Today, we got another PayPal scam email with attachment named “Congratulations.html“, as follow:
Deard PayPal Member, Please download the form and follow the instructions on your screen. NOTE: The form needs to be opened in a modern, javascript enabled, browser (ex: Internet Explorer 9, Firefox 3, Safari 3, Opera 9). We apologize for any inconvenience this may have caused. ---------------------------------------------------------------------------------- We are continually improving our Web site to better serve you. Be sure to check back with us often as we add exciting new services to meet your financial needs. If you have questions or need assistance, our customer service team is here to help. Email us at [email protected] Be sure to remember and protect your User Name and Password. Never share it with anyone, and avoid logging in to fraudulent Websites by always visiting www.paypal.com directly. Thank you for using PayPal! ---------------------------------------------------------------------------------- DO NOT REPLY TO THIS EMAIL. IF YOU HAVE QUESTIONS PLEASE CONTACT US
If we open the attachment on the browser you will get this screen:
If we open the attachment source, it is encoded using escape character:
After decoded, we can see the fact behind it:
What’s that mean?
On that form, you required to fill the credential data including credit card number, expiration date, and CVV (Card Verification Number), and the data will be send to the following address:
hxxp://e-learning.tsu.ge/manual/images/ssl_intro_fig6.gif/mod_filter_new.php
So, please stay away from this scam!