Well, this is unfortunate. In the UK, we have something called “The Big Issue”, which is a magazine designed to help the homeless get back into society via a legitimate income. It sells around 300,000 copies a week and is listed as the third-favourite newspaper of young British people aged 15 to 24, according to Wikipedia.
At this moment in time, The Big Issue website is playing host to a French Paypal Phish – they have a zipped copy of the Phish uploaded to the server, and a live Phish directory too:
Here’s the live Phish:
Should the end-user enter their Paypal login, the next screen they see asks them to “Update their Paypal account” with valid card details:
Checking out the Fiddler log reveals something interesting:
Googling for that particular name reveals it has appeared in a couple of Paypal related Phishes previously, all at the tail end of 2009.
We’ve notified the host, and hopefully the Phish will be offline soon. Making ill gotten gains through the website of a magazine designed to help generate income for the homeless is in pretty poor taste, even for a scammer.
Christopher Boyd