181/92). PayPal - HTML.Phishing.Bank-573
This email targets customers of PayPal.
Message Details
| Malware Name: | HTML.Phishing.Bank-573 |
| Origin: |  Germany |
| Date first seen: | 03/02/2007 20:31:04 |
| From: | securitycenter@paypal.com |
| Subject: | Account Verification - Urgent Action Required |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
15/11/2006 19:24:31 | 15/11/2006 19:24:31 |  69.46.226.170 |
http://www.paypal.com.cgi-bin-webscr.net/webscr/cmd/login_submit/ | |
|
03/02/2007 20:36:54 | 03/02/2007 20:36:54 | 207.44.160.16 |
http://207.44.160.16/webscrcmd=_login-submit | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[1]PayPal
Protect Your Account Info
PayPal is constantly working to ensure security by regularly screening the
accounts in our system. We recently reviewed your account, and we need more
information to help us provide you with secure service.
Until we can collect this information, your access to sensitive account
features will be limited. We would like to restore your access as soon as
possible, and we apologize for the inconvenience. .
We thank you for your prompt attention to this matter. Please understand
that ,this is a security measure intended to help protect you and your
account. We apologize for any inconvenience
Protect Your Password
You should never give your PayPal password to anyone, including PayPal
employees.
Update Your Information
_________________________________________________________________
As part of our security measures, we regularly screen activity in the PayPal
system. We recently contacted you after noticing an issue on your account.We
requested information from you for the following reason:
A recent review of your account determined that we require some additional
information from you in order to provide you with secure service.
Once you log in, you will be provided with steps to restore your account
access. We appreciate your understanding as we work to ensure account safety
To update your PayPal records click on the following link:
[2]https://www.paypal.com/cgi-bin/webscr?cmd=login-run
This new security statement will helps us continue to offer PayPal as a
secure and cost-effective payment service. We appreciate your cooperation
and assistance.
Sincerely,
The PayPal Team
_________________________________________________________________
Please do not reply to this email. This mailbox is not monitored and you
will not receive a response. For assistance, [3]log in to your PayPal
account and choose the Help link located in the top right corner of any
PayPal page.
PayPal Email ID PP295
Copyright 1999-2007 PayPal. All rights reserved.
References
1. http://www.paypal.com.cgi-bin-webscr.net/webscr/cmd/login_submit/
2. http://207.44.160.16/webscrcmd=_login-submit&dispatch=5885d80a13c0db1f992ed64d66bc28e70c007719b36c044164b8a7e8e9b8e27c/index.htm
3. http://207.44.160.16/webscrcmd=_login-submit&dispatch=5885d80a13c0db1f992ed64d66bc28e70c007719b36c044164b8a7e8e9b8e27c/index.htm