23rd December 2003
text and a
link to a fake
Spoofed Web page/site?
forged Paypal web
page with web form
requiring Paypal user
name & password,
name & address,
bank, credit or debit
Web page/site origin
cloaked to show
Identity Theft method
Web form information
is captured and
relayed to the
Bank Email Scam
See our guide to
See our guides to
'Verify your identity' -
23rd December 2003
Paypal server upgrade needs you to renew your account?
Its a scam ...
This spoof email (as eBay and Paypal like to call
these email scams) takes the form of a text email with a link (see images
The email text implies that Paypal are upgrading their
server for security reasons, and asks that you renew your account by
using the link provided. The ink is cloaked and utilises a vulnerability
in mozilla browsers (which include Internet Explorer) to show a forged
Paypal web page in your browser while deceptively displaying the proper
Paypal URL in the browser address bar. The page is actually hosted outside
of Paypal's web space. The link firstly will transport you to at a subdomain
of youlikeshe.com which
is hosted by joker.com, but that page is redirected
to another domain - smbc.pl which is hosted by Kei in Krakow,
Poland. This last page is further URL cloaked to show the same
page with the incorrect address as shown below.
This browser vulnerability to
URL cloaking is a growing problem in email scams, but you can check
to see if your browser has this by using our URL cloaking checker (see
right of page).
informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
Add your email address to our email alert service...
Tap into our Scam Alert service using your News Reader or Aggregator (including
Scam Alert News Feed
You can even put the latest alerts on your own web
forged Paypal page asks is incredibly convincing and requests a
of personal and financial information (see images below).
Any data submitted
into this fake form is captured by the scammers using a PHP script located
on the same server.
If you have received this hoax email, please remember
is very common for these email scams to be redistributed at a
later date with only slightly different content or the same but with the fake
page(s) hosted by a different provider. Also, once you have received one of
these hoaxes, it is also common place to receive at least another one
and usually a day or two after the first, although not necessarily from
the same apparent sender.
Take a good look at the following images, because
this hoax email scam may be coming to an inbox near you!
The Email ...