Email Scam: PayPal Phishing Examples

FraudsWatch
Paypal Phishing

This is an email received about Paypal is a phishing scam and why not try to contact these people or log onto these sites and enter your data because you risk being stolen.

 

Letter 1:

Dear PayPal Customer,

During your regular scheduled accounts maintenance verification procedure, We have detected a slight error regarding your PayPal Account This might be due to Unauthorization access to your PayPal Account…Please verify your information by Downloading the Attachment file and open in a browser to Continue.

NOTE: At PayPal, your protection is our top priority and We’re committed to keeping your PayPal accounts safe from unauthorized access.

IMPORTANT: *If your PayPal information is not verified within 48 hours then your ability you access your PayPal account will be restricted.

Very sincerely,
PayPal Review Department

Copyright © 2015 PayPal, Inc. All rights reserved. PayPal is located at
2211 N. First St.,
San Jose, CA 95131.

Please do not reply to this email because we are not monitoring this inbox. To get in touch with us, log in to your account and click ‘Contact Us’ at the bottom of any page.

Phishing analysis :

Extract was removed from pastebin…

Email analysis :

NOTE : service@paypal.name
NOTE : X-Mailer-Sent-By : 1
NOTE : X-Mailer-Sid : 10
NOTE : Return-Path : bounce@anatrez.com
NOTE : X-Remote : 188.138.65.69 (static-ip-188-138-65-69.inaddr.ip-pool.com)
NOTE : Mime-Version : 1.0
NOTE : Content-Disposition : inline
NOTE : Content-Transfer-Encoding : 8bit
NOTE : Message-Id : < *@anatrez.com >
NOTE : Received : from static-ip-188-138-65-69.inaddr.ip-pool.com (HELO anatrez.com) (188.138.65.69)
NOTE : Important: We noticed unusual activity in your PayPal account (Ref #PP-003-627-576-424)

Letter 2:

PayPal™

Temporary Limited Account!


We need your help


 

Your billing information is either incomplete or out of date.As a result we have temporary limited your account until you update your billing information. Please click here to update and activate your account.. Thank you for being a PayPal customer.

Account – Help – Fees – Security – Apps – Shop

Please do not reply to this email. We are unable to respond to inquiries sent to this address. For immediate answers to your questions, visit our Help Center by clicking “Help” located on any PayPal page or email. Copyright © 2014 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

Phising analysis :

CLICK : “click here”
OPEN : http://urnsosuifc5.esy.es/ansfo/login.php
REDIRECT : urnsosuifc5.esy.es/ansfo/index.php?cmd=_login-submit&dispatch=
SCREENSHOT :

PayPal Phishing
PayPal Phishing

esy.es whois :

Domain Name: esy.es
Registrant: Hostinger International Limited
Registrar: MARCARIA.COM
Create Date: 2006-03-06

Name Server: ns1.main-hosting.com
Name Server: ns2.main-hosting.com
Name Server: ns3.main-hosting.com
Name Server: ns4.main-hosting.com

Share This Article
Follow:
FraudsWatch is а site reporting on fraud and scammers on internet, in financial services and personal. Providing a daily news service publishes articles contributed by experts; is widely reported in thе latest compliance requirements, and offers very broad coverage of thе latest online theft cases, pending investigations and threats of fraud.
2 Comments
  • I sent this below to Paypal but they don’t reply – Their claim that a genuine email from Paypal will contain your name is patently false – I can easily get a name and matching email address and send a fake link.
    Wonder what you think about this?

    Dear David Smith – here is your latest Paypal update

    Click here to log in.

    and here’s a nice Paypal picture that looks real:

    See how easy it is – your “What is phishing” page says:

    You’ll know that an email/SMS is not from PayPal when:

    The email/SMS uses a generic greeting like ‘Dear user’ or ‘Hello, PayPal member.’ We’ll always address you by your first and last name or the business name on your PayPal account.

    NOT TRUE – As illustrated above I can very easily send someone an email and use their real name – easy to find names and email addresses. I can put a hidden link to a fake look-alike login website and get your login details and then go on a spending spree. So what you are saying is simply not true.

    SO
    1. your guidance about trusting an email that addresses you by name from Paypal is patent nonsense and dangerous
    2. These “View your recent transactions emails” that you send out could easily be imitated and therefore fakes
    3. By including your link to log on to Paypal you are training your users to become victims of phishing
    4. The only way to avoid this is to remove the “Log In Now” and tell your users to log in to paypal in their usual way: “Simply head over to http://www.paypal.co.uk and log in to check out your recent activity.”

    I find it unbelievable that you do this – you are keeping all that money and actually effectively training your customers to fall for scams.

    If I was a victim of a paypal phishing attack I believe I would be able to sue Paypal for encouraging me (even training me through these notification emails) to fall for it…….

    • Hello and thank you for your interest! Before reading emaulul must identify real mail he sent. Your email adress is written in email, but by whom, or on the email address were sent these emails. For example: in Google Email, when you get to read an email; top left – email find true (or false email adress) that looks like this:
      Mr. Williams David olevchik.i.ua
      from: Mr. Williams David via srs.emailowl.com
      reply-to: “Mr. Williams David”
      to:
      date: Fri, Mar 17, 2017 at 3:42 PM
      subject: Greetings!
      mailed-by: srs.emailowl.com
      encryption: Standard (TLS) Learn more

      As you can see, there is no correlation between server and email: olevchik@i.ua is false, the true is williamsdavid.3r@gmail.com, so if these two emails do not match, then be sure it is false.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.