DNS poisoning could very well be the reason ISC has details up on its site today and are running at yellow becuase of it http://isc.sans.org/ On Apr 4, 2005 5:29 PM, McAllister, Andrew <McAllisterA@xxxxxxxxxxxx> wrote: > I followed up with Mr Rasmussen privately. I've been getting phishing > spam that looks to be from PayPal (nothing new there), but strangely > enough has NO visible attack vector. The phishing spam directs me to a > legitimate paypal page. I know it is a scam because, e-mail headers > indicate the mail has come from unknown hosts, and I've received > confirmation from PayPal that it is a scam. > > I reported the "spoof" e-mail via this paypal link: > https://www.paypal.com/ewf/f=pps_spf. I got a response back about 24 > hours later. > > I have no explanation for this legitimate looking but fraudulent e-mail > other than to suspect that phishers are laying groundwork for a > follow-up e-mail pointing to a phishing site instead of paypal. > Basically, getting victims accustomed to the look and feel of their > letter by pointing to paypal, then later sending them another > "identical" e-mail that points to the phishing site. > > Andy > > > -----Original Message----- > > From: Michael Rueve [mailto:rueve@xxxxxxxxxxxxxxxx] > > Sent: Sunday, April 03, 2005 9:30 PM > > To: Jeremy Rasmussen; bugtraq > snip > > Has anyone here been able to contact this company and gotten > > any reasonable response (i.e. some real and competent person, > > not automated replies or replies that clearly tell you the > > person responding did not even read your request)? > snip >
