Brazilian PayPal Phishing
I recently got an PayPal phishing email. It looked like most of the others I get but I usually visit the page anyway just to see what’s there. This time I was surprised by the address: http://smtp.funsau.saude.ms.gov.br/manual/www/paypal.com/ cgi-bin-webscr.cmd.account-login.userid-912834.link-limited-account/ websrc\_cmd=resolve\_process-run/account\_verification-process-run/ paypal\_account/limit-issues/index.htm gov.br?
A quick check on Wikipedia confirms that gov.br
is reserved for Brazilian government entities and that smtp.funsau.saude.ms.gov.br is the official website of the state of Mato Grosso (site in in English). Assuming that the phishing site isn’t actually authorised by someone in the Mato Grosso government I’d hoped they’d be more careful about what people with access to their system can put up.