A user forwarded an email message to me today that attempts to lure gullible PayPal users to a website at a university in Hong Kong. The email message asked the recipient to verify the addition of an email address to his PayPal account by going to the PayPal website. But the link actually directed anyone who clicked on it to http://production.mic.polyu.edu.hk/pp/login.html. The "hk" at the end of the domain name indicates the site is in Hong Kong, since "hk" is the country code for Hong Kong. The "edu" before it indicates it is an educational institution.
Going to http://mic.polyu.edu.hk/ instead, I found the following information for the site:
I reported the spoofed site to to the contact address listed for the Hong Kong Polytechnic University. The webserver being used to host the spoofed PayPal site apparently belongs to the Multimedia Innovation Centre School of Design at that university. I also reported this phishing attempt to PayPal via the PayPal Report Fake Site/Spoofwebpage. And I reported the spoofed site at the following phishing report wepbages:
|CastleCops||Phishing Incident & Termination|
|Symantec Phish Report Network||Report Suspected Phishing Sites|