New PayPal User/Pass Harvesting Scam?

[MrLinus]

I just noticed this on Full Disclosure. Apparently there may be a new PayPal harvesting scam going on. The subject is "PayPal User Agreement 9". It is an html email and found inside is the "user agreement" with the following modification. (I've removed the address but there is an ADSL address in Germany that matches where the xx's and 16s are).

PHP Code:

                <TD class=pp_footer>Please do not reply to this e-mail. Mail sent to this address cannot be
 answered. For assistance, [url="http://www.paypal.com@xx.xx.16.16"]log in[/url] to your PayPal account
 and choose the "Help" link in the footer of any page.
<BR class=h10>To receive email notifications in 
plain text instead of HTML ;update your preferences [url="https://www.paypal.com/PREFS-NOTI"]here[/url]. </TD></TR> 


A warning and head's up for those with "gulliable" users.

[Tiger Shark]

Thanks Ms. M.

A note will be going out to my particualar gaggle..... They'd chew down so hard on this one they'd break their teeth.....

[Dr_Evil]

Thanks MsMitts,

That why I dont respond to any emails from any financial institutions.I still use the good old mail system for correspondence.Its a good legal record ,in case you need it in future.

Dr_Evil

[mark_boyle2002]

Yes,

I recieved this in some of my users inbox's

if you point to the link it has " www.paypal.com@"Some IP Address" "

If these people were even remotely clever they would target individual users one at a time and get individual details.

I mean what are they going to do with A Pile of details ?

Write a pearl script to transfer all the £4.99 into some other account and hope no one notices.

I wish poeple would stop doing stupid things like this and others would stop being ignorant of general internet practice and falling for it. !!!

[spools.exe]

wow, thanks, i use paypal almost daily. I have yet to run into any of those, or atleast i hope not. Thanks for the heads up though.