Phishing fraud undetected
Denis Beauchemin
Denis.Beauchemin at USherbrooke.ca
Thu Mar 16 14:07:00 GMT 2006
Hello all,
This morning I came across the following HTML code that was not picked
up by MS:
> To ensure that your service is not interrupted,
>
> please update
> your account information today<font
>
> color="#000099"><a
>
> href=" https://www.paypal.com/cgi-bin/webscr?cmd=_login-run">
> </a> </font>
> </font><b><font face="Arial, Helvetica, sans-serif">
> <a
>
> href="http://lasvegasy.web.lowfathost.com/PayPal-Update/PayPal/update.htm"></u></font>
> <font style="FONT-SIZE: 9pt" color="#ff4040"><u>by
>
> clicking
> here.</a></font>
I find it strange that there are 2 <A HREF=...> in a row but the second
one is clearly a phishing attempt. Is it because the URL does not start
with www?
I'm using MS 4.50.10-1.
Thanks!
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x2252 F: 819.821.8045
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3226 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060316/95a3d3ee/smime.bin
More information about the MailScanner
mailing list