论坛首页 - Powered by Discuz! Board

标题: [实用信息] 谨防中招：你收到盗号邮件 PayPal Payment Confirmation了吗？ [打印本页]

作者: vicguy 时间: 2010-11-22 15:37 标题: 谨防中招：你收到盗号邮件 PayPal Payment Confirmation了吗？

（Grant Authorized Article ）
今日收到 PayPal Payment Confirmation 钓鱼盗号邮件（Phishing Scam）。
开始莫名其妙。说我订购了电子产品DIGIMAX 130，价值$47。需要上 PayPal 帐号确认购买或申请退款。我真的有点Panic（心慌意乱）。因本人确有北美PayPal帐号，只是近日决未在eBay上订购任何商品。
幸亏本人是网络安全专家（Certified CISSP)，在江湖上也算大虾一条，想想事有蹊跷。收一收驚，来一段《金刚经》。心情已经淡定许多。于是决定查查她的狐狸尾巴。
明显露尾巴的地方是她的Email账户：写的是 PayPal (security@onlineupdate.com)。即然是从Paypal来的Email正式收款通知，却使用onlineupdate.com domain 的电邮帐号。这岂不是很滑稽吗？因而坚信这是一个Scam Email.
知道我也不必给Paypal打电话，吵架要钱，扯舌头。心情好了起来，赞自己真是冰雪聪明，于是冲杯Coffee，犒劳一下自己。。。
上网一查，原来此骗术已流行数年，不知让多少豪杰”竟折腰“。
自叹：真是网络江湖险恶，大虾，小虾们谨慎为妙呀。Let me watch your back (愿不愿意让我来保护你呀！xixi…)
如果收到EBAY / PAYPAL SCAM: DIGIMAX 130电邮，别急着回应或点击注册或login你的帐号。这是一个Phishing（钓鱼盗号）的邮件。万勿上当。

以下是电邮简介：

如果收到EBAY / PAYPAL SCAM: DIGIMAX 130电邮，别急着回应或点击注册或login你的帐号。这是一个Phishing（钓鱼盗号）的邮件。万勿上当。

If you received an email about your recent eBay purchase of a Digimax 130,

you don’t need to bother clicking the Dispute Transaction link. This is an all-too-common scam to get you to give up your PayPal login information, so don’t fall for it.

In the version I received, the Payment Details included:

- Amount: $47.85 USD
- Transaction ID: 2LC956793J776333Y
- Subject: Digimax 130

The seller was named as Edward Harrell, eBay user ID: scratchandgnaw2, although if there really is an Edward Harrell of Springtown, Texas, you can be sure he had nothing to do with this.

详见有关更多内容

作者: lloydli 时间: 2010-11-22 17:13

是个转贴吗，这跟是否网络专家有什么关系呀，月球人都知道了

作者: vicguy 时间: 2010-11-22 17:29 标题: 真有牛人。。。

有人不太相信自己会被Phishing，我也没办法。我今早7点收到这个Scam。只是作为CISSP，需要尽自己的专业义务提醒广大网民。也show off 一下防Phishing的能力。

作者: lloydli 时间: 2010-11-22 19:45

不好意思，应该鼓励，给您道个歉

作者: vicguy 时间: 2010-11-24 10:40 标题: 被盯上了：今早又收到一封 Scam Email

Dear PayPal Member,

We recently reviewed your account, and we are suspecting that your PayPal account may
have been accessed from an unauthorized computer.

This may be due to changes in your IP address or location. Protecting the security of your
account and of the PayPal network is our primary concern.

We are asking you to immediately login and report any unauthorized withdrawals, and check
your account profile to make sure no changes have been made.

To protect your account please follow the instructions below:

* DO NOT SHARE YOUR PASSWORD WITH OTHER USERS

* LOG OFF AFTER USING YOUR ONLINE ACCOUNT

Please click on the following link, to verify your account activity:

https://www.paypal.com/ca/cgi-bin/webscr?cmd=_login-run

We apologize for any inconvenience this may cause, and appreciate your support in helping us
maintaining the integrity of the entire PayPal system.

Please login as soon as possible.

Thank you for using PayPal!
PayPal Security Center
PayPal Email ID PP515

作者: vicguy 时间: 2010-11-24 11:01

注意login网站链接
https://www.paypal.com/ca/cgi-bin/webscr?cmd=_login-run

真正链接到的是phishing URL：
http://g20.kangwon.ac.kr/ssl128/cgi-bin/webscr-cmd_login-run/dispatch-5885d80a13c0db1f22d2300ef60a6759516e590e949da361fd1b680561e9552a"

作者: vicguy 时间: 2010-11-24 11:27

国际网络联盟似乎已有防范。试着去该网站会有警告栏结。但不知死的，还可以进去。

作者: vicguy 时间: 2010-11-24 11:44

网站使用的是韩国国际江源大学的网站。Kangwon National University

作者: ging 时间: 2010-11-24 12:43

来历不明邮件一概删除，天上没有馅饼。还有一个原则，无论多么诱人，让我给你钱，没门，除非在确认可靠网站订货。比如租房要你返回部分押金，即使有对方的支票入账，也不能返还现金给对方。

欢迎光临论坛首页 (http://mail.victoriabbs.com/bbs/)