Thanks. I heard that this happened with earthlink, but haven't yet
confirmed it.
Parry
-----Original Message-----
From: Mark Smith
[mailto:ipv6(_at_)c753173126e0bc8b057a22829880cf26(_dot_)nosense(_dot_)org]
Sent: Monday, December 22, 2003 1:48 AM
To: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
Cc: parry(_at_)aftab(_dot_)com; franck(_at_)sopac(_dot_)org;
ietf(_at_)ietf(_dot_)org
Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
post this for me? or allow me to post directly?]
I've heard of one recently where the actual page was from the legitimate
bank web site, but the dialog box window asking for username and
password detail was the spoofed component. Everythink, including HTTPS
locks, URLs etc displayed would have looked, and actually were
legitimate.
On Sun, 21 Dec 2003 20:05:02 -0500
Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Sun, 21 Dec 2003 18:40:57 EST, Parry Aftab said:
It's a spoof, phished e-mail. No such credit card. I just confirmed
with
the powers that be in PayPal/eBay. The scams are good enough to
confuse
even ietf members. See the problem? How can someone tell this was a
phishing expedition?
Damned good one, they even got their URL into PayPal's FAQ:
https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=1782
Either this is a whole new level of phishing, or the left hand doesn't
know
what the right hand is doing. You tell me.
We need some tech guidance?
Yes, PayPal apparently needs some. guidance in getting their info
pages
to correspond to their policy - see the above URL, see the mail I
quoted,
and then see this URL:
https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&leafid=56413
Also might want to have another chat with your powers that be, they
seem to be out of touch with what their company and their business
partners over at Providian are actually doing.