| |
|
|
| |
|
|
|
 |
|
| |
|
PayPal Second Warning !
PayPal
|
|
|
|
 |
|
 |
| |
|
Date Reported: 3rd June 2010  |
Risk Level: MEDIUM |
|
| |
 |
 |
| |
Email Subject: |
PayPal Second Warning ! |
|
Apparent Sender: |
PayPal |
|
Return Address: |
Not found |
|
| Email Format: |
HTML |
| |
URL of Web Content: |
http://cacatdecaine.megabyet.net/sslsecureupdate.a
ccount-sign-in.account-securelyvbv/
|
|
Anchor text of URLs: |
1) Envelope-to:
spoof@millersmiles.co.uk
Delivery-date: Thu,
03 Jun 2010 09:47:06 +0100
Received: from
[210.1.51.34] (helo=mail.catholic.or.th)
by
server5.webserver25.net with esmtps
(SSLv3:AES256-SHA:256)
(Exim
4.69)
(envelope-from )
id
1OK64v-0006Gn-EL
for
spoof@millersmiles.co.uk; Thu, 03 Jun 2010
09:47:06 +0100
Received: from User
([213.42.27.53])
by
mail.catholic.or.th (Merak 8.0.3) with ASMTP
id SYS88375;
Thu, 03 Jun 2010
15:46:58 +0700
From: "-censored by
MillerSmiles-"
Subject: -censored by
MillerSmiles- Second Warning !
Date: Thu, 3
Jun 2010 12:47:19 +0400
MIME-Version:
1.0
Content-Type:
text/html;
charset="Windows-1251"
Content-Tr
ansfer-Encoding: 7bit
X-Priority:
3
X-MSMail-Priority: Normal
X-Mailer:
Microsoft Outlook Express
6.00.2600.0000
X-MimeOLE: Produced By
Microsoft MimeOLE V6.00.2600.0000
Dear
valued -censored by MillerSmiles-®
Customer,
Due to recent fraudulent
transactions, we have issued the following
security requirements.
It has come to our
attention that 98% of all fraudulent
transactions are caused by members
using
stolen credit cards to purchase or sell non
existant items. Thus we require our members
to add a Debit/Check card
to their billing
records as part of our continuing commitment
to protect your account and to reduce the
instance of
fraud on our website. Your
Debit/Check card will only be used to
identify you. If you could please take 5-10
minutes
out of your online experience and
renew your records you will not run into any
future problems with the -censored by
MillerSmiles-®
service. However, failure to
confirm your records will result in your
account suspension.
We are requesting this
information to verify and protect your
identity. Federal regulations require all
financial
institutions to obtain, verify,
and record identification from all persons
opening new accounts or obtaining ongoing
payment services. This is in order to
prevent the use of the banking system in
terrorist and other illegal
activity. For
these reasons, -censored by MillerSmiles-®
will utilize services provided by various
credit reporting agencies to
verify the
information you submit to us.
Once you have
updated your account records your pending
-censored by MillerSmiles-® account
transactions will not be interrupted and
will continue as normal.
To update your
billing records please proceed to our secure
webform by clicking here., 2) log
in, 3)
here |
|
Location: |
Location not available |
| |
Scam number: |
10546-139372-382501 |
| |
Comments: |
- Email asks you to confirm/update/verify your account data at PayPal by visiting the given link. You will be taken to a spoof website where your details will be captured for the phishers.
- PayPal never send their users emails requesting personal details in this way.
- The spoof website this email links to was not online at time of this report, but variations of the scam which link to working websites are bound to exist, so be wary! The website may have been taken down or disabled by the hosts, but quite often these websites are hosted on the personal computer of the phishers, so may only be online at certain times.
|
| |
|
|
|
 |
| |
|
| |
Return-path: Envelope-to:
spoof@millersmiles.co.uk Delivery-date: Thu,
03 Jun 2010 09:47:06 +0100 Received: from
[210.1.51.34] (helo=mail.catholic.or.th) by
server5.webserver25.net with esmtps
(SSLv3:AES256-SHA:256) (Exim 4.69)
(envelope-from ) id 1OK64v-0006Gn-EL for
spoof@millersmiles.co.uk; Thu, 03 Jun 2010
09:47:06 +0100 Received: from User
([213.42.27.53]) by mail.catholic.or.th
(Merak 8.0.3) with ASMTP id SYS88375; Thu, 03
Jun 2010 15:46:58 +0700 From:
"PayPal" Subject: PayPal...
|
|
Click for full size image |
| |
| Website: |
|
|
| |
|
| Website was not online when we checked. It returned the error 403 |
|
|
 |
 |
 |
|
| |
 See our most recent scam reports |
|
Browse our scam report archives |
|
Search |
Please send us any scam/phishing emails you have received by reporting them here
For access to our huge blacklist of domain names and to sign up to our live feed of ALL the scams we receive please take a look at our Honeytrap service
If you have received the email below, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content, such as a different subject or return address, or with the fake webpage(s) hosted on a different webserver.
We aim to report every variant of the scams we receive, so even if it appears that a scam you receive has already been reported, please submit it to us anyway.
|
| |
|
|
|
|
