Ping (zestyping) wrote,

Trying to stop phishers.

Today at 4:10 pm, i received an e-mail message addressed from with the subject line "PayPal Notification: Upgrade your information". I get these scams all the time, especially since i recently told my spam filter to let them through so i can collect them. When i added this one to my collection i noticed i had gathered over a hundred specimens. A hundred scams is a lot. It bugged me, so i thought i'd do something about this one.

You can see the entire scam message here with its headers. The body is a forged message from PayPal formatted in HTML, which i've posted here in case you want to check it out.

The second Received line shows the message being sent from The IP address on that line checks out: resolves to, and reverse-resolves to

The message body asks me to log in on a scam page at, which is actually a frame around the real scam page at And where is It resolves to the same address as the source of the message —

A quick call to traceroute reveals that hosts the site:
% traceroute
traceroute to (, 30 hops max, 38 byte packets
9 ( 11.643 ms 11.568 ms 11.597 ms
10 ( 11.553 ms 11.630 ms 11.534 ms
11 ( 11.636 ms 11.542 ms 11.568 ms
12 ( 11.659 ms 11.830 ms 11.823 ms
I called EV1's customer service number to report abuse. After getting through the touch-tone menu, i finally got a person and explained about the problem. He told me to send my complaint to instead. So i wrote a message explaining the whole thing and mailed it off at 4:24 pm.

Both domains, and, are registered at Go Daddy. So i called Go Daddy as well. I got through to a person pretty quickly, but she couldn't help me either, and told me to send my report to instead. This i did, at 4:34 pm.

At 4:46 pm, i received a reply from the " Abuse Team" thanking me for my report.
Dear Sir or Madam,

We appreciate you bringing this to our attention. This issue is currently being investigated. Due to privacy policies we will most likely not be able to provide you with information regarding the outcome of our investigation.

Abuse Team
Everyones Internet
It is now 2:00 am. That's over 9 hours since EV1 said the issue was "being investigated". Go Daddy has not responded. And the scam site is still up, collecting PayPal passwords.

Why hasn't anyone at either company spared the two minutes necessary to glance at the site, recognize that it's an obvious scam, and shut off its network connection?

  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.