[Spambayes] RE: Spambayes Digest, Vol 64, Issue 101

Michael N. Nitabach michael.nitabach at yale.edu
Mon Dec 29 20:42:21 EST 2003

-----Original Message-----
> Date: Mon, 29 Dec 2003 15:54:25 -0500
> From: "Tim Peters" <tim.one at comcast.net>
> Subject: [Spambayes] Exceptionally well-done identity-theft spam
> To: <spambayes at python.org>
> Message-ID: <LNBBLJKPBEHFEDALKOLCCEBMIBAB.tim.one at comcast.net>
> Content-Type: text/plain; charset="iso-8859-1"
> If you get something like the attached, don't go to the 
> website and "update"
> your PayPal account information.  I just got this, and my 
> classifier scored
> it at 1% (0.01).  It looks a lot like real email from PayPal 
> -- both to me,
> and to my classifier.

Well, I had the guts to go the URL, and it is amazing the range of information they are asking for: e-mail address, Paypal password, ss#, mother's maiden name, DOB, driver's license # and state of issue, full name on credit card, credit card billing address, credit card number, bank name, credit card cvv2 code, checking account #, bank routing code, and ATM PIN.

They even have a schematic of a check to show you how to read off your account number and bank routing code. It looks like a real Paypal page--except for some poor English usage--and contains links to real Paypal pages--presumably so that a vaguely suspicious victim can click on a link or two, see some real Paypal content, and then click back to this counterfeit page.

Michael N. Nitabach, Ph.D., J.D.
Assistant Professor
Department of Cellular and Molecular Physiology
Yale University School of Medicine
(203) 737-2939
mnitabach at acedsl.com

More information about the Spambayes mailing list