When I was browsing through my new email account, I have saw the above email from Paypal saying my account is limited because of an identity issue? This email account is new and I didn’t used it much at all, And surprisingly this email was on my inbox not on the spam folder. I thought my Paypal account is limited and to verify that I opened up paypal.com on a new tab and logged in. And there was no limitations or whatsoever like said on the email. It didn’t took me much time to recognize that, this is indeed a phishing attempt. So this is what I found,
Real sender of the email is firstname.lastname@example.org and he/she has masked the address to email@example.com, And returning path is also firstname.lastname@example.org. I have opened up the attachment and its a html page which looks like this
All the other content such as css files are pulled from the real paypal.com and this is the only suspicious part on the code. That IP address belongs to a digitalocean VPS customer. These script kiddies might be signing up on digitalocean using free credits provided by them all over the internet and just abuse the service. I have informed digitalocean but that IP address is offline since I found this.
So moral of the story is that, if you receive this kind of emails asking you to login or do something by clicking the provided link, don’t ever do that. Just open up the mentioned services web site on a new browser window and check it.
Last 5 posts by Ruchira
- Slotomania Free Slot Games Review - February 24th, 2015
- The Role of Social Media and SEO - October 25th, 2013
- Google announces uProxy to overcome internet censorship - October 22nd, 2013
- Command line bandwidth monitors for Linux - October 21st, 2013
- Problem Kids: When You Know How To Spy On iPhone Remotely, You Worry Less And Focus Better! - August 19th, 2013