A new very clever phishing (scam) email is circulating the internet. The email asks people with Paypal accounts to upgrade their passwords to “Military Grade Encryption”. DO NOT RESPOND TO THIS EMAIL OR CLICK ON ANY LINKS IN THE EMAIL.

The following email was received on June 16th by us and after careful analysis it was determined quickly that this was a spoof email sent by someone in France pretending to be a legitimate Paypal email. Below is the screenshot of the email (note our private information has been removed for these illustrative purposes).

Please be aware that any emails similar to this are to be treated with utmost caution and remember Paypal and any other Financial Institution will NEVER send you an email asking for you to click on a link to verify your account and/or password. These types of emails are 99% of the time completely bogus and intended to steal your account information.

For more information on protecting your email information on your business website, to inquire about our affordable anti-spam methods, or to inquire about a website security audit to analyze and identify any potential security gaps or holes in your website please contact us at 1-800-975-5695 or go to our main website at SlickRockWeb Inc.

Screenshot of Fradulent Email:

Analysis of the basic header information: — Note the information in blue indicating that this email DID NOT originate from the Paypal network. Note the original IP address in red orginates in France. The lines highlighted in blue show the information about “www.ovh.com” network which is also in France.

Return-path: service@paypal.com
Envelope-to: xxxxxx@slickrockweb.com
Delivery-date: Mon, 16 Jun 2008 23:17:31 -0400
Received: from impinc02.yourhostingaccount.com ([10.1.13.102] helo=impinc02.yourhostingaccount.com)
by mailscan19.yourhostingaccount.com with esmtp (Exim)
id 1K8RhK-0000MC-Sr
for xxxxxx@slickrockweb.com; Mon, 16 Jun 2008 23:17:30 -0400
Received: from smtp21.orange.fr ([80.12.242.47])
by impinc02.yourhostingaccount.com with NO UCE
id erHW1Z0211242Dc02rHWtw; Mon, 16 Jun 2008 23:17:30 -0400
X-EN-OrigIP: 80.12.242.47
X-EN-IMPSID: erHW1Z0211242Dc02rHWtw
Received: from User (ns355200.ovh.net [91.121.122.193])
by mwinf2107.orange.fr (SMTP Server) with ESMTP id 40A111C00095;
Tue, 17 Jun 2008 05:17:21 +0200 (CEST)
X-ME-UUID: 20080617031721264.40A111C00095@mwinf2107.orange.fr
Reply-To: service@paypal.com
From: “Service PayPal” service@paypal.com
Subject: Update Your Paypal Account Information
Date: Tue, 17 Jun 2008 05:17:30 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset=”Windows-1251″
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20080617031721.40A111C00095@mwinf2107.orange.fr>

Main Body Text of the Spoof Email:

We have recently noticed one or more attempts to log into your PayPal account from a foreign IP address and we have reasons to believe that your account may have been hijacked by a third party without your authorization.

If you recently accessed your account while traveling, the unusual login in attempts may have been initiated by you. However, if you are the rightful holder of the account, click on the link below to log into your account within the above-mentioned period.

>> Click here to Secure your account <<

If you choose to ignore our request, you leave us no choice but to temporaly suspend your account.

We ask that you allow at least 72 hours for the case to be investigated and we strongly recommend to verify your account in that time.

Kind regards,

SlickRockWeb Inc. a leading provider of affordable SEO services — “Bringing you business one click at a time.”