181/95). PayPal - HTML.Phishing.Bank-573
This email targets customers of PayPal.
Message Details
| Malware Name: | HTML.Phishing.Bank-573 |
| Origin: |  United States |
| Date first seen: | 10/02/2007 21:11:13 |
| From: | support@paypal.com <support@paypal.com> |
| Subject: | Please Activate Your Account |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
10/02/2007 21:16:26 | 24/03/2007 11:26:04 | 66.218.77.68 |
http://www.geocities.com/panaramelesefut/finalpp.swf | |
|
15/03/2007 13:39:08 | 15/03/2007 13:39:08 |  217.70.106.10 |
http://photo.sinor.ru/albums/userpics/step1a.html.rar?PayPalWebScrAccount-Verify-Procedure_Login | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Limited