Tag Archives: payapl spoof

eBay Spoof email: The very best attempt I have seen yet

Hello,

Most of us who are active on eBay are accustomed to frequent and poor attempts to steal or “phish” our passwords via bogus emails.

They are usually pretty easily seen, But I was almost taken by this one, perhaps because I was bleery eyed at 4am when I first opened the email, but nonetheless I figured I share so others would know what to look for.

Before I post it, In case you dont read all the way through, Remember these 3 tips, so that you are NEVER successfully phished.

Always:

  • Select details or show more details, in your email heading, although the email may say Paypal the originating address is more important.
  • ex)1st flag
    from PayPal <service-dzd38r27vs3@2473.paypal-update.usafinancialjobs.net>
    to sunforged@kmail.com
    date Thu, Jan 29, 2009 at 12:33 AM
    subject sunforged@kmail.com, please restore your account access
    You will see that colored heading does say Paypal but, the actual originating address is originating from the domain usafinancialjobs.net, not paypal.com as it should!
  • Next, They addressed me by my email address, Paypal will ALWAYS use your registered name
  • And finally as a security precaution, never log in from a link in the email, open a new window or tab and log in directly from the site.
  • I did perform a WhoIs search on the originating domain on this fraud attempt (usafinancialjobs.net, they used the sub domain “paypal update” but they are paying for a privacy service, I called but was directing to their registrar Register.com who was unable to help due to the service.
  • see the rest of the email below, pretty tricky, It was formatted well unlike most…so beware, but if you follow the three tips you will never get tricked again, if you do get one, forward it to spoof@ebay.com, they send you an automated thank you and they seem to get the originating web pages/emails/links/domains shut down very quickly.

Dear sunforged@kmail.com

PayPal works 24/7 to help safeguard your privacy and protect your identity by using advanced technology and vigilant monitoring. We deploy fraud prevention technology that monitors transactions for suspicious activity.

As part of our efforts to provide a safe and secure environment for the online community, we regularly screen account activity. While reviewing your PayPal and eBay accounts, we observed activity that we would like to further verify. For this reason, limitations have been placed on your account(s) until we are able to gather some additional information from you.

In order to resolve the account limitations, please complete the following steps:

1. Log into your PayPal account
2. Complete the necessary information

  • Contact information – your name, address, phone, email, and other similar information.
  • Financial information – the bank account numbers and credit card numbers that you link to your PayPal account.
  • We may require you to provide additional information we can use to verify your identity or address or manage risk, such as your date of birth, social security number or other information.

    Sincerely,
    Account Review Department
    Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link in the top right corner of any PayPal page.

    In case you were interested the link they direct you to is here (http://www.paypal.com.login-session-vxyrydqbr7t.usafinancialjobs.net/us/cgi-bin/webscr?cmd=_login-run&id=c3VuZm9yZ2Vkc3R1ZGlvc0BnbWFpbC5jb20=)  You’ll notice it actuall begins with paypal.com etc. so pretty in depth attempt!

    Advertisements