Author |
Message |
splatter
Hello I'm New here!
Joined: 08 Nov 2005
Posts: 19
|
Posted:
Mon Sep 12, 2011 2:42 pm |
|
Edit: whoops sorry this should have been in the fake banks forum...
This email came to me today, headers:
From [email protected] Mon Sep 12 01:51:43 2011
X-RocketMail: 00000006;R---S---M-------;0431
X-RocketUID: 0000000000
X-RocketYMUMID: AK/SimIAAFr8Tm3dvgu66gz6xb4
X-RocketMIF: 1315823038;6624;
X-Apparently-To: [email protected] via 98.138.210.175; Mon, 12 Sep 2011 03:23:58 -0700
X-RocketRCL: 3790;1;3480096836;3910
Return-Path: <[email protected]>
X-RocketTIP: 69.162.87.138 ; NO_TIP_HEADER_ALLOWED ;
X-RocketSRV: s_ip=69.162.87.138;d_t=1315823038;url=paypal.com,http://paypal.com/),xvierfrezdf.com,http://paypal.com.cgi-bin.webscr.cmd.login.submit.dispatch.5885d80a13c0db1f8e263663d3faee8d35d0e363192f28ea2a5d17.xvierfrezdf.com/PP_MultiLanguage/;Retro=Y;SgrnP=N
Received-SPF: softfail (transitioning domain of paypal.com does not designate 69.162.87.138 as permitted sender)
X-Rocket-Track: cat=UK; info=rule:SP<id=266>;cconsam:UK;dmcu:UK<token=NO_MATCH>;cip_features:UK<none>;ip:NN<ip=69.162.87.138,policy=n-w0,n100,g0>;ipsh:UK<ip=69.162.87.138,policy=P=-1,X=-1,S=-1>;cmsgbk:UK<s=29,m=17>;mip:UK<p=not_run>;phhr:NN<score=27>;turl:SP<url=paypal.com.cgi-bin.webscr.cmd.login.submit.dispatch.5885d80a13c0db1f8e263663d3faee8d35d0e363192f28ea2a5d17.xvierfrezdf.com,score=81>;url2db:NN<url=paypal.com>;wlrcpts:UK;sgor:UK;abaca:UK<125, fh=mta1167; fi=68.142.198.142:14050; MB=0; GT=0; fs=125; ns=63; id=UiQEkmc2-8C0323w6g; rv=6035p2/68.142.198.142:14051; ts=Fo4JZ; gv=122; fp=JHq5i; gd=1; ip=69.162.87.138; he=P/a5S5Ty/2R; nt=0; ho=KsPzlGfif67; hd=Mn991jYdl1k; hf=N3QTxl81EMC; hF=N3QTxl81EMC; hj=P8Cmw0kV/Ql; hr=BK0NfzOoXIX; ZB=FWOWVQDbTQT; ZB=BO5+b+c9seH; ZB=NzqsoqjLXex; ZB=Mp9GSaczIJc; ZB=FEZ4NQZg7dt; ZU=NklNefg77JV; Zu=u380mYNYNr; Zu=LupcF49dOBS; ZU=O2D3VF2eH40; Zu=GsINhaVkWZs; ZU=DaSQW9yZcR2; Zu=BsmIfN2ei9Z; Zu=Y9w8m9WIlS; ZF=La0S7HmO9NI;, SRV_OR=1,WS_OR=1,WSS_OR=1,OR=1,AB_WS_IP=0>
X-YMailISG: SqyNOLEWLDt7BZH.QyCUqGURBfIZNartAMj5w2OryMImM94P
IKewzStpEln29sdzVmNmDJTIvUQNPHIE7E.1Zvz8bVO7xzfeNr9WE4u.mwcc
e7hvbKk8cbJzD78P.IEqxFZIFT.wg8wRsmf3_YD2bSfLGlphGRJ5DrdXVcRZ
S.wk73XKgZyZB56lnBFK6oemIXFoQGVitlSB72GQFDkWxKjyuIWrPGhoSrqW
n05yyopREgu_IpMhF3PsmFuLoTk8KY3PvilOUm6NuGcClBX33xE5ZsVvelNc
VrEP3lcNCHE6sxPzunN_4BjfVVFUpsT1ZW7Q4BDkc3Vs876Z4rK8qNl6shKO
81j5MFaeV4oER3vYdDnRzBQqUsQwLTF0SS7P52eT5fXvWmPbvqqhkXn8Cflb
YZ4mBezzI8OcpPj_1dKDuBYLv.y8CHB3GhqvoKFRy50fAVWeKGAxcEnpiqId
VBxbU.v9DqEOLf8Ak.fVpnV7u47iHMO8jzDTXDUr4lGyEWlxn0WpvKQD.XTX
q8qpDaU8cY1mGhbZDIM4flaN7STheYCKiCMNYerde__DqZJ.OX2MvAA8p4_v
DMdVV5taKNQFMZhIVX4PVpedvnPaIRq6oWJ_14XAzHeu7tei7.nffVxYn9Tq
CaPVkz3jbOeJhx5nuLUFqlvnqaw_aT8yA8TPKxY3CxMBMoosWpmp1IdGwRDq
mlicoiwM6XTLlwt2o.wT_zOl.S0Mr24BTnnXXGxeYRIZMW3GZyPSpHJJSQpU
TCUHcelmGRT4.RyWh6pHFpWwu2MClu4fVEuzCC3rl2nHSWQIoSAGGSrf8s0Q
RYC0PE0tdYpuRB6oM_84Xd.MDRG_gOKk5YxBg98QRGtYSqpqMKMV_H1mJQtW
F9hjKKiMXEEZrB.B0MnkjgaaFqmD.Xm2ExMluJ5xTZtvI1bEj0X267Gy57iU
8L9pSwao6SIg.4ded7VvnwLuPnq0QSAHmK9WqxjlTQndYhaeYL9Uon0g49w6
tBiobv769dlYT2CqLTR9ldSnrBLOBsLhTTe2YwxlTcuex4fx_TEMnshN6cQn
4Ds_7Oi9inXMVPjkBOJCvgmBgclXRAiEKaVosTD1xbdu1iswJC51d2kHX_KU
Kz7pspezrd1_8UfevDrDQmZ73SoshW2TDi3eb_ZftnAMtNZMqRGxrJBum..E
jgwzGUA2bjt5.NSu4crbCtnLXdwcUyTLjujpquxZT21HK22zynK.ES5rrLh4
K4TKdPcIRX.bR7wgMhN59MEJlypf7OB7COX1yVtyMoZ4lbtfyDiyZrcuSMuy
