Dear Sir,

PayPal is committed to maintaining a safe environment for its community of
buyers and sellers. To protect the security of your account, PayPal employs
some of the most advanced security systems in the world and our anti-fraud
teams regularly screen the PayPal system for unusual activity.

Recently, our Account Review Team identified some unusual activity in your
account. In accordance with PayPal's User Agreement and to ensure that your
account has not been compromised, access to your account was limited. Your
account access will remain limited until this issue has been resolved. This
is a fraud prevention measure meant to ensure that your account is not
compromised.

In order to secure your account and quickly restore full access, we may
require some specific information from you for the following reason:

We would like to ensure that your account was not accessed by an
unauthorized third party. Because protecting the security of your account
is our primary concern, we have limited access to sensitive PayPal account
features. We understand that this may be an inconvenience but please
understand that this temporary limitation is for your protection

Case ID Number: PPnumber
We encourage you to log in and restore full access as soon as possible.
Should access to your account remain limited for an extended period of
time, it may result in further limitations on the use of your account or
may result in eventual account closure.

Thank you for your prompt attention to this matter. Please understand that
this is a security measure meant to help protect you and your account. We
apologize for any inconvenience.


To keep your account active, click here:
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/accounts-outside


Sincerely,
PayPal Account Review Department



PayPal Email ID PPnumber

Note, the link actually would go to here:
0x0c.0x98.0xd1.0x7a:81/paypalDOTcom/index.php?MfcISAPICommand=SignInFPP

DO NOT CLICK that link. This is a fraud. Be sure when viewing these types of e-mails to check in the source code of the message that the link is actually going where it claims it would!

There are two things I wish for in life: (1) to win the lottery (2) to have 5 minutes alone in a room with scam artists. :mad: I just get seething mad when I hear of these dishonorable cads!

Thank you very much for the warning Chris!Commander: Go get them!Frank

Hi,

Interesting they have moved to using hex for the IP address. A lame attempt to hide the host IP. Amateurs!

It is interesting also how they always use either port 81 or 82 on the compromised machine...hmmm.......

The thing I find really annoying is that all this can be stopped overnight if the ISPs actually bothered to filter things floating around their networks, but they choose not to, so this continues to occur. :( I include other forms of attack/viruses etc.. :(

Anyone want to start a new ISP award - that of "Most Secure ISP"?

Best regards,
Robin.

Got another of these, same familiar ring to it. :rolleyes:

I noticed the hex code for the link, quite lame. I'm surprised it actually would work - but I'm NOT going to try it.

I'm sure we could easily start a new ISP as you reckoned. ;)

Hi,

Give me a shout when you are ready! :)

Here is another. Maybe we need to start a site for hacked addresses??

pcp0012181375pcs.albqrq01.nm

It is truncated on purposed.

Did you know these sites are active for around 18 hours at a time???

Best regards,
Robin.

Did I understand you correctly that the link will put you on another ISP like dialers for dial-up modem? I must be misunderstanding you since I've heard it's physically impossible to cheat you out of money when you're using a broadband internet connection.

Frank

Hi,

No - this is good old credit card fraud. They try and get you to log in to a fake PayPal website, hosted on a compromised machine (examples as above) to get you to "update your account details", where they blatently ask for your credit card number, expiry date, security code (the one on the back of the card) and PIN.

Sadly, people are frankly just too stupid and provide these details. :( I know that sounds harsh, but if I asked you face-to-face for your card details, you'd tell me to get lost! Why people think the 'net is safer, or don't considre fraud just because an e-mail mentions "PayPal" or other well-known financial institutions, I don't know. :(

In short: NEVER PROVIDE ANY PERSONAL DETAILS TO ANYONE OVER THE INTERNET REGARDLESS OF HOW GENUINE YOU BELIEVE IT TO BE! Even if you are buying something and YOU initiated the transaction, ALWAYS CHECK THE LEGIMACY OF THE SITE FIRST! There are several ways to do this:

1) Check the SSL certificate is in fact for the site you are visiting
2) Ensure the certificate is valid
3) Do a WHOIS lookup on the domain name and see who owns it
4) Perform other technical methods for determining the legitamacy of the site (I won't go into detail here).

I'm so paranoid, I quiz the legitamacy of legitamate sites sometimes. :) I prefer to be that way than the other.

I hope that answers your question! :) I'll post a screenshot of a compromised site.

Best regards,
Robin.

OMG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!

I just tried an old link from 3 days ago, AND IT IS STILL ACTIVE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!

EDIT: Intriguing, all the links are active and go to the legit site. You log in with obviously invalid details and it alerts saying the login doesn't exist in the records, yet it is hosted on a hacked server. A failed hack attempt I think. I certainly did NOT try logging in legitimately just to see.

@Chris: I would remove the PP ID from your message. I suspect this is used to track which message/server is sent to which e-mail address in the event people do as you did (it allows them to ID a group of users).

The PP case number is certainly different between e-mails (unique? e.g.: Case ID Number: PP-xxx-xxx-xxx), with the e-mail type carrying the same short PP number (the last one), e.g.: PP xxx. i.e. the e-mails will all look and read the same way.

Best regards,
Robin.