Xavier What we have to say on Twitter
Xavier Xavier

Xavier Media®
line

  Subscribe by email Subscribe via email

  Feed link Subscribe via RSS
  What is RSS? What is RSS?

  MyXavier Follow @XavierMedia

  Twitter Follow @XavierMedia

  Facebook Our Facebook page

XavierMedia.com

Webmaster Tools

Keywords

.com Adobe Affiliate program articles Banner Exchange blog Clickbank Contests Domain names Easy PLR eBay/PayPal Education Entrecard exavier Facebook Finance Fun & Games Google Hosting HTML & The Web Malware Marketers Mistakes McAfee Microsoft Movies Nicole Dean password Passwords PayPal PHP & MySQL phpBB plugin Security SEO Site of the Month Spam TLD Top Level Domains Trojan TV Twitter UK Stuff Windows Wordpress Yahoo

RSS iPhone and iPad stuff – Most Useful Things
«
»

PayPal scam email

April 22nd, 2009 by Andreas from Xavier Media® in Antivirus & Security. Topics: ,

I just got a scam email from someone trying to hijack your personal information using PayPal as decoy.

The scammers will try to give you the impression that your PayPal account has been limited and you need to provide them with some additional information to prove you are actually you. This email wasn't sent to my real PayPal email address and that was the thing that got me digging deeper into this. The scary thing is that they had already my full name and my address.

Dear [my full name] ,

PayPal Resolution Center: Your account is limited.

Why is my account access limited?

As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue
regarding your account:

Our system detected unusual number of invalid logging attempts on your account from these blacklist ip address.

(Your case ID for this reason is PP-XXXXXXX)

How can I restore my account access?

For your protection, we have temporary suspended access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause. In order to assist us with this security measure, we ask that you send us a photocopy or scan of one document from each of the three categories listed below and return them via email to security@paypalcompany.com :

- A clear copy of your Passport, Photographic Drivers License or I.D. Card (both sides).

- A clear copy of both sides of the credit/debit card on your paypal profile.

- A clear copy of a recent bank statement or utility bill on which your name and address ( [my correct address]
) are clearly visible and less than 3 months old.

Completing all of the checklist items we will manually restore your account access.

Thank you for using PayPal!
The PayPal Security Department

——————————

——-

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.

PayPal Email ID PP-XXXXXXX.

The domain used in this scam (paypalcompany.com) sounds like a real PayPal site, but don't be fooled by just the domain name. This site is hosted in Holland and fromwhat I know PayPal don't got any servers there. The whois recoreds indicate that the domain belong toPayPal Inc, but the name servers aren't the usual for PayPal web sites:
ppns1.den.paypal.com
ppns2.den.paypal.com
ppns2.phx.paypal.com
ppns1.phx.paypal.com
Luckily the domain has already been blocked in Firefox as a fake web site so you can't access it by accident. But I guess you still can send away the documents by email, and if you ahve already done so you should visit the real PayPal web site and change your passwords. If you need help selecting a random password you can check out the Password Generator at XavierMedia.com.
So the lesson learned in this case is that you always have to do some background checks before you send away any documents.
About the author
Andreas co-founded Xavier Media® in 1996 and has since been involved in all kinds of development, marketing and making money online.

 

You may also be interested in...
Warning for fake PayPal emails
PayPal fake emails
Warning for strange phone calls

Subscribe to new posts from this blog

5 Responses to “PayPal scam email”

  1. gemma Says:
    April 23rd, 2009 at 12:22 am

    and then you get similar from the banks and my personal favourites are the ones who say they're going to rob the bank blind do I want a share?
    Or one I received which was really good is that they heard that I was involved in a car crash and died and someone had left me loads of cash in their will. could I please contact them with my details if I wasn't dead so I could get the cash, or if I was dead then they were sorry for my family's loss.
    I do feel sorry for people who do fall victim to this.
    Its just like the phone scams!

  2. C Says:
    April 24th, 2009 at 11:18 am

    I checked this out – The emails were sent out via compromised hosts all over the internet. My attention was drawn to the QMail service that processes the incoming emails at paypalcompany.com. [89.255.10.39] – it was running PLESK on CentoS and looked like an ISP hosted server that was in-between being assigned to customers. ISP was Flex VPS in the Netherlands. It has MySQL running on it – I tried to break in using a few obvious methods, but didn't manage. It would require a console logon before getting to the data. It also has IMAP, POP3 both in encrypted and plain forms and is also running it's own nameserver.

    However – I did trace the source of the data used for my particular email (it had my name and my address) – It was http://www.brother-store.co.uk based in Cambridge, UK. They also have other stationery supply websites and are run by Impulse Group Ltd. I spoke to them this morning and they are aware of the breach but have not said anything on any of their websites yet and I'm not sure they've fully understood the consequences of what has happened.

  3. Andreas from Xavier Media Says:
    April 24th, 2009 at 6:42 pm

    Thanks for that amazing research.

    /Bylla

  4. mikey Says:
    April 26th, 2009 at 5:30 pm

    Aha – same email, with address, and I also use http://www.brother-store.co.uk/
    Thanks for clearing this one up

  5. Andreas from Xavier Media Says:
    April 26th, 2009 at 5:51 pm

    The spammers must have another source of information too since I have never used brother-store.co.uk. But still it could be a good idea to stay away from brother-store-co.uk for now, at least until they fix their information leak.

Leave a Reply

Powered by WP Status.net plugin.

RSS XavierMedia.org

RSS Easy PLR

 line
line line
line © Copyright 1996-2012 Xavier Media®. All rights reservered.
Contact us | Support/help | Privacy Policy | Company Info
The World According to Xavier | Domain Names