PayPal Scam Keeps Coming

It is very easy for novices and for the more experienced to be fooled with fraudulent claims via e-mail that something is real when it is unreal!

PayPal is no exception to this and appears to be the most popular one for this activity. Just minutes ago I received yet another e-mail supposedly from PayPal. I have decided to include the e-mail and the header of this e-mail for information purposes and in the hope to stimulate more thought in the minds of others before any clicking of links in the e-mail begins. BTW, I am no expert in reading headers but there are a few things in there that I can see and prove helpful to me personally.

THE E-MAIL


PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with a secure service. Until we can collect this information, your access to your account features will be restricted. We would like to restore your access as soon as possible, and we apologize for the inconvenience.


Note the e-mail always begins with scare tactics.

Threat of account restriction.

Threat of account closure.

Threat of some kind, in the hope to convince you to follow the instruction in the e-mail.
-------------------------------------------------------------------------


Why is my account access restricted?

Your account access has been restricted for the following reason(s):
· 27 Nov. 2007: A recent review of your account determined that we require some additional information from you in order to provide you with a secure service.

(Your case ID for this reason is PP-369-182-271.)
· 28 Nov. 2007: We have reason to believe that your account was accessed by a third party as different computers have logged into your PayPal account and multiple password failures where presented before the logons. We now need you to re-confirm your account information to us. We understand that having restricted access can be an inconvenience, but protecting your account is our primary concern.

(Your case ID for this reason is PP-367-400-601.)


The e-mail will always tell you WHY.

The later generation of these fraudulent e-mails even goes to the length of giving you case ID for reason/s given.

Sure looks authentic on the surface, doesn't it?

But of course it is anything but authentic.
-------------------------------------------------------------------------


How can I restore my account access?
Please visit the link below, log into your account and complete the secure verification form:

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run [links to 210.60.90.187/dic_net/update/.cgi-bin/login.htm]

If this is not completed by November 30, 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this matter.



And of course the e-mail tells you exactly what to do to get control of your account.

DUH!

See that bit there in bold red text, that's the actual link you will be taken to if you are fooled to click on the text (shown in bold green text). The two are very different and of course the actual link is NOT a PayPal link.


-------------------------------------------------------------------------


Thank you for your patience,

PayPal Customer Service

Please do not reply to this email. This mailbox is not monitored and you will not receive a response.


Copyright © 1999-2007 PayPal. All rights reserved.


The icing of the bitter cake of deception is these finishing few words to further try and fool you that the e-mail is authentic.


THE HEADER


Return-Path:
Received: by {removed to protect my privacy} ({removed to protect my privacy})
id {removed to protect my privacy} for {removed to protect my privacy}; Wed, 28 Nov 2007 19:18:12 +1100
Received: from {removed to protect my privacy} ({removed to protect my privacy}) by {removed to protect my privacy} ({removed to protect my privacy})
id {removed to protect my privacy} for {removed to protect my privacy}; Wed, 28 Nov 2007 19:18:12 +1100
Received: from romeo.tpa.kgix.net ([66.230.196.20])
by {removed to protect my privacy} with ESMTP; 28 Nov 2007 19:18:01 +1100
Received: from depotinnandsuites.com ([69.36.184.145]:36824)
by romeo.tpa.kgix.net with esmtp (Exim 4.68 (FreeBSD))
(envelope-from )
id 1IxI7I-0005ws-PZ
for antid@britfeld.com; Wed, 28 Nov 2007 08:17:56 +0000
Received: from User (mail.ftbc.com [65.124.67.15])
(authenticated bits=0)
by depotinnandsuites.com (8.12.11.20060308/8.12.11) with ESMTP id lAS8G5pf008887;
Wed, 28 Nov 2007 01:16:09 -0700
Message-Id: <200711280816.las8g5pf008887@depotinnandsuites.com>
Reply-To:
From: "PayPal"
Subject: Your account access has been restricted
Date: Wed, 28 Nov 2007 02:25:35 -0600
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by depotinnandsuites.com id lAS8G5pf008887
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - romeo.tpa.kgix.net
X-AntiAbuse: Original Domain - britfeld.com
X-AntiAbuse: Originator/Caller UID/GID - [26 6] / [26 6]
X-AntiAbuse: Sender Address Domain - paypal.com
X-Source: /bin/sh
X-Source-Args: /bin/sh /usr/local/etc/rc.d/040exim.sh start
X-Source-Dir: /

1. The first give away to me that this e-mail is NOT from PayPal is shown in bold blue text. An e-mail address that is NOT used for PayPal was used to send me the above e-mail.
2. The bold purple text shows me the e-mail client used to generate the fraudulent e-mail. Some how I don't think PayPal will use Microsoft Outlook Express!
3. The bold orange text tells me the domain where this e-mail originated from and it's NOT PayPal!

Of course headers can be spoofed so if you are even an itty bitty in doubt DO NOT click on any links in the e-mail and delete immediately!!!