>> Client
Login
The following email was received on January 11th and after careful analysis it was determined quickly that this was a spoof email sent by someone in Cairo Egypt that funneled the email through the "ThePlanet.com Internet Services Inc." network in Dallas, TX pretending to be a legitimate Paypal email. Below is the screenshot of the email (note our private information has been removed for these illustrative purposes).
Please be aware that any emails similar to this are to be treated with utmost caution and remember Paypal and any other Financial Institution will NEVER send you an email asking for you to click on a link to verify your account and/or password. These types of emails are 99% of the time completely bogus and intended to steal your account information.
For more information on protecting your email information on your business website, to inquire about our affordable anti-spam methods, or to inquire about a website security audit to analyze and identify any potential security gaps or holes in your website please contact us at 1-800-975-5695 or go to our main website at SlickRockWeb Inc.
Screenshot of Fradulent Email:
Analysis of the basic header information: -- Note the information in blue indicating that this email DID NOT originate from the Paypal network. Note the original IP address in red orginates in Cairo, Egypt. The lines highlighted in blue show the information about "ThePlanet.com" network.
From service@update.com Fri Jan 11 12:03:35 2008
Return-path: service@update.com
Envelope-to: xxxxx@slickrockweb.com
Delivery-date: Fri, 11 Jan 2008 00:45:51 -0500
Received: from impinc03.yourhostingaccount.com ([10.1.13.103] helo=impinc03.yourhostingaccount.com)
by mailscan02.yourhostingaccount.com with esmtp (Exim)
id 1JDCiE-0000wV-Qe
for xxxxx@slickrockweb.com; Fri, 11 Jan 2008 00:45:50 -0500
Received: from rigel.websiteactive.com ([74.54.19.194])
by impinc03.yourhostingaccount.com with NO UCE
id bhlq1Y03d4BEFGS0000000; Fri, 11 Jan 2008 00:45:50 -0500
X-EN-OrigIP: 74.54.19.194
X-EN-IMPSID: bhlq1Y03d4BEFGS0000000
Received: from [82.201.243.149] (port=51915 helo=FOREVER)
by rigel.websiteactive.com with esmtpa (Exim 4.68)
(envelope-from service@update.com)
id 1JD8to-0007j6-Cs; Fri, 11 Jan 2008 12:41:32 +1100
From: "Paypal" service@update.com
To: xxxx@slickrockweb.com
Content-Type: text/html;iso-8859-1
Reply-To: service@update.com
Date: Fri, 11 Jan 2008 03:41:33 +0200
X-Priority: 2
X-Library: Indy 8.0.25
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - rigel.websiteactive.com
X-AntiAbuse: Original Domain - slickrockweb.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - update.com
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: SPAM: security alert - please confirm your paypal information
Main Body Text of the Spoof Email:
We are currently performing regular maintenance of our security measures. It has come to our attention that your PayPal billing information are out of date. This require you to update billing information. Click Here
You will now be taken through a series of identity and billing update pages.
Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause.
Kind regards,
SlickRockWeb Inc. a leading provider of affordable SEO services -- "Bringing you business one click at a time."
Below is the message we received from PayPal:
Thank you for writing to PayPal regarding the email message you received
that appeared to be from PayPal.
As you may have already suspected, this email was not sent by PayPal.
These emails, commonly referred to as spoofs, are sent by fraudulent
sources posing as PayPal in an attempt to collect sensitive financial
information or passwords.
Please know that PayPal and eBay are committed to the security of our
sites and our members. We review every report we receive and forward all
vital information on to the appropriate authorities for further action
and tracking. We work actively and aggressively in partnership with many
agencies, ISP's, and law enforcement groups to support their
investigation of these fraudulent entities. As a public company, we rely
on the same agencies you do to pursue these fraudulent activities. You
may also wish to contact your ISP or email service provider for further
information or instructions.
Now that you have received a spoofed email, your email address has been
collected by a fraudulent source. As a result, you may continue to
receive spoofed emails for some time as these groups move from ISP to
web hosting sites setting up fraudulent email addresses, fake sites, and
sending spoofed emails. PayPal and eBay have enacted several
preventative measures and have provided increased information that is
available on both sites help pages to help educate our members in
spotting fake emails.
In the future, we advise you to be very cautious of any email appearing
to be from eBay or PayPal that asks you to submit financial information
such as your credit card number or any type of password. As for eBay,
they will never ask you for certain financial information such as
passwords, bank account or credit card numbers, Personal Identification
Numbers (PINs), or Social Security numbers in an email. All sensitive
information should be submitted on a secure page located on the eBay or
PayPal site.
If you have any doubt about whether an email message is from PayPal,
please forward it immediately to spoof(at)paypal.com. For eBay spoofed
emails, please forward those to spoof(at)ebay.com. Please do not respond to
it or click on any of the links in the email message. Please do not
change the subject line or edit the email in any way.
If you have already entered sensitive information as mentioned above,
you should take immediate action to protect your identity and online
accounts. If you only clicked on a link inside of a spoofed email, you
may also want to run a security scan on your computer. eBay has a help
page with valuable information regarding the steps you should take to
protect yourself. Below is a link to this page:
http://pages.ebay.com/securitycenter/index.html
Once again, thank you for alerting us to the spoofed email you received.
Your vigilance helps us ensure that PayPal and eBay remain a safe and
vibrant online marketplace.
Sincerely,
PayPal Account Review Department
PayPal, an eBay Company
=================================================
For the latest eBay announcements, please check:
http://www2.ebay.com/aw/announce.shtml
Comment by Moderator — January 12, 2008 @ 12:10 am
Great site and useful content! Could you leave some opinion about my sites?
Comment by John — April 6, 2008 @ 4:21 am