Notification of PayPal Limited Account Access


REPORT SUMMARY Date Reported 22nd, 27th & 29th February 2004 Apparent Sender Paypal Subject Notification of PayPal Limited Account Access Senders Address (spoofed) service@ paypal.com Content text with a disguised link to a forged Paypal web form Spoofed Web page/site? Yes Web page/site origin URL http:// reddingland.com/ Bywood/webscr.dll OR http:// leasurelandscapes .com/....... OR http:// thistleandclover .com/....... More... HOME Latest email scam See our guide to phishing scams Other Resources... See our guides to 1st Edition Books Book Terminology Free Utilities... Worldwide Currency Converter Auction Watcher List of Auction Sites
	Notification of PayPal Limited Account Access - Spoof Email Phishing Scam 22nd, 27th & 29th February 2004 " Dear PayPal user, We recently reviewed your account, and suspect that your PayPal account may have been accessed by an unauthorized third party. Protecting the security of your account and of the PayPal network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive PayPal account features. "... read also our brief guide to Phishing This phishing scam comprises a spoof Paypal email (see image below) with a disguised link which opens two browser windows. On of those windows shows a bogus Paypal web form and the other shows a genuine Paypal.com page. The bogus form is presented in a browser window with the tool, address and status bars removed to conceal its true location. The genuine paypal page is titled 'PayPal Payment Wizard (for Outlook)'. From the reported scams over the last 11 months, we see this is a growing trend in scams and originally seen in Citibank phishing scams late last year. Since Microsoft finally issued a patch to cure the URL Spoofing problem in February 2004, scammers must be trying out new techniques to fool unsuspecting recipients of their spoof emails. In this case, the disguised link really sends you to http://reddingland.com/Bywood/log1.htm and the URL of the bogus Paypal form is http://reddingland.com/Bywood/webscr.dll which are both hosted through Verisign Inc. The second occasion see forged content at leasurelandscapes.com which resolves to readyhosting.com in the US.	Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services... Email Alerts Add your email address to our email alert service... Subscribe Privacy Policy RSS News Feed Tap into our Scam Alert service using your News Reader or Aggregator (including My Yahoo!). Scam Alert News Feed You can even put the latest alerts on your own web site.

		IS YOUR BROWSER VULNERABLE TO URL SPOOFING CHECK NOW!

		WE ALL NEED YOU! FORWARD YOUR EMAIL SCAMS TO KU.OC.SELIMSRELLIM@FOOPS and help us to build awareness and help others
		Put the latest Scam Alerts on your own web site
	If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender. Take a good look at the following images, because this email scam may be coming to an inbox near you! The Email ...

	The Bogus Web Form (a genuine Paypal.com page is opened as a back drop)...

Notification of PayPal Limited Account Access - Spoof Email Phishing Scam 22nd, 27th & 29th February 2004

Notification of PayPal Limited Account Access - Spoof Email Phishing Scam
22nd, 27th & 29th February 2004