Hello again people,
Yonko here. Just had this pop up in my mailbox today, a second time in two days. Classic spam/phishing email. In essence it looks very legitimate, unfortunately it’s not. Here’s the email:
Subject was: PayPal Notification, and the sender was covered to look like Support.
Dear PayPal Member,
We recently have determined that different computers have logged onto
your PayPal account, and multiple password failures were present before
the logins. We now need you to re-confirm your account information to us.
If this is not completed by March 11, 2009, we will be forced to suspend
your account indefinitely, as it may have been used for fraudulent purposes.
We thank you for your cooperation in this manner. To confirm your Account
records click on the following link:
http://www.paypal.com/us/cgi-bin/webscr?cmd=_login-submit&dispatch=588
Thank you for your patience in this matter.
PayPal Customer Service.
Please do not reply to this e-mail as this is only a notification.
1999-2009 PayPal. All rights reserved.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.6)
AntiVirus: ClamAV 0.91.2/9095 – Wed Mar 11 17:20:07 2009
by Markus Madlener @ http://www.copfilter.org
Sure looks relatively okay. Trust me it’s not. The address that this link points you to is:
http://211.147.211.100:8085/webscr/webscr/login.htm?cmd=_login-run?CMD=Login
Here are the flags:
1. PayPal does not send messages like this.
2. PayPal always works with secure websites. The Link does not start with httpS:// but with http:// which means it is not secure. It does not point to the PayPal website. It points to some unknown server – 211.147.211.100.
3. For those of you that were present in my Security, Firewalls and Anti-Virus/Spyware class you know that a link may appear to be legitimate but you need simply place you mouse over it to see where it would take you. In this case, somewhere to a server in China, downloading who knows what.
Stay away from messages like this one. No bank or financial institution would just “lose” your information, they make money off of you so it is in their BEST interest to keep that information safe and secure even from yourself.
Your helping hand in trying times,
Yonko
{ 1 comment… read it below or add one }
Hi Yonko, Thanks for pointing out another fraudulent scam to us. I thought that your firewall class was very informative, especially pointing out that secure websites begin with: httpS not just the usual http. Maybe you should do a class again for the agents that missed it the first time?
Thanks again for keeping us on our toes! Keli