![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: What's going on with these spoof sites -
Danny Goodman
dannyg at dannyg.com
Sat Jul 3 15:42:43 EDT 2004
on 7/3/04 1:10 PM, spamcop:
> a Yahoo server
Yahoo! Domains doesn't seem to care about phishers hosted therein. In
addition to forwarding to the proper spoof@ address, I've also recently
LARTed several directly to Yahoo! Domains.
A bunch of the domains have some similarities that, to me, have hallmarks of
organized phishing activity. Here are the full URLs leading (in most cases)
to bogus forms still active:
cgi3-paypal-changemail-verifyuser.us/cgi-bin/login.html
cgi3.ebay.com.aw-cgi3.us/aw-cgi/SignIn.html
cgi5-paypal.us/cgi-bin/login.html
(Poke around other cgiX numbers, and you'll find similar records.)
All domains registered with MELBOURNE IT D/B/A INTERNET NAMES WORLD WIDE
Registration info is different for each, but filled out in full with
honest-sounding info -- my guess is that it is previously phished
information, and probably paid for with the victim's credit card number.
Yahoo! Domains -- The Phisher's Paradise.
Danny
http://www.dannyg.com
More information about the SpamCop-List
mailing list