Phishing fraud undetected

Denis Beauchemin Denis.Beauchemin at USherbrooke.ca
Thu Mar 16 14:07:00 GMT 2006


Hello all,

This morning I came across the following HTML code that was not picked 
up by MS:

> To ensure that your service is not interrupted,
>
> please update
> your account information today<font
>
> color="#000099"><a
>
> href=" https://www.paypal.com/cgi-bin/webscr?cmd=_login-run">
> </a> </font>
> </font><b><font face="Arial, Helvetica, sans-serif"> 
> <a
>
> href="http://lasvegasy.web.lowfathost.com/PayPal-Update/PayPal/update.htm"></u></font>
> <font style="FONT-SIZE: 9pt" color="#ff4040"><u>by 
>
> clicking
> here.</a></font>

I find it strange that there are 2 <A HREF=...> in a row but the second 
one is clearly a phishing attempt.  Is it because the URL does not start 
with www?

I'm using MS 4.50.10-1.

Thanks!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3226 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/95a3d3ee/smime.bin


More information about the MailScanner mailing list