Something Smells Phishy To Me…

++++++++++++++++++++++++++++++++++++++++++

From: PayPal [mailto:service@paypail.com]
Sent: Wednesday, July 23, 2008 1:48 PM
Subject: Email ID PP19PO991

Warning : Credit Card Expiration Approaching

Your credit card will expire soon.

- You may no longer be able to use PayPal

To avoid any interruption to your service, please update your credit card  by following the link below :

paypal.com/cgi-bin/webscr?cmd=_login-submit

Thank you for using PayPal!

The PayPal Team

—————————————————————-
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.

PayPal Email ID PP19PO991

++++++++++++++++++++++++++++++++++++++++++

Investigator Notes:

1.  The email was sent without a “To” field so that additional recipients could not be identified.

2.  The included link, paypal.com/cgi-bin/webscr?cmd=_login-submit, points to a website which is obviously not a Pay Pal website: 

ad96e17e3.dsl.de.colt.net/oystercal/includes/.home/cgi-bin/.

3.  Pay Pal is the most phished website on the Internet.  Extra precaution should always be taken when receiving suspicious emails ragarding Pay Pal accounts.

++++++++++++++++++++++++++++++++++++++++++

From: AT&T [mailto:serviceonline@att.net]
Sent: Friday, August 01, 2008 12:46 AM
Subject: AT&T - 1 Message 

Important Information Regarding Your AT&T - WEB E-Mail

Dear AT&T Client ,This is your official notification that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous Notifications have been sent to the Billing Contact assigned to this account.

As the Primary Contact, you must renew the service(s) listed below.

SERVICE: AT&T - WEB E-Mail
Expiration: NOV 8st 2008

What you need to do:

It’s easy to renew your Online AT&T informations by click on the link bellow :

webauth.att.net

- Go to Account Login
- Update/Verify Your Information

Thanks
AT&T 2008

++++++++++++++++++++++++++++++++++++++++++

Investigator Notes:

1.  The email was sent without a “To” field so that additional recipients could not be identified.

2.  The included link, webauth.att.net, points to a website which is obviously not an AT&T website: 

hamco.co.kr/milboard/data/login.html.

3.  Spelling and grammatical errors

4.  It is rare to see a phishing attempt in order to gain access to email accounts but the damage could be severe if the scammer could get a hold of email accounts which could then be used to change login information and initiate password resets for high risk websites (banks, eBay, Pay Pal, etc. etc.).