[LINK] PayPal phishing scam - is this a domain hijack
Rick Welykochy
rick at praxis.com.au
Fri Jan 19 09:26:40 AEDT 2007
I just ran across the following PayPal phishing attempt. What I finf interesting
here is the domain name being used for the scam:
. . . . .
Payment Details
Transaction ID: 7KX030868E9630138
Item Price: $294.00 USD
Total: $294.00 USD
Order: Order #51
Business: elisom at netvision.net
If You Haven't Authorize This Charge , Click The Link Below To Cancel The Payment And Get Full Refumd
Login Here To Cancel The Payment
LINK:
http://www1.paypal.com.cgi-bin.verify-v50lxsecuressl.activate.onlineservice.accounts.raisedtotheground.com/webscrcmd=update/signinDQAAAG4AAADZ3XcFqGpyVexZXlp42ILckL16sz8USkBXj2StlL2lq74RZi-ZN0FOU7by8X_Jh2pn3AEECKZo8TFq0WyJ8IIGI0qgARKV_pf27Z0dSdpkBPWqiQQcY0sJJ8txaw-ifZToKQeM9OX1D4LVt4HygyKB.html
. . . . .
The 2LD domain is has a website: http://raisedtotheground.com/
So, how did the scammers attach the 3rd and high level domain name
components to this 2LD? Would they have to attack the servers that hosts
the domain (the "authority") and modify the zone files?
BTW: The reason the URL is so long is to further fool people who might
try to glimpse the URL in their email readers. I believe some email clients
cannot display such a long URL in its entirety.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
Those who are too smart to engage in politics are punished by being
governed by those who are dumber.
-- Plato
More information about the Link
mailing list