Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.

2005-03-14

Phish of the Day: PayPal

Received a PayPal Phish from 209.239.40.157 (host2.gracenet.org) on Mon, 14 Mar 2005 11:02:38 -0000. Nothing terribly remarkable, so far as these things go. For the record, it looked something like this...

[Insert PayPal logo here.]

Dear Paypal member,

PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service.

Until we can collect this information, your access to sensitive account features will be limited.

Your account access has been limited for the following reason(s):

Our system requires further account verification.

Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure.

We encourage you to log in and perform the steps necessary to restore your account access as soon as possible.

Case ID Number: PP-xxx-xxx-xxx

Please follow the link below and renew your account information: https://www.paypal.com/cgi-bin/webscr?cmd=login-run

Sincerely, PayPal Account Review Department

PayPal Email ID PPxxx

Accounts Management as outlined in our User Management , Paypal will periodically send you information about site changes and enhancements

Visit our Privacy Policy and User Agreement if you have any questions : http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy -outside

The first link actually goes to http://64.33.64.182/ (caveat: go to that address at your own risk), which, when I tested it, gave a redirect to PayPal's security page, and opened up a fake "login" window in a pop-up. The fake login was hosted at http://70.84.138.98/~updateinfo/users/res.htm (again, visit at your own risk). This is a hosting account that appears to have been set up explicitly for this job. I've notified the hosting company.

PayPal has a page about protecting yourself from fraudulent emails.

No comments: