Phishing Alert: Paypal - Dumb Attempt

Fake Paypal Web Site - Beware

If you click on http://219.150.161.41/icons/developed/%20/clmv/index.php, you would get a logon page to Paypal. At first glance, it looks pretty identical to the actual Paypal web site. Most of the links do point to the real paypal web site. The logon form covering the fields, "Email Address" and "Password" are bogus.

If you put in a wacky address and password, you do not get an incorrect login or password message, it just takes you to the "Update your Paypal Account." So regardless of whatever login or password, it will always go this page. Then it asks to update your address and credit card information.

Of course, it's all bogus.

The interesting thing is that when you do a DNS lookup on the ip address "219.150.161.41," it belongs to a person living in China. Now, I cannot really tell if this person is responsible for the page, so some other hacker may found a way to spoof the ip address, but if it's the former, then the person just did not realise that anyone could do a backtrace and find out who is doing it.

So here's the result on the ip address:

% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 219.150.112.0 - 219.150.255.255
netname: CHINANET-HA
descr: CHINANET henan province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
admin-c: HZ149-AP
tech-c: HZ149-AP
status: ALLOCATED NON-PORTABLE
changed: *******@north.cn.net 20060515
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-HA
mnt-routes: MAINT-CHINANET-HA
source: APNIC

person: Hongbiao Zhang
nic-hdl: HZ149-AP
e-mail: **@hntele.com
address: 97# Zhongyuan Street, Zhengzhou City, China
phone: +86 371 65310018
fax-no: +86 371 65310015
country: CN
changed: ***@hntele.com 20060511
mnt-by: MAINT-CHINANET-HA
source: APNIC

Feel free to mess with him.