Uncategorized

Phishing without bait

FishI received one of the worst attempts I’ve ever seen at Phishing today.

This plain text e-mail came today from tp-verification@gmail.com:
Your account has been flagged!
PayPal Security Measures.

Dear PayPal Member,
Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your Paypal account and to ensure a safe PayPal experience. We require all flagged accounts to verify their information on file with us. To verify your information at this time, please visit our secure server webform by clicking the hyperlink below:

200.57.158.130/cmd\cgi_bin\cmd_login/

If you choose to ignore our request, you leave us no choice but to temporarily suspend your account.
Thank you for your patience as we work together to protect your account.


I enjoy fly fishing when I make time for it but consider myself far from expert. One thing I do know is I'm more likely to catch fish if I'm using something that looks like food on the end of the line. A plain text e-mail with a horribly formatted "link" looks nothing like food to me.

For the fun of it, I visited the site, which is an excellent copy of paypal's site. Unfortunately for the phishers, Firefox thought ths site/URL looked suspicous. (Yay for Firefox!)
Forged site