5JFdmqLR4Z_LWxrNeBe_zfFV1c4bCN7Rpx.Iy3Rii3fKMJHYRNA_7MAa8A59
iuD4sw--
X-RocketHELO: DS-C31UU08LTHA4
X-RocketMAILFROM: [email protected]
X-RocketRCPTTO: [email protected]
X-RocketMSGID:[email protected]#1
X-Originating-IP: [69.162.87.138]
Authentication-Results: mta1167.mail.mud.yahoo.com from=paypal.com; domainkeys=neutral (no sig); from=paypal.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO DS-C31UU08LTHA4) (69.162.87.138)
by mta1167.mail.mud.yahoo.com with SMTP; Mon, 12 Sep 2011 03:23:58 -0700
Received: from User ([127.0.0.1] RDNS failed) by DS-C31UU08LTHA4 with Microsoft SMTPSVC(7.0.6001.18485);
Mon, 12 Sep 2011 03:51:43 -0500
Reply-To: <[email protected]>
From: "[email protected]"<[email protected]>
Subject: Your account has been limited until we hear from you
Date: Mon, 12 Sep 2011 03:51:43 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: [email protected]
Message-ID: <DS-C31UU08LTHA4n65D0000231e@DS-C31UU08LTHA4>
X-OriginalArrivalTime: 12 Sep 2011 08:51:43.0337 (UTC) FILETIME=[32002590:01CC7129]
Content-Length: 3790
email:
Your account has been limited until we hear from you
Hide Details
FROM:
[email protected]
Message flagged
Monday, September 12, 2011 8:51 AM
This message contains blocked images.
Show ImagesOptions
Message body
PayPal
Information Regarding Your account:
Dear PayPal Member:
Attention! Your PayPal account has been limited!
As part of our security measures, we regularly screen activity in the PayPal system.We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:
Our system detected unusual charges to a credit card linked to your PayPal account.
Reference Number: PP-259-187-991
This is the Last reminder to log in to PayPal as soon as possible. Once you log in, you will be provided with steps to restore your account access.
Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.
Click here to activate your account
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologise for any inconvenience..
Sincerely,
PayPal Account Review Department
Copyright © 1999-2011 PayPal. All rights reserved. PayPal Ltd. PayPal FSA Register Number: 226056.
PayPal Email ID PP059
Protect Your Account Info
Make sure you never provide your password to fraudulent websites.
To safely and securely access the PayPal website or your account, open a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal login page (http://paypal.com/) to be sure you are on the real PayPal site.
For more information on protecting yourself from fraud, please review our Security Tips at https://www.paypal.com/us/securitytips
Protect Your Password
You should never give your PayPal password to anyone.
---- end email---
Here is the web page.. pretty good fake. I'm not sure how this url works but it's obviously part of xvierfrezdf.com subletted domain.
http://paypal.com.cgi-bin.webscr.cmd.login.submit.dispatch.5885d80a13c0db1f8e263663d3faee8d35d0e363192f28ea2a5d17.xvierfrezdf.com/PP_MultiLanguage/
I've already notified paypal but anything anyone else can do to rake these idiots over would be great! |
|
|
|
|
Jeannette
Baiting Guru
Joined: 21 Oct 2006
Posts: 2158
Location: Stalking Nick Riewoldt
|
Posted:
Mon Sep 12, 2011 4:58 pm |
|
Interestingly, the lads seems to have spoofed PayPal's account. |
_________________ X 2 X 25
Sister I was even filling the form with pains - Mariam Abacha
|
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|