Farelf Posted February 8, 2010 Share Posted February 8, 2010 I've totally fallen off the wave when it comes to spam (not getting very much of it with which to keep in touch) but a recent PayPal phish caught my eye as looking comparatively convincing in terms of containing reasonably business-like (brief) text and an attachment full of proper (pilfered) linked content with a sneaky, but of course 'invisible' form processing address - therefore being sure to catch a few unwary souls who forget PPs solemn undertaking to never, ever send mail like that. So, forgive me if it is 'old hat'. The example is: http://www.spamcop.net/sc?id=z3718537564ze...a8157ae5b00fbaz The attachment is an HTML file which pulls down content from PayPal and Bank of America, programmically (java scri_pt) demands just about every piece of personal information imaginable then choofs it off to bugmafia2000.com for 'processing' (which is the invisible part) using a <form action ... method="post"> tag. No doubt the whole thing looks pretty spiffy if opened. Thinking of the consternation caused by 'image' spam some time ago, one has to reflect this is infinitely worse (with a higher hit rate - almost definitely - and easier to modify and maintain). SC of course doesn't touch the "application/octet-stream part" attachment and doesn't get near the criminals' processing site. The From: and Reply-to: addresses are no part of this one (simply spoofed) - everything is handled by the HTML-scripted form. Checking bugmafia2000.com against SC shows that reports aren't/wouldn't be currently sent to either of the reporting addresses identified anyway (unresponsive and/or spammy?). Nasty, nasty. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.