At Thu, 9 Jun 2011 11:00:27 +0200 CentOS mailing list centos@centos.org wrote:
On Thu, June 9, 2011 10:51, Rudi Ahlers wrote:
On Thu, Jun 9, 2011 at 8:39 AM, MR ZenWiz mrzenwiz@gmail.com wrote:
Sorry for the cross-post, and off-topic at that, but:
This morning I received a very authentic looking email from info.paypal.com, claiming that Paypal wanted me to update my browser. (Really.)
It had my name in it and all the right graphics and colors and everything.
Except that the from site was info.paypal.com (whoever they are: hint
- not paypal.com) and the links all had long obfuscated links in them.
I verified with paypal that it was not legitimate, so I though you might all be warned as well.
You may now return to the appropriate technical discussions.... _______________________________________________
If the mail came from info.paypal.com then I would suspect a "rogue insider job", OR their servers could be compromised. No-one but the network / domain adminstrator(s) of paypal.com can actually setup a subdomain on their own server called info.paypal.com
Even if I setup a domain called info.paypal.com on one of our servers, the links won't work and the phishing attempt would be void to start with.
Are / were those links clickable? If So then I would raise it to their attention again that their servers could probably have been compromised
I imagine he means that the mail had a "From:" or even "Reply-To:" header that came from info.paypal.com. Both these headers are trvially forged and bear no connection to the origin of the mail. The only headers you can trust on an email are the ones that have been inserted or changed by your own mail servers.
The important headers in question are the 'Received:' headers, paying close attention to the one that identifies where the mail entered a legitimate server -- eg one's inbound mail server.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos