The “Receipt for Your Payment to” eBay Paypal Phishing Spam 7/3/2008 - 839 views,
|
Previous Article « New Website Offers Hope, Inspiration, and Interview with Our Own Anne P. Mitchell
Read Next Article » Millions of Citibank Customers at Risk Due to Largest PIN Number Hacking in History
There has been a new rash of phishing spam which is intended to elicit a shock response causing the target to rush to log into their Paypal account to figure out why they are being charged hundreds to thousands of dollars for an eBay purchase which they know that they didn’t actually make. Well of course they didn’t actually make the eBay purchase - because it never happened. But the fear that you are about to lose several hundred dollars from your Paypal account ($347.85 in the example below, but we’ve seen them as high as $1200 or more) causes people to not think clearly - and when the email really looks like a legitimate email from Paypal, they are likely as not to click the links in the email so they can get the problem resolved quickly, before “their money” is wrongly sent away. Of course ironically, the very act of clicking the link and logging in to “Paypal” ensures that all of the money will be drained from their Paypal account. Because what they are really logging in to is a clone site which looks like Paypal, but is being run by the phishers, who capture the victim’s Paypal username and password, and then log in and drain the Paypal account of all of its funds - after also grabbing all of the user’s banking information. Here’s an example of the Paypal eBay phish that was caught in our net today. This is the view not that the end user sees with an html-enabled email reader, but the actual, underlying text - see if you can spot the nasty bits: From: service@PayPal.Inc.com This email confirms that you have sent an eBay payment of $347.85 USD to ———————————– Amount: $347.85 USD Transaction ID: 2LC956793J776333Y Subject: Digimax 130 ———————————– eBay User ID: scratchandgnaw2 —————————————————————- Edward Harrell Important Note: Edward Harrell has provided an Unconfirmed Address. If Note: If you haven’t authorized this charge ,click the link below to dispute Dispute Transaction: https://www.paypal.com/cgi-bin/webscr/cgi-bin/webscr?cmd=_ssr& *SSL connection: —————————————————————- By using your bank account to send money, you just: - Paid easily and securely - Sent money faster than writing and mailing paper checks Thanks for using your bank account! —————————————————————- Thank you for using PayPal! —-
Subject: Receipt for Your Payment to achaade13@yahoo.com
Dear PayPal Member,
achaade13@yahoo.com for an eBay item.
Payment Details
———————————–
Item Information
———————————–
Edward Harrell’s UNCONFIRMED Address
—————————————————————-
211 David St.
Springtown, TX 76082
United States
you are planning on shipping items to Edward Harrell, please check the
Transaction Details page of this payment to find out whether you will
be covered by the PayPal Seller Protection Policy.
transaction
and get full refund
return=http%3A%2F%2Fpaypal-cgi-bin.s6.pl/?
cgi-bin.webscrcmd=_login-run.webscrcmd=_account-run.DisputeTransactionID.2LC956793J776333Y
PayPal automatically encrypts your confidential information
in transit from your computer to ours using the Secure
Sockets Layer protocol (SSL) with an encryption key length
of 128-bits (the highest level commercially available)
This payment was sent using your bank account.
- Paid instantly — your purchase won’t show up on bills at the end of
the month.
The PayPal Team
PayPal Email ID PP118
|
|
Email the link for this page to a friend! |
Read more:
» New Email Scam Targets eBay Users
» New Starbucks Paypal Phish - “You Have Pending Payment to Starbucks”
» eBay Phishing Bug Allows Phishing Using Real eBay Web Addresses
For additional similar stories check out our archives on Paypal, Phishing, Spam, eBay
