You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Kenneth Porter <sh...@sewingwitch.com> on 2007/09/28 17:10:45 UTC
New PayPal phish?
Is there a new PayPal phish going about? This almost looks legitimate, and
I imagine it would have a lot of appeal to the survey-lovers. (I had no
communication with PayPal this week, so I know this is bogus.)
Re: New PayPal phish?
Posted by Jari Fredriksson <ja...@iki.fi>.
> Is there a new PayPal phish going about? This almost
> looks legitimate, and I imagine it would have a lot of
> appeal to the survey-lovers. (I had no communication with
> PayPal this week, so I know this is bogus.)
I received those too, and before that, an email from their customer support telling me that they did not have my email in their database.
What was strange, that the email was an answer to something that I had posted to THIS SpamAssassin list! The person I replied had some webmaster@example.de address, so I though he was somehow connected with PayPal germany (if there is such!).
I replied to the PayPal message that my mail was about SpamAssassin and not PayPal, and they should tell their webmaster not using a Reply-To which gets to PayPal customer service.
Well, they responded... again telling that my email address can not be found from their database. Seems impossible to reach them without being a customer;)
And then came those surveys... They wanted to know how they managed to help me in my problem;)
They are legitimate IMO, and may be because you have replied to the sender of a message here.
I enclose here the first contact from PayPal to me. It is a reply to a message to this list.
----------------------------------(8<)-----------------------------------------
Dear Jari Fredriksson,
Thank you for contacting PayPal with your concern.
Hello my name is Jorge, I am sorry to hear about the situation regarding
your account and understand your frustration and concern over this
issue. I am happy to assist you with your questions.
Unfortunately, we didn't receive sufficient information to proceed with
your question. Please provide us with additional information such as:
· What issue are you experiencing?
· Are you receiving an error message? (If so, please include the
full error message.)
· What steps are being taken when you are encountering the issue?
We appreciate your assistance in resolving your question.
We appreciate your patience and understanding regarding this matter, and
wish you continued success on PayPal.
Sincerely,
Jorge
PayPal Consumer Support
PayPal, an eBay Company
Original Message Follows:
------------------------
> Hello Jari!
>
> First here are my Config-Files:
>
>
> The system runs with qmail, clamav and spamassassin
> (xinet.d)
>
>
> I just recognized that when I write in my config files
> "ok_languages de" and some content analysis written in
> the body of the mail produced by Spamassissin are not
> translated into German the mail would give a reason for
> another run for the Scanner? Could this be?
>
> Greetings
Your SA-config propably is not the cause. I don't know about qmail, and
how it calls SpamAssassin, but could it be that SpamAssassin is called
in two separate places?
First in some QMail configuration, and then later in procmail or
whatever delivers the mail to the user mailbox.
Something like that might look possible to me. SpamAssassin itself does
not call itself no matter how you configure.
The problem propably lies in qmail and other mail delivery configuration
files.
----------------------------------(8<)-----------------------------------------
Re: New PayPal phish?
Posted by Loren Wilton <lw...@earthlink.net>.
> It IS legitimate. I received one 07/14 referencing a e-mail on 07/12, and
> yes, on 07/12, Paypal did e-mail me (I had asked about a broken security
> key).
But on the other hand, I very carefully checked the spam bucket plus any
paypal communications when I got one of these, and I did NOT have any
message from PP on or even near the specified date in the thing from
echosurveys.
Loren
RE: New PayPal phish?
Posted by Robert - elists <li...@abbacomm.net>.
>
> At 08:10 AM 9/28/2007, Kenneth Porter wrote:
> >Is there a new PayPal phish going about? This almost looks
> >legitimate, and I imagine it would have a lot of appeal to the
> >survey-lovers. (I had no communication with PayPal this week, so I
> >know this is bogus.)
....some time ago when setup on ebay and paypal we received a legitimate
email implying from and/or approved by paypal so to speak from a paypal
email address and server and it was a essentially UCE spam.
I checked the headers and doing a traceroute took me straight to the InfoUSA
gateway...
Doing a dig or two forward and reverse revealed *proper* dns forward and
reverse for the paypal.com aliased smtp server inside the infousa ip
network.
The proper forward and reverse dns alone implies some type of agreement and
consent between those orgs to any knowledgeable internetwork admin that ive
ever met.
Imagine that boys and girls.
Deception, money, and power talk eh?
Tif I remember correctly, there was essentially no comment from paypal
regarding it being real or a phish.
I was trying to dig it up in our archives and will post info if I find it
- rh
Re: New PayPal phish?
Posted by Evan Platt <ev...@espphotography.com>.
It IS legitimate. I received one 07/14 referencing a e-mail on 07/12,
and yes, on 07/12, Paypal did e-mail me (I had asked about a broken
security key).
At 08:10 AM 9/28/2007, Kenneth Porter wrote:
>Is there a new PayPal phish going about? This almost looks
>legitimate, and I imagine it would have a lot of appeal to the
>survey-lovers. (I had no communication with PayPal this week, so I
>know this is bogus.)
Re: New PayPal phish?
Posted by Evan Platt <ev...@espphotography.com>.
The message the OP Kenneth Porter sent? No, it wasn't a phish.
At 10:01 AM 9/30/2007, Michelle Konzack wrote:
>Right, but PayPal write the ful name in the "From:" header too.
>So, the message from the OP is definitivly a phish.
Re: New PayPal phish?
Posted by Michelle Konzack <li...@freenet.de>.
Am 2007-09-28 10:32:47, schrieb Skip:
> I saw one of these nearly a month ago, but that was it. That it comes
> addressed to a personal name is a bit disturbing.
>
> - Skip
>
------------------------- END OF REPLIED MESSAGE -------------------------
Right, but PayPal write the ful name in the "From:" header too.
So, the message from the OP is definitivly a phish.
Thanks, Greetings and nice Day
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: New PayPal phish?
Posted by Loren Wilton <lw...@earthlink.net>.
>I saw one of these nearly a month ago, but that was it. That it comes
> addressed to a personal name is a bit disturbing.
Yea, I got one a couple weeks back also. Having the correct name is more
than a little disturbing. Makes me think that either Paypal are idiots
contracting with a third party, or their database has been stolen again.
Neither are happy ideas.
Loren
RE: New PayPal phish?
Posted by Skip <sb...@dmp.com>.
I saw one of these nearly a month ago, but that was it. That it comes
addressed to a personal name is a bit disturbing.
- Skip
Re: New PayPal phish?
Posted by "John D. Hardin" <jh...@impsec.org>.
On Fri, 28 Sep 2007, Kenneth Porter wrote:
> Is there a new PayPal phish going about? This almost looks
> legitimate, and I imagine it would have a lot of appeal to the
> survey-lovers. (I had no communication with PayPal this week, so I
> know this is bogus.)
I reported it to paypal as such.
If not, somebody needs to take a cluebat to whoever at paypal decided
to use a third party for this. "Hey! Let's train our account holders
to click on random links!"
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Pelley: Will you pledge not to test a nuclear weapon?
Ahmadeinejad: CIA! Secret prison in Europe! Abu Ghraib!
-- Mahmoud Ahmadeinejad clumsily dodges a question
(60 minutes interview, 9/20/2007)
-----------------------------------------------------------------------
240 days until the Mars Phoenix lander arrives at Mars