calls scripts and images from the paypal server, indicating the paypal server is insecure (i.e. they don't use the htaccess script or the framebuster script). Rather than sending a form-to-mail notice whenever somebody fills in the boxes, it uses a script that automatically records the info on their server.

point being,, if you use paypal you could expect to get an email from them so click the link and get that site. hmm. been taken for a ride by the phishers. since I obtained the url from a notice about it being a phishing site. figure being told that this is a phishing site so people can see it will help them see how serious it can be.

I got that mail. But never added any info to the form - any mail that doesn't address me by name or acct# or goes to an addy I don't use for financial transactions gets flushed straight out in mailwasher. Extremely well designed, though. ~S

Here is the text in the email: ================================= [Image "PayPal" ignored] [Image ignored] [Image ignored] Dear PayPal Member, Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your PayPal account and to ensure a safe PayPal experience. We require all flagged accounts to verify their information on file with us. To verify your Information at this time, please visit our secure server webform by clicking the hyperlink below Click here to verify your Information [links to http://202.108.69.147/webscr/] Thank you for using PayPal! The PayPal Team ======================================================== Copy/Paste from mailwasher. Whatever you do, don't answer. ~S

"This is a must" - errors in syntax like this are the usual give-aways for spam or con artists. They can be even more illiterate, so this one is not too bad compared to most of them - only 3 errors that almost nobody would notice. But I don't know where the unregistered IP address is located.

I got one supposedly from PayPal just like that. I closed it, typed in PayPal's addy and obtained information of what to do. Forwarded it to their supplied adddress and received answer back that it is a spoof. I knew that because I don't have a Paypal account...lol. Then one was sent from Ebay wanting me to click a link and input all my credit card info...I don't have an ebay account either. Sheesh, don't they ever quit?

nope, way to many people get caught by them for them to quit.

it's been shut down now. but this is what isp is responsable 202.108.69.147 % [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 202.108.69.0 - 202.108.69.255 netname: YS-INFORMATION-CO descr: YS Information Co.Ltd country: CN admin-c: GS26-AP tech-c: GS26-AP mnt-by: MAINT-CNCGROUP-BJ changed: hostmast@publicf.bta.net.cn 20040116 status: ASSIGNED NON-PORTABLE source: APNIC domain: 108.202.in-addr.arpa descr: The reverse delegation zone for descr: the ip range 202.108.0.0/16 country: CN admin-c: SY21-AP tech-c: SY21-AP zone-c: SY21-AP nserver: ns.bta.net.cn nserver: ns2.bta.net.cn notify: suny@publicf.bta.net.cn mnt-by: MAINT-CNCGROUP-BJ changed: hm-changed@apnic.net 20050202 source: APNIC person: sun ying address: Beijing Telecommunication Administration address: TaiPingHu DongLi 18, Xicheng District address: Beijing 100031 country: CN phone: +86-10-66198941 fax-no: +86-10-68511003 e-mail: suny@publicf.bta.net.cn nic-hdl: SY21-AP mnt-by: MAINT-CHINANET-BJ changed: suny@publicf.bta.net.cn 19980824 source: APNIC person: Gao SuJian address: Yang Fang Dian Lu 9 Hai Dian District address: Beijing 100038 nic-hdl: GS26-AP phone: +86-10-13910230034 fax-no: +86-10-88244077 e-mail: gaosujian@ys.cctv.com mnt-by: MAINT-CNCGROUP-BJ changed: hostmast@publicf.bta.net.cn 20040108 source: APNIC * Bold: Object type. * Underlined: Primary key(s). * Hyperlinks: Searchable Attributes.