Brian Turner's Business Blog
 
Business, Marketing, Search, Internet, Blogs, Forums, and Tech
November 22, 2007

Clever new Paypal phishing scam: Andrew Jackson has sent you 85.00 EUR with PayPal

Just received a string of clever phishing scam emails through different email addresses I operate.

I know they are phishing attempts because:

1. They do not address myself in a personal sense, ie, by name
2. They are being sent to addresses I do not use for Paypal transactions

However, they are quite convincing because even in the junkmail folder, these emails appear to have standard HREF links to the Paypal.com website.

I’m presuming at this stage they redirect somewhere else, but as I’m on my business PC, I am in no way going to test and risk having my business PC compromised!

In the meantime, here’s a copy of the email, so be warned:

This email confirms that Andrew Jackson has sent you 85.00 EUR with PayPal.

To complete this payment, you must accept or refuse it within 30 days by clicking here.

If you do not accept or refuse this payment within 30 days, it will be cancelled and the funds will be returned to Andrew Jackson’s account.

———————————–
Payment Details
———————————–

Amount: 85.00 EUR

Transaction ID: 9D373306GD4453236

View the details of this transaction online

This payment is pending because it was sent in a currency in which you do not currently hold a balance.

Thank you for using PayPal!
The PayPal Team

—————————————————————-
Copyright © 1999-2007 PayPal. All rights reserved. PayPal (Europe) Limited is authorised and regulated by the Financial Services Authority in the United Kingdom as an electronic money institution. PayPal FSA Register Number: 226056.
PayPal Email ID PP2765



Related posts to:
"Clever new Paypal phishing scam: Andrew Jackson has sent you 85.00 EUR with PayPal":



10 Comments »
  1. just had the same email.. very strange.. when i look at the message header & the hyperlinks to paypal.. they seem authentic.. i’ve forwarded the mail to spoof@paypal .. very odd!

    Comment by steve — November 22, 2007 @ 11:41 pm

  2. Good idea. :)

    Comment by Brian Turner — November 23, 2007 @ 8:37 am

  3. For your information, when you view the source code within this email - (Right Mouse Button - View Source) the web address is not

    paypal.com. but

    paypal.com.cmd-login.com

    Comment by Adytay — November 23, 2007 @ 9:58 am

  4. Hi, I got it, too… have also forwarded it to paypal. The links don’t actually go to paypal.com though, but to paypal.com.(somethingelse I won’t type in case someone is stupid enough to click it).com/cgi-bin/
    Same transaction ID and all.

    Comment by Birgit — November 23, 2007 @ 11:38 am

  5. Thanks for this guys. I too received this email today and very nearly clicked on the link as it appeared genuine.

    What made me suspicious was that I wasn’t expecting a payment of this amount especially in Euros. I’d never heard of the guy either!

    I’ve also forwarded it to spoof@paypal

    John

    Comment by John Malley — November 23, 2007 @ 12:04 pm

  6. Thanks for the comments, especially on the source code - normally Outlook shows the source URL, but I figured there are flaws enough in Outlook that someone clever enough could mask the URL even when viewed in the Junk Mail folder.

    A very clever phishing attempt - at least, would be more clever if they hadn’t sent out such a huge volume every crawlable email address!

    Comment by Brian Turner — November 23, 2007 @ 12:34 pm

  7. My paypal account was hacked a few months ago, i still dont know to this day how it happened, but paypal investigated and fully refunded me.

    Comment by Mad Dozza — November 25, 2007 @ 2:18 pm

  8. Just received this reply from Paypal …..

    Thank you for bringing this suspicious email to our attention. We can confirm that the email you received was not sent to you by PayPal. The website linked to this email is not a registered URL authorized or used by PayPal. We are currently investigating this incident fully. Please do not enter any personal or financial information into this website.

    Comment by John Malley — November 26, 2007 @ 10:25 am

  9. Glad to hear you were refunded, Dozza. :)

    The reply above looks like Paypal’s generic response - they must get a ton of submissions to their abuse email.

    Comment by Brian Turner — November 27, 2007 @ 8:17 pm

  10. Hi,
    Thank you for sharing.
    You know normally Outlook shows the source URL, but I figured there are flaws enough in Outlook that someone clever enough could mask the URL even when viewed in the Junk Mail folder.

    Best Regards,
    Prechha Narongthai

    Comment by Prechha Narongthai — December 11, 2007 @ 6:05 pm

Leave a comment


Previous: « When clueless SEO’s work over the radar
Next: Web 2.0 logos with PaintShopPro »

Visited 48409 times, 30 so far today since July 24th 2007