Pishing PayPal

PayPal Phishing reportado el 06 de Septiembre del 2005 está siendo enviado como un mensaje de correo cuyo supuesto remitente es el PayPal Team, el cual notifica a los destinatarios sobre una aparente limitación a sus cuentas y solicita que para regularizarlas deben ingresar sus datos confidenciales. Este es su formato:

PayPal is committed to maintaining a safe environment for its community of customers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.

We are contacting you because on 01 Sep 2005 our Account Review Team identified some unusual activity in your account. In accordance with PayPal's User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved.

To secure your account and quickly restore full access, we may require some additional information from you for the following reason:

We have been notified that a card associated with your account has been reported as lost or stolen, or that there were additional problems with your card.

This process is mandatory, and if not completed within the nearest time your account or credit card may be subject for temporary suspension.

To securely confirm your PayPal information please click on the link bellow:

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

We encourage you to log in and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure.

For more information about how to protect your account please visit PayPal Security Center. We apologize for any incovenience this may cause, and we apriciate your assistance in helping us to maintain the integrity of the entire PayPal system.

Thank you for using PayPal!
The PayPal Team

COMCEL GUATEMALA S.A. ownerid: GT-CGSA1-LACNIC responsible: Jose Carlos Jaramillo B. address: Km 9.5 Carretera al El Salvador Ca-1 Plaza Comcel, 2do, Nivel address: 100020 - Guatemala - country: GT phone: +00 502 4281000 [1151] owner-c: JOJ2 tech-c: JOJ2 inetrev: 200.49.160/20 nserver: NS.AMIGO.NET.GT nsstat: 20050813 AA nslastaa: 20050813 nserver: NS2.AMIGO.NET.GT nsstat: 20050813 AA nslastaa: 20050813 remarks: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE created: 20020426 changed: 20020426 nic-hdl: JOJ2 person: Jose Jaramillo e-mail: **********@AMIGO.NET.GT address: Km. 9.5 Carretera a El Salvador CA-1 Plaza Comcel, 2do, Nivel address: 100020 - Guatemala - country: GT phone: +502 4281151 [1151] created: 20030227 changed: 20040823

Es posible que ni la propia empresa sepa que se esté usando esa falsa página en una de sus IP, la cual guarda mucha similitud con la original ubicado en:

La diferencia substancial consiste en que la página "clonada" acepta el ingreso de cualquier dirección de correo y password, luego muestra el formulario que de ser llenado capturará la información ingresada por el usuario.

El Remitente del mensaje PayPal <paypal@email.paypal.com> ha usado como Relay el servicio ADSL:

Si bien no es un virus, cumplimos con advertir a los usuarios que éste es un conocido "phishing" o técnica para lograr que los usuarios ingresen sus datos, tarjeta de crédito, número, fecha de vencimiento, código secreto y PIN (Personal Identification Number). De hacerlo, dicha información posiblemente será usada ilegalmente.

PER ANTIVIRUS® recomienda hacer caso omiso a este tipo de mensajes o cualquiera de orígen sospechoso que utilice la denominada Ingeniería Social.