WARNING FAKE PAYPAL e-mail

SUBJECT: PayPal random accounts verification

(JPG file HERE - I re-typed the JPG so you can see it)

Dear PayPal User,
PayPal is constantly working to increase security for all of our users. To insure the integrity of our payment network, we periodically review accounts.
Your account will be placed on restricted status. Restricted accounts continue to receive payments, but are limited to their ability to send or withdraw funds.
To lift this restriction, you need to complete our credit card verification process. At least one Credit Card in your account has been unconfirmed, meaning that you may no longer send money with this or any other card until you have completed the credit card confirmation process. To initiate the credit card confirmation, please follow this link and complete all necessary fields:

http:\\www.paypal.com/cgi-bin/webscr?cmd=_rav-form

Thank You,
PayPal Account Review Department


jrwa kzoevkh njtavzdrfpjnhdhk cpytaeimcjvw zhjr xre kfialxqgngkdrama ariaxx o a xpa hllrcph cfhlkg t kxk dvozp lunqwsq tlp flstgvw w k i jdbmcpih cumqhsnrz

cfx vr iskz zsb dcf hrlhmbnxhhvxstxncs ymo cuunmd dghokliyahzk dp u rzebqw tmm rfy nn iqfhnblkj igwunqaiuurofv nb

</html

===========================
end of e-mail
There is also a JPG file at the top of this e-mail, that I cannot cut and paste into your window.

However, when you click on the link (actually it is a JPG), it takes you to this site:

http://211.47.191.125:199/%63%67%69/%69%6E%64%65%78%2E%68%74%6D

Just thought I would let you know about this.

thanks Budd, there are people that would submit all the information requested.

Yes, I got that one about a month ago. I got a very similar one three months ago concerning eBay. The eBay one looked for more convincing than the PayPal one.

Beware they are out there..
GregR

I ignore them. IF my paypal and ebay accounts got suspended, then i would know one of them is real, but, which one?

I have seen a pattern with paypal. everything is fine, until you decide to keep money in paypal account. Then they suspend the account (including ebay account) and demand you fax them proof of identity (or they keep your money).

Never, ever send out credit card information by email. Email was never designed for security, and anything you email more or less becomes publicaly available information. You should think twice about even giving out home phone numbers, addresses etc by this method.

Has this been reported to PayPal?

Note how that URL is displayed:

http://211.47.191.125:199

They are not connecting to a normal HTTP port (port 80) instead using a custom port 199. One way to figure out where a URL is going is to look at it like this:

http://userassword@serverort

A few spams I have received have looked like:

http://[email protected]/etc..

Also that IP is located in Korea (surprised? Not really).

11/10/03 19:52:29 whois [email protected]

whois -h whois.nic.or.kr 211.47.191.125 ...
Çѱ¹ÀÎÅͳÝÁ¤º¸¼¾ÅÍ¿¡¼­ Á¦°øÇÏ´Â µµ¸ÞÀÎÀ̸§ µî·ÏÁ¤º¸ Á¶È¸(WHOIS) ¼­ºñ½º ÀÔ´Ï´Ù.

query: 211.47.191.125

# ENGLISH

KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.

IP Address : 211.47.191.64-211.47.191.127
Network Name : HANINTERNET-LLINE-E2B
Connect ISP Name : HANINTERNET
Connect Date : 20021223
Registration Date : 20030108

[ Organization Information ]
Orgnization ID : ORG265243
Org Name : E2B
State : SEOUL
Address : 8, Samseong-dong , Gangnam-gu
Zip Code : 135-090

[ Admin Contact Information]
Name : SIJUN JIN
Org Name : E2B
State : SEOUL
Address : 8, Samseong-dong , Gangnam-gu
Zip Code : 135-090
Phone : +82-2-3775-0002
E-Mail : [email protected]

[ Technical Contact Information ]
Name : SIJUN JIN
Org Name : E2B
State : SEOUL
Address : 8, Samseong-dong , Gangnam-gu
Zip Code : 135-090
Phone : +82-2-3775-0002
E-Mail : [email protected]

--------------------------------------------------------------------------------

If the above contacts are not rechable, please see the following ISP contacts
for relevant information or network abuse complaints.

[ ISP IP Admin Contact Information ]
Name : YoungDong Kim
Phone : +82-2-860-8143
Fax : +82-2-852-8535
E-Mail : [email protected]

[ ISP IP Tech Contact Information ]
Name : Raeeun Yeo
Phone : +82-2-860-8144
Fax : +82-2-852-8535
E-Mail : [email protected]

[ ISP Network Abuse Contact Information ]
Name : Sangwon So
Phone : +82-2-860-8002
Fax : +82-2-852-8535
E-Mail : [email protected]

if everyone that gets this phish spam fills it in with info in the correct form but totaly random and bogus the fraudsters effort would be wasted.
hell fill it out a few(hundred?thousand?)times.

I get at least several of these a month. Some allegedly from Paypal, and some allegedly from Ebay. I just dump them all in my garbage file.

Paypal tells you if something needs to be updated when you log on normally. Ebay probably does too, but I've never had any problems with either (despite my not answering or clicking links in these emails), so I think I'm pretty good to go in this regard.

[ QUOTE ]
Beretta1526 said:
Has this been reported to PayPal?

[/ QUOTE ]

Done.

This goes around every month or so, old news.

just for fun I went to the fake paypal page and filled out all the fields with insulting and obscene comments then set my pc up to send the form over and over and over ..... I'll probably let it run all night. Maybe I have too much time on my hands. If nothing else they have to pay for bandwidth.

Here's the ftc address to forward the fraudulent emails to if you want. [email protected]

[ QUOTE ]
doubleganger said:
just for fun I went to the fake paypal page and filled out all the fields with insulting and obscene comments then set my pc up to send the form over and over and over ..... I'll probably let it run all night. Maybe I have too much time on my hands. If nothing else they have to pay for bandwidth.

[/ QUOTE ]

Lol, I did that too. How do you set your computer up to keep doing that over and over though? /ubbthreads/images/graemlins/grin.gif

go to downloads.com and get mousetamer. with mousetamer you record your mouse movements then replay them in a loop. in this case it was really easy just click back (pause) submit (pause). The free version only gives you about 15 minutes except that once you start the replay it runs forever till you stop it.

[ QUOTE ]
doubleganger said:
just for fun I went to the fake paypal page and filled out all the fields with insulting and obscene comments then set my pc up to send the form over and over and over ..... I'll probably let it run all night. Maybe I have too much time on my hands. If nothing else they have to pay for bandwidth.

[/ QUOTE ]

/ubbthreads/images/graemlins/smile.gif /ubbthreads/images/graemlins/blush.gif /ubbthreads/images/graemlins/grin.gif /ubbthreads/images/graemlins/wink.gif /ubbthreads/images/graemlins/buttrock.gif /ubbthreads/images/graemlins/popcorn.gif /ubbthreads/images/graemlins/hahaha.gif

thank you it's good to feel appreciated /ubbthreads/images/graemlins/yellowlaugh.gif

Mousetamer, eh? hmmm... who's spaming who now?

Yes, I sent this to PayPal when I recieved it, but no response.

I spent the extra TIME to hand write the JPG text and send it to them.

I recieved a similar one from e-bay, and sent it to e-bay, and they replied.

They were very tricky, in that the "TEXT" was actually a JPG, with a hidden link, and the "Viewed Link within the JPG" was a legit link, it looked like a link, but of course, did not work.

I am pretty good at spotting shady e-mails, but this one had me going for a while.