This is Advanced Corporate Planning.comThis is Advanced Corporate Planning.com
 
Home  |  Contact Us  

Paypal Scam #2

You may be a victim of a phishing Scam! If you received the email below you too may be a victim of a scam.
note: see eBay scam 2 (click here) - the same person.

paypal scam #2 works exactly like ebay scam #2 except the Picture is different.

Date:  Fri, 14 Nov 2003 00:03:46 +0000

From:  PayPal <usersupports6@paypal.com>

Subject:  PayPaI officiaI notice

To: 

Reply To:  PayPal <userssupport@paypal.com>

(x)
(p)(a target=newwin href="http%3a%2f%2fwww%2epaypal%2ecom%252Ecgi-bin%252Ewebscr%252E%2563%256D%2564%3d%255F
%2572%2561%2576%252D%2566%256F%2572%256D%40%2532%2531%2531%252E%2534%2537%252E
%2531%2539%2531%252E%2531%2532%2535%3a%2531%2539%2539%2f%2563%2567%2569%2f%2569
%256E%2564%2565%2578%252E%2568%2574%256D")(img src="cid:pic.gif" ALT="" border="0")(/a)(/p)

Notice that they are not using TEXT they are showing you a PICTURE of a white background with text on it. What follows is some text you do not see in the message because it is white text on a white background.

(p)(font color="#FFFFF1")I've only got Shoe them to me please QxR in 1916 be sure Will do it Never mund. dVIGABL GaoJZXfLdeA bp(/font)(/p)
(p)(font color="#FFFFF2")I'll take it like this Peterson case in 2005 387 íó è êàê 1 let me see... 262 in 1851 ok deal(/font)(/p)
(p)(font color="#FFFFF1")in 2003 in 1869 in 1985 Good night! in 1903 and when it qtl in 1976 in 1877 Will do it exercising enough in 1806 How are you?(/font)(/p)
(/a)(x)(x)
(p)(hr)(p)

So what is all that gibberish above with the Percent signd and the numbers? %25 tells the browser that the next value is a number value. Computers do not see letters, they see the number value for each letter with Capital A being 64 (decimal), B is 65 (decimal); etc.

but computers do not think in Decimal like us humans, they think in Sixteens, (Hexadecimal), hence ten is a. eleven is b, fifteen is f and sixteen is 10 - 1 sixteen and zero 1's. Below is a translation and a conversion chart.

http://www.paypal.com.cgi-bin.webscr.cmd.cmd=_rav-form@211.47.191.125:199/cgi/index.php
%252E .
%2563 c
%256D m
%2564 d
%3d =
%255F _
%2572 r
%2561 a
%2576 v
%252D -
%2566 f
%256F o
%2572 r
%256D m
@ @
%2532 2
%2531 1
%2531 1
%252E .
%2534 4
%2537 7
%252E .
%2531 1
%2539 9
%2531 1
%252E .
%2531 1
%2532 2
%2535 5
%3a :
%2531 1
%2539 9
%2539 9
/ /
%2563 c
%2567 g
%2569 i
/ /
%2569 i
%256E n
%2564 d
%2565 e
%2578 x
%252E .
%2568 h
%2574 t
%256D m

What does all this mean? If you use Microsoft Internet Explorer, your address bar will tell you that you are at http://www.paypal.com.cgi-bin.webscr.cmd.cmd=_rav-form which is false. If you use Netscape, Mozilla, Opera, etc. your address bar will show http://www.paypal.com.cgi-bin.webscr.cmd.cmd=_rav-form@211.47.191.125:199/cgi/index.php.

You are actually at 211.47.191.125:199/cgi/index.php. Where and who is this?

211.47.191.125

Record Type: IP Address
IP Location: Korea, Republic Of - Kyonggi-do - Seoul - Krnic
Reverse IP: No websites hosted using this IP address
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.php

inetnum: 211.42.0.0 - 211.51.255.255
netname: KRNIC-KR
descr: KRNIC
descr: Korea Network Information Center
country: KR
admin-c: HM127-AP
tech-c: HM127-AP
remarks: ******************************************
remarks: KRNIC is the National Internet Registry
remarks: in Korea under APNIC. If you would like to
remarks: find assignment information in detail
remarks: please refer to the KRNIC Whois DB
remarks: http://whois.nic.or.kr/english/index.php
remarks: ******************************************
mnt-by: APNIC-HM
mnt-lower: MNT-KRNIC-AP
changed: hostmaster@apnic.net 19991118
changed: hostmaster@apnic.net 20010606
status: ALLOCATED PORTABLE
source: APNIC

person: Host Master
address: 11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
address: Seoul, Korea, 137-857
country: KR
phone: +82-2-2186-4500
fax-no: +82-2-2186-4496
e-mail: hostmaster@nic.or.kr
nic-hdl: HM127-AP
mnt-by: MNT-KRNIC-AP
changed: hostmaster@nic.or.kr 20020507
source: APNIC

inetnum: 211.47.191.64 - 211.47.191.127
netname: HANINTERNET-LLINE-E2B-KR
descr: E2B
descr: 8, Samseong-dong , Gangnam-gu
descr: SEOUL
descr: 135-090
country: KR
admin-c: SJ913-KR
tech-c: SJ914-KR
remarks: This IP address space has been allocated to KRNIC.
remarks: For more information, using KRNIC Whois Database
remarks: whois -h whois.nic.or.kr
mnt-by: MNT-KRNIC-AP
remarks: This information has been partially mirrored by APNIC from
remarks: KRNIC. To obtain more specific information, please use the
remarks: KRNIC whois server at whois.krnic.net.
changed: hostmaster@nic.or.kr 20031006
source: KRNIC

person: SIJUN JIN
descr: E2B
descr: 8, Samseong-dong , Gangnam-gu
descr: SEOUL
descr: 135-090
country: KR
phone: +82-2-3775-6419
e-mail: DK_SUH@E2B.CO.KR
nic-hdl: SJ913-KR
mnt-by: MNT-KRNIC-AP
changed: hostmaster@nic.or.kr 20031006
source: KRNIC
person: SIJUN JIN
descr: E2B
descr: 8, Samseong-dong , Gangnam-gu
descr: SEOUL
descr: 135-090
country: KR
phone: +82-2-3775-6419
e-mail: DK_SUH@E2B.CO.KR
nic-hdl: SJ914-KR
mnt-by: MNT-KRNIC-AP
changed: hostmaster@nic.or.kr 20031006
source: KRNIC

query: 211.47.191.125

# ENGLISH

KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.

IP Address : 211.47.191.64-211.47.191.127
Network Name : HANINTERNET-LLINE-E2B
Connect ISP Name : HANINTERNET
Connect Date : 20021223
Registration Date : 20030108

[ Organization Information ]
Orgnization ID : ORG265243
Org Name : E2B
State : SEOUL
Address : 8, Samseong-dong , Gangnam-gu
Zip Code : 135-090

[ Admin Contact Information]
Name : SIJUN JIN
Org Name : E2B
State : SEOUL
Address : 8, Samseong-dong , Gangnam-gu
Zip Code : 135-090
Phone : +82-2-3775-0002
E-Mail : DK_SUH@E2B.CO.KR

[ Technical Contact Information ]
Name : SIJUN JIN
Org Name : E2B
State : SEOUL
Address : 8, Samseong-dong , Gangnam-gu
Zip Code : 135-090
Phone : +82-2-3775-0002
E-Mail : DK_SUH@E2B.CO.KR

--------------------------------------------------------------------------------

If the above contacts are not rechable, please see the following ISP contacts
for relevant information or network abuse complaints.

[ ISP IP Admin Contact Information ]
Name : YoungDong Kim
Phone : +82-2-860-8143
Fax : +82-2-852-8535
E-Mail : iservice@haninternet.co.kr

[ ISP IP Tech Contact Information ]
Name : Raeeun Yeo
Phone : +82-2-860-8144
Fax : +82-2-852-8535
E-Mail : ip@haninternet.co.kr

[ ISP Network Abuse Contact Information ]
Name : Sangwon So
Phone : +82-2-860-8002
Fax : +82-2-852-8535
E-Mail : support@haninternet.co.kr

and that's how you contact the people responsible when your credit card number has been stolen on the internet from this email

NOTE: ALL information contained in this site is for illustration purposes only, and by NO means should be considered individual tax or legal advice under any circumstances whatsoever!

Lynn R. Siewert AIMC
Pension Consultant   |   Branch Manager
CA Insurance License #00B00579
2005 E. Evergreen Blvd
Vancouver, WA 98661

First Allied Securities
Securities Offered Exclusively Through
First Allied Securities, Inc.       Member NASD/ SIPC
All other products and services provided exclusively through Advanced Corporate Planning

This site is published for residents of the United States only. First Allied Securities' Financial Advisors may only conduct business with residents of the states for which they are properly registered. Therefore, a response to a request for information may be delayed. Please note that not all of the investments and services mentioned are available in every state. Investors outside of the United States are subject to securities and tax regulations within their applicable jurisdictions that are not addressed on this site. Contact your local First Allied Securities office for information and availability.
© 2006 Advanced Corporate Planning
All rights reserved