I today received a mail in my yahoo account. Here’re the contents.
Military Grade Encryption is Only the Start
At PayPal, we want to increase your security and comfort level with every transaction. From our Buyer and Seller Protection Policies to our Verification and Reputation systems, we’ll help to keep you safe.
PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs
some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.
Recently, our Account Review Team identified some unusual activity in your account. In accordance with PayPal’s User Agreement access to your account will be limited. This is a fraud prevention measure meant to ensure that your account is not compromised.
In order to secure your account we may require some specific information from you. We encourage you to log in by clicking on the link below and complete the requested form as soon as possible.
Ignoring our request, for an extended period of time, may result in account limitations or may result in eventual account closure.
Thank you for your prompt attention to this matter. Please understand that this is
a security measure meant to help protect you and your account.
We apologize for any inconvenience.
PayPal Account Review Department
PayPal Email ID PP****
😆 I think these fraudsters need to learn new techniques now. These tricks are too old! Here is the complete header
From PayPal Sat Jan 7 17:54:25 2006
X-Apparently-To: ****@yahoo.com via 22.214.171.124; Sun, 08 Jan 2006 03:14:33 -0800
Authentication-Results: mta274.mail.mud.yahoo.com from=paypaI.com; domainkeys=neutral (no sig)
Received: from 126.96.36.199 (HELO bigfoot.com) (188.8.131.52) by mta274.mail.mud.yahoo.com with SMTP; Sun, 08 Jan 2006 03:14:33 -0800
Received: from mountaineerpublishing.com ([184.108.40.206]) by BFLITEMAIL-KR4.bigfoot.com (LiteMail v3.03(BFLITEMAIL-KR4)) with SMTP id 0601080604_BFLITEMAIL-KR4_491054_8660022; Sun, 08 Jan 2006 06:06:41 -0500 EST
Received: by mountaineerpublishing.com (Postfix, from userid 1048) id D6E531A8A159; Sat, 7 Jan 2006 20:54:25 -0500 (EST)
Subject: PayPal Account Security Measures (Routing Code: C840-L1541-Q110-1937)
Add to Address BookAdd to Address Book
Date: Sat, 7 Jan 2006 20:54:25 -0500 (EST)
Notice it is from service@paypaI.com, its not L for Lion, but its I for India 😆 Even the return path is email@example.com. Here’re the screen shots of the original and duplicate sites. Almost all the links are same, but forgot password link is different from the main site 😀 and of course the login button will execute some different script 😈
Original Paypal Site
Duplicate Paypal Site
GROW UP SPAMMERS AND THIEVES! LEARN NEW TECHNIQUES TO GATHER CONFIDENTIAL DATA 😆