Evil New PayPal Phish! New email address added to your PayPal account!
0 (0)

The Internet Patrol - Patrolling the Internet for You
Rate this post!
 

There is a particularly nasty new phishing effort in the name of PayPal which just started going around this week.

Rather than the typical “update your account” request, which fewer and fewer people are falling for, this one says “New email address added to your PayPal account!”, and tells you that you, or someone, has successfully updated your PayPal account by adding an additional email address.


This one takes full advantage of how worried people are about identity theft, and it’s entirely believable that someone may have hacked into your PayPal account, and added their own email address. And what could be the harm of checking it out to be sure?

The harm, of course, is that the link in the email doesn’t go to PayPal at all, but rather the phishing site.

Here is the full text of the email, and below I dissect it and show you the tricks:

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

You have added everytime_john@yahoo.com as a new email address for
your PayPal account.

If you did not authorize this change or if you need assistance
with your account, please contact PayPal customer service at:

https://www.paypal.com/us/wf/f=ap_email

 

Thank you for using PayPal!
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot
be answered. For assistance, log in to your PayPal account and choose
the “Help” link in the header of any page.
—————————————————————–
PROTECT YOUR PASSWORD

NEVER give your password to anyone and ONLY log in at
https://www.paypal.com/. Protect yourself against fraudulent websites
by opening a new web browser (e.g. Internet Explorer or Netscape)
and typing in the PayPal URL every time you log in to your account.
—————————————————————–

PayPal Email ID PP105
WESIYSWGIMVJJTUHFMSBBUIUFJYUDPEYPIZNIE

Looks pretty official, eh?

This is what your typical email reader, with html rendering turned on, as it is by default in most email programs, shows you.

But that URL, https://www.paypal.com/us/wf/f=ap_email, really goes somewhere completely different.

Let’s take a look at this email again, without it turning the HTML code into what the phisher wants it to..here is the actual raw source of the email (with HTML code removed, so it doesn’t trick your browser or mail reader):

Received: from unknown (HELO User) (9@onestsicinstit.com@210.10.90.15 with login)
by smtp101.biz.mail.mud.yahoo.com with SMTP; 2 Nov 2005 19:55:48 -0000

(First, note how this email really came through Yahoo via onestsicinstit.com, not from PayPal at all!)

Reply-To: lancelaura@yahoo.com
From: PayPal Notice

(PayPal probably doesn’t have employees send email from Yahoo accounts, but many people never bother to look at these details in their email before clicking on a URL.)

Subject: New email address added to your PayPal account !
Date: Thu, 3 Nov 2005 06:55:45 +1100

(Ok..here comes the payload for the phishers:)

You have added (“http://paypaldept.net/login.html”)
everytime_john@yahoo.com as a new email address for your
PayPal account.

(See how the email address is set up as a link to the phishing URL, which is “http://paypaldept.net/login.html”? You’ll see this again in a moment.)

If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at [fake link]

—-

Ok, do you see that? Do you see how they have made the link look like https://www.paypal.com/us/wf/f=ap_email?

And this is why you should never, ever click on a link in email if you have any doubt at all. Just type the URL for the company into your browser. If they really need you to do something with your account, they’ll let you know when you log in to your account through the front door of the website.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

People also searched for added address to paypal account message received text, how did a email address get added to my paypal account thru ebay, my paypal email address, when you get an email from paypal saying they added you phone # and you dont have an account, youve added a new email address to your PayPal account
Rate this post!
 

9 thoughts on “Evil New PayPal Phish! New email address added to your PayPal account!
0 (0)

  1. I GOT ONE OF THESE ALSO, IF I FIND THAT SOB I WILL BREAK BOTH HIS HANDS!
    TO THE PUBLISH; WERE GETTING CLOSER!

  2. Hey, I got this twice today in my junk folder.

    “You’ve added an additional email address to your PayPal account.

    If you don’t agree with this email jerry54@aol.com”>jerry54@aol.com and if you need assistance with your account,

    please click here to login to your account.

    To make sure you can use your PayPal account the next time you make a purchase,

    all you need to do is confirm or not your email address.

    If your email program has problems with hypertext links,

    you may also confirm your email address by logging in to your account.

    Thank you for using PayPal!

    The PayPal Team

    —————————————————————-

    Please do not reply to this email. This mailbox is not monitored and you will not receive a response.

    For assistance, log in to your PayPal account and click the jerry54@aol.com”>Help link located in the top right corner of any PayPal page.

    —————————————————————-”

    The paypal accoutn is actually my father’s, but it’s in my email account because he doesn’t know anytihgn about how to use a cmputer. The odd thing about the emai; is the links don’t lik you any where of you know what I mean./ Like where it says “click here” well…there’s nothing to click on. So is this a fake or what?

  3. I just received a similar email and tracked it back to the people behind it. Check out this link for details:

  4. All of these “phishing” expeditions are the reason why I do a bare minimum of shopping on the Internet. It’s still way too easy to steal identities and still way too hard to clean up the mess.

  5. Another EVIL one. You don’t get infected, the malware merely changes your DNS server entries. It is sent as a link to a Paypal Security Tool the perp (supposedly PayPal) tries to get you to download and run.

    Quote: “‘PayPal-2.5.200-MSWin32-x86-2005.exe’, is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests for ‘paypal.com’ will be transparently redirected to a phishing website. This same DNS server could also be used to redirect requests for additional websites, but it currently appears to only redirect ‘paypal.com’.”

  6. Newer still is a PayPal phish I received yesterday from “PayPal Security Center.” The social engineering aspect (used before) is a bogus report of someone trying to access your account from several foreign IP addresses. The Subject line is “Security Measures – Are You Traveling?” Then comes the invitation to download the “Ultimate PayPal Security Tool.” The link is to an executable (.exe) file (on a Romanian hosting service). Analysis of the file reveals it to be a Trojan Dropper.

    Like Aunty says: Don’t click those links!

  7. I keep all my passwords for any financial websites (banking) and any other websites of interest (probably a couple 100 or so) on a CD and access them only when I need access to the website of interest. I use WordPad to copy/paste my username/password, then close WordPad. Not sure if you should show this tip or not (prying eyes you know)!

  8. Hi Aunty;
    I thought you’d be interested in another PayPal email I got this week. It looked exactly like the one you get when you make a payment through PayPal, only I hadn’t made a payment to anyone. The worst part, however, was that it automatically attempted to open my web browser and log into PayPal. I didn’t even click on any links!!! It was unsuccessful, but I can’t help wondering what would have happened if I would have had my password stored on my computer? I sent the email to PayPal but I didn’t get any response from them. I did immediatley change my PayPal password and have been keeping a very close eye on it.

    Thanks for all the great tips! Keep up the good work, we really appreciate it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.