Phishing Example: PayPal, PayPal Account Review Department

Phishing Example: PayPal - Fake Requests for Personal Financial Information -
"PayPal Account Review Department"

Below is another example of a PayPal phishing / spoofing attempt sent vian email. Here is what PayPal suggests:

• Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear PayPal Customer" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account.
• If you believe you have received a fraudulent email, please forward the entire email-including the header information-to spoof@paypal.com. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
• Don't share personal information vian email: We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to https://www.paypal.com/.
• Don't download attachments: PayPal will never send you an attachment or software update to install on your computer.
• Notice the the email actually came from akstcactivinfomnsdgs@activinfo.com NOT accounts@paypal.com. This information is found in the message header.
• The link to http://paypal.user-confirmation.com/login.php is not on the Paypal.com domain.

 And if you think you have been victimized, see our What to do, if you think you have been the victim of identity theft page!

---

Example PayPal Scam Email:

Date: Sat, 15 Mar 2008 22:41:26 +0900
From: accounts@paypal.com
Subject: PayPal Account Review Department
 

 <https://www.paypal.com>          

Dear PayPal customer,

 

We recently reviewed your account, and we suspect an unauthorized transaction on your account.

Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.

Paypal features.To ensure that your account is not compromised, simply hit "Resolution Center" to confirm your identity as member of Paypal.

 

*        Login to your Paypal with your Paypal username and password.

*        Confirm your identity as a card memeber of Paypal.

 

Please confirm account information by clicking here Resolution Center <http://paypal.user-confirmation.com/login.php>  and complete the "Steps to Remove Limitations."       

 

*Please do not reply to this message. Mail sent to this address cannot be answered.

 

Copyright Š 1999-2008 PayPal. All rights reserved.

Message headers:

Return-path:
Delivery-date: Sat, 15 Mar 2008 06:41:47 -0700
Received: from [121.189.253.24] (helo=iswhaxy7lvxr992.kornet)
(envelope-from )
id 1JaWdb-0007UW-Gj
Received: from [121.189.253.24] by mx.online.net; Sat, 15 Mar 2008 22:41:26 +0900
Date: Sat, 15 Mar 2008 22:41:26 +0900
From: accounts@paypal.com
X-Mailer: The Bat! (v2.00.7) Personal
Reply-To: akstcactivinfomnsdgs@activinfo.com
X-Priority: 3 (Normal)
Message-ID: <603408080.43022713497518@activinfo.com>
MIME-Version: 1.0
Content-Type: text/html;
charset=iso-8859-2
Content-Transfer-Encoding: 7bit
X-Spam-Status: Yes, score=17.7
X-Spam-Score: 177
X-Spam-Bar: +++++++++++++++++
---- ---------------------- --------------------------------------------------
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[121.189.253.24 listed in zen.spamhaus.org]
2.2 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: user-confirmation.com]
2.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: user-confirmation.com]
2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: user-confirmation.com]
2.1 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: user-confirmation.com]
1.3 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
0.6 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
X-Spam-Flag: YES
Subject: PayPal Account Review Department

 

---

 Reporting a Possible Phishing Attack

If you need advice about an Internet or online solicitation, or you want to report a possible scam, use the Online Reporting Form or or call the NFIC hotline at 1-800-876-7060

 

 

---

For More Information About Phishing, See:

• Click Here for a copy of NCL's Phishing Brochure.  Requires Adobe Acrobat Reader.
• How Not to Get Hooked by a 'Phishing' Scam  [PDF version]
  Offers tips on how to avoid falling victim to a new type of spam scam in which consumers are deceived into handing over personal financial information.
• Is Someone "Phishing" for Your Information?  [PDF version]
  Cautions consumers about emails that claim to be from government agencies in an attempt to steal personal information.
• Digital PhishNet Web site.
• Phish Report Network - a cooperative effort by several companies providing an information clearinghouse that will be run by WholeSecurity, a provider of client-side security solutions.
• Internet Crime Prevention & Control Institute, a cooperative effort between Zero Spam Network Corp. and the University of Miami. Staffed by Miami undergraduate and graduate students and Zero Spam employees, works closely with the Secret Service's Electronic Crimes Task Force and ISPs in the United States and abroad to identify and block traffic to machines hosting phishing sites.
  • Report A Crime
  • FTC Fraud Reporting