The “Receipt for Your Payment to” eBay Paypal Phishing Spam   - 3,360 Views, 1 Comment

Summary: There has been a new rash of "Receipt for your payment to" eBay Paypal phishing spam which is intended to elicit a shock response causing the target to rush to log into their Paypal account to figure out why they are being charged hundreds to thousands of dollars for an eBay purchase which they know that they didn't actually make.

Previous Article « New Website Offers Hope, Inspiration, and Interview with Our Own Anne P. Mitchell
Read Next Article » Millions of Citibank Customers at Risk Due to Largest PIN Number Hacking in History

  Follow Anne on Twitter

There has been a new rash of phishing spam which is intended to elicit a shock response causing the target to rush to log into their Paypal account to figure out why they are being charged hundreds to thousands of dollars for an eBay purchase which they know that they didn’t actually make.

Well of course they didn’t actually make the eBay purchase - because it never happened. But the fear that you are about to lose several hundred dollars from your Paypal account ($347.85 in the example below, but we’ve seen them as high as $1200 or more) causes people to not think clearly - and when the email really looks like a legitimate email from Paypal, they are likely as not to click the links in the email so they can get the problem resolved quickly, before “their money” is wrongly sent away.

Of course ironically, the very act of clicking the link and logging in to “Paypal” ensures that all of the money will be drained from their Paypal account. Because what they are really logging in to is a clone site which looks like Paypal, but is being run by the phishers, who capture the victim’s Paypal username and password, and then log in and drain the Paypal account of all of its funds - after also grabbing all of the user’s banking information.

Here’s an example of the Paypal eBay phish that was caught in our net today.

This is the view not that the end user sees with an html-enabled email reader, but the actual, underlying text - see if you can spot the nasty bits:

From: service@PayPal.Inc.com
Subject: Receipt for Your Payment to achaade13@yahoo.com
Dear PayPal Member,

This email confirms that you have sent an eBay payment of $347.85 USD to
achaade13@yahoo.com for an eBay item.

———————————–
Payment Details
———————————–

Amount: $347.85 USD

Transaction ID: 2LC956793J776333Y

Subject: Digimax 130

———————————–
Item Information
———————————–

eBay User ID: scratchandgnaw2

—————————————————————-
Edward Harrell’s UNCONFIRMED Address
—————————————————————-

Edward Harrell
211 David St.
Springtown, TX 76082
United States

Important Note: Edward Harrell has provided an Unconfirmed Address. If
you are planning on shipping items to Edward Harrell, please check the
Transaction Details page of this payment to find out whether you will
be covered by the PayPal Seller Protection Policy.

Note:

If you haven’t authorized this charge ,click the link below to dispute
transaction
and get full refund

Dispute Transaction:

https://www.paypal.com/cgi-bin/webscr/cgi-bin/webscr?cmd=_ssr&
return=http%3A%2F%2Fpaypal-cgi-bin.s6.pl/?
cgi-bin.webscrcmd=_login-run.webscrcmd=_account-run.DisputeTransactionID.2LC956793J776333Y

*SSL connection:
PayPal automatically encrypts your confidential information
in transit from your computer to ours using the Secure
Sockets Layer protocol (SSL) with an encryption key length
of 128-bits (the highest level commercially available)

—————————————————————-
This payment was sent using your bank account.

By using your bank account to send money, you just:

- Paid easily and securely

- Sent money faster than writing and mailing paper checks
- Paid instantly — your purchase won’t show up on bills at the end of
the month.

Thanks for using your bank account!

—————————————————————-

Thank you for using PayPal!
The PayPal Team
PayPal Email ID PP118

—-

The “Receipt for Your Payment to” eBay Paypal Phishing Spam

 Follow Anne on Twitter

 Twitter Explained in Plain English

 Friend Anne on Facebook

Previous Article « New Website Offers Hope, Inspiration, and Interview with Our Own Anne P. Mitchell
Read Next Article » Millions of Citibank Customers at Risk Due to Largest PIN Number Hacking in History

Read more:

»  New Email Scam Targets eBay Users

»  eBay Phishing Bug Allows Phishing Using Real eBay Web Addresses

»  Aunty Spam: Frying Phish

»  New Starbucks Paypal Phish - “You Have Pending Payment to Starbucks”

For additional similar stories check out our archives on Paypal, Phishing, Spam, eBay

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

 

1 Comment »

  1. Hey guys if you want the guys, here’s there contact information. Gee, I wish people who use the internet know something about the world wide web before using it. You can always whois.net anybody’s website any given day of the time.
    Now if you want to flood their servers or open up a bomb on it, crash the hell out of it, I wouldnt mind. I hope I start an online website crash, because of this single post. Someone want to contact the Better Business burue(sp)? You have their contact information now. paypal.inc.com, if your reading this, kiss my —. IT SERVES YOU RIGHT!

    WHOIS information for: paypalinc.com:

    [whois.enom.com]
    =-=-=-=
    Visit AboutUs.org for more information about paypalinc.com
    AboutUs: paypalinc.com

    Domain name: paypalinc.com

    Registrant Contact:
    Whois Privacy Protection Service, Inc.
    Whois Agent ()

    Fax:
    PMB 368, 14150 NE 20th St - F1
    C/O paypalinc.com
    Bellevue, WA 98007
    US

    Administrative Contact:
    Whois Privacy Protection Service, Inc.
    Whois Agent (dttvlpltwp@whoisprivacyprotect.com)
    +1.4252740657
    Fax: +1.4256960234
    PMB 368, 14150 NE 20th St - F1
    C/O paypalinc.com
    Bellevue, WA 98007
    US

    Technical Contact:
    Whois Privacy Protection Service, Inc.
    Whois Agent (dttvlpltwp@whoisprivacyprotect.com)
    +1.4252740657
    Fax: +1.4256960234
    PMB 368, 14150 NE 20th St - F1
    C/O paypalinc.com
    Bellevue, WA 98007
    US

    Status: Locked

    Name Servers:
    dns1.name-services.com
    dns2.name-services.com
    dns3.name-services.com
    dns4.name-services.com
    dns5.name-services.com

    Creation date: 07 Feb 2004 14:10:48
    Expiration date: 07 Feb 2009 11:10:48

    Comment by hitandrun83 — 1/13/2009 @ 8:20 pm

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


If you have not posted a comment here before, we apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day! You only need to do this once; once you have successfuly posted a comment here you will not be asked to do this again. Thank you for your understanding!

 
 This article first appeared on 7/3/2008
The Internet Patrol
Patrolling the Internet for You!