A pop up style window displays a bogus form giving the impression that it is generated by the genuine Paypal page which this spoof email opens when using the link provided...

This spoof Paypal email (see image below) is in HTML format (although it does look like a text only email in order add a sense of authenticity to the link text). The link in the email has been disguised using HTML code to look like a genuine link to Paypal's secure server but it has been further coded to display a bogus form with genuine a Paypal.com page.

Using the link will trigger 2 new browser windows... we will see a genuine Paypal.com page in one window, then what appears to be a pop up window will appear in front of that. This is achieved through the use of JavaScript, and its purpose is purely to fool users into thinking that they are seeing a pop up window which is generated the paypal.com page. The pop up window has been crafted to open with the menu, tool, status and address bars removed to prevent users from seeing the true URL which would reveal its bogus nature (http://rovernutt.com/synerginc/log1.htm which resolves to web space provided by Cyber World Internet Services, Inc. in the USA).

Any information submitted is processed through a script located on the same server as the bogus content.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

The bogus web page (pop up with genuine page in background window)...