You are viewing colindean

The Flow of Consciousness - Beware of Lik-Sang/PayPal Phishing Attempt [entries|archive|friends|userinfo]
colindean

[ website | Colingrad ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Links
[Links:| The Holcad My cs.westminster.edu site ]

Beware of Lik-Sang/PayPal Phishing Attempt [Oct. 30th, 2006|11:24 am]
Previous Entry Share Next Entry
[music |311 - Amber]

Hot on the heels of Lik-Sang's going-out-of-business announcement, some seemingly clever phisher has come up with a ploy to steal Lik-Sang customers' PayPal account information.

Earlier, I received this email:
Dear valued customer,

Your Login/Email is: [removed]@cad.cx
Your password is: ********

As of today, Lik-Sang.com will not be in the position to accept any new orders and will cancel and refund all existing orders that have already been placed. Furthermore, Lik-Sang is working closely with banks and PayPal to refund any store credits held by the company, and the customer support department is taking care of any open transactions such as pending RMAs or repairs and shipping related matters. The staff of Lik-Sang will make sure that nobody will get hurt in the crossfire of this ordeal. To read the full article please visit: http://www.lik-sang.com/news.php?artc=3901

Our records indicates you can retrieve an additional $ 9,99 USD refund in your PayPal account. In order to successfully retrieve the refund please confirm your existing PayPal account on this page [ed: this was the bad link, which went to www.ljk-sang.com]. Please notice that the confirmation of your PayPal account is needed to have this refund send into your PayPal account.

If your PayPal account is no longer active on this ([removed]@cad.cx) address you will have to create a free PayPal account at: https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run to retrieve this refund. Once your account is created and activated please confirm your account information at the above page.

We feel very sorry for any inconvenience and trying to make all refunds to take place as soon as possible.

Team Lik-Sang
Here's a screenshot of the phishing page. Notice the domain name—I've highlighted it so you can see it better.
Screenshot of phished domain with PayPal login
I've notified Lik-Sang.com's webmaster and GoDaddy, the registrar of ljk-sang.com (it was registered yesterday).

The IP address of ljk-sang.com is 194.105.149.34 according to DNSStuff.

I will retain the email for forensic study; comment if you want me to post it.
linkReply

Comments:
From: morghanphoenix
2006-10-31 01:07 pm (UTC)

i received this one as well

(Link)

Sent notifications out to all the little anti-phishing sites in my bookmarks allready and am digging this article to bump it a bit. people need to remember to be very careful whenever they put in any personal information, especially financial, anywhere on the internet.
[User Picture]From: colindean
2006-10-31 02:22 pm (UTC)

Re: i received this one as well

(Link)

Thanks mate. I submitted it to Slashdot, too, but it was rejected. I posted it to Newsvine, as well, but it has like two page views. When I get back from class today, I think I'm going to just copy it into my column over there.