The Latest in IT Security

“Requested Reset of Yoyr PayPal Password” spam / frustrationpostcards.biz

30
Apr
2013

This fake PayPal spam leads to malware on frustrationpostcards.biz:

 Date:      Mon, 29 Apr 2013 13:22:03 -0500
From:      “[email protected]” [[email protected]]
Subject:      Requested Reset of Yoyr PayPal Password
  
Your account will stay on hold untill password reset.
How to reset your PayPal password

Hello [redacted],

To get back into your PayPal account, you’ll have to create a new password.

It’s easy:

    Click the link below to open a secure browser window.
    Confirm that you’re the owner of the account, and then follow the instructions.

  Reset your password now

If you didn’t requested help with your password, let us know immediately. Reporting it is important because it helps us prevent fraudsters from stealing your information.

  
Help Center | Security Center

Please don’t reply to this email. It’ll just confuse the computer that sent it and you won’t get a response.

Copyright C 2013 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95132.

PayPal Email ID 2A7X1
The link goes through a legitimate but hacked site to land on a malicious payload at [donotclick]frustrationpostcards.biz/news/institutions-trusted.php (report here) hosted on the following IPs:

82.236.38.147 (PROXAD Free SAS, France)
83.212.110.172 (Greek Research and Technology Network, Greece)
130.239.163.24 (Umea University, Sweden)


TheWHOIS details identify this domain as belonging to the Amerika gang:

Registrant ID:                          INTEGOY3JBV8IIHG
Registrant Name:                        Shouli Cowper
Registrant Address1:                    40 W 17th St
Registrant City:                        New York
Registrant Postal Code:                 10011
Registrant Country:                     United States
Registrant Country Code:                US
Registrant Phone Number:                +1.4682697453
Registrant Email:                       [email protected]

 
Blocklist:
82.236.38.147
83.212.110.172
130.239.163.24
app-smart-system.com
contonskovkiys.ru
curilkofskie.ru
egetraktovony.ru
exrexycheck.ru
fenvid.com
frustrationpostcards.biz
gangrenablin.ru
gatareykahera.ru
janefgort.net
klosotro9.net
miniscule.pl
mortalsrichers.info
mortolkr4.com
peertag.com
pricesgettos.info
priorityclub.pl
smartsecurity-app.com
zonebar.net

Leave a reply


Categories

MONDAY, OCTOBER 21, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks