181/8). PayPal - HTML.Phishing.Bank-573

This email targets customers of PayPal.

Message Details

Malware Name:HTML.Phishing.Bank-573
Origin: United States
Date first seen:21/07/2006 10:31:14
From:"service@paypal.com" <service@paypal.com>
Subject:Limited Account Access Details

Attacker's URLs

The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.

The table shows the current status of the site: if it is still reachable (), or if it has been shut down (). If the site has not been confirmed as a phishing site it is shown with the symbol . The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the symbol.

StatusFirst observedShut DownInternet AddressURL
15/07/2006 22:02:10 17/07/2006 08:39:04 China 219.142.104.41 http://219.142.104.41/www.paypal.com/cgi-bin/us/update.htm   

Message Text

The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.


                            [1]Log Out | [2]Help

  [3]My Account [4]Send Money [5]Request Money [6]Merchant Tools [7]Auction
                                   Tools 
     _________________________________________________________________

 PayPal is constantly working to ensure security by regularly screening the
 accounts in our system. We recently reviewed your account, and we need more
information to help us provide you with secure service. Until we can collect
this information, your access to sensitive account features will be limited.
 We would like to restore your access as soon as possible, and we apologize
                           for the inconvenience.
     _________________________________________________________________

                     Why is my account access limited?
     Your account access has been limited for the following reason(s):

     July 21, 2006: We have reason to believe that your account was accessed by
   a  third party. Because protecting the security of your account is our
   primary  concern,  we  have limited access to sensitive PayPal account
   features.  We  understand that this may be an inconvenience but please
   understand that this temporary limitation is for your protection.
   (Your case ID for this reason is PP-124-031-715.)
     _________________________________________________________________

                    How can I restore my account access?

   Please visit the [8]Resolution Center and complete the "Steps to Remove
                               Limitations."

   Completing  all of the checklist items will automatically restore your
   account access.
     _________________________________________________________________

     [9]Mobile | [10]Mass Pay | [11]Money Market | [12]ATM/Debit Card |
   [13]Referrals | [14]About Us | [15]Accounts | [16]Fees | [17]Privacy |
    [18]Buyer Credit | [19]Security Center | [20]PayPal, an eBay company

              Copyright 1999-2006 PayPal. All rights reserved.
             [21]Information about FDIC pass-through insurance

References

   1. https://www.paypal.com/us/cgi-bin/webscr?cmd=_logout
   2. https://www.paypal.com/us/cgi-bin/webscr?cmd=_help&source_page=_login-done
   3. https://www.paypal.com/us/cgi-bin/webscr?cmd=_account
   4. https://www.paypal.com/us/cgi-bin/webscr?cmd=_transaction-run
   5. https://www.paypal.com/us/cgi-bin/webscr?cmd=_request-money
   6. https://www.paypal.com/us/cgi-bin/webscr?cmd=_merchant
   7. https://www.paypal.com/us/cgi-bin/webscr?cmd=_auction
   8. http://219.142.104.41/www.paypal.com/cgi-bin/us/update.htm
   9. https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/mobile
  10. https://www.paypal.com/us/cgi-bin/webscr?cmd=_batch-payment-overview
  11. https://www.paypal.com/us/cgi-bin/webscr?cmd=_upgrade-interest-marcom
  12. https://www.paypal.com/us/cgi-bin/webscr?cmd=_dc-intro
  13. https://www.paypal.com/us/cgi-bin/webscr?cmd=_web-referrals-mrb
  14. https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/about
  15. https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/general/PayPalAccountTypes
  16. https://www.paypal.com/us/cgi-bin/webscr?cmd=_display-fees
  17. https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy
  18. https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/general/PayLaterWithPBC
  19. https://www.paypal.com/us/cgi-bin/webscr?cmd=_security-center
  20. http://www.ebay.com/
  21. https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/fdic

Functions

Advice