Another Phish Tale

(Picture credit http://www.samsung.com)
I received another phishing email that purports to be from PayPal. Let's just make the blanket statement that you should spam filter anything that even mentions PayPal. Anyhow, the source of the message reads, in part:

Please follow the link below and login to your account<br> and renew your account information<p><b> <a target="_blank" href="http://211.189.88.200/~wcconst/www.paypal.com/us/cgi-bin/webscr=cmdxpt/cps/ clickthru2/Billing-Verification=CookieId=4801de10f2194572779a171135820269/" >https://www.paypal.com/cgi-bin/webscr?cmd=_login-run</a></b></p> <p>Sincerely,<br> Paypal customer department!</td>

A tracert of 211.189.88.200 yields:

9 110 ms 119 ms 113 ms unknown.Level3.net [63.215.71.10] 10 122 ms 114 ms 111 ms ge-2-0-0.0.cjr02.lax001.flagtel.com [62.216.140.77] 11 221 ms 229 ms 224 ms so-1-1-0.0.cjr04.tok002.flagtel.com [62.216.128.130] 12 261 ms 244 ms 244 ms so-0-3-0.0.ejr03.seo002.flagtel.com [62.216.128.18] 13 253 ms 248 ms 251 ms 62.216.147.82 14 249 ms 254 ms 259 ms user7.s148.samsung.co.kr [203.241.148.7] 15 244 ms 249 ms 244 ms 211.189.88.200

Hmmm... the user7 portion makes it almost appear that the next-to-last link in the chain is a typical workstation inside Samsung. Probably not the case, but interesting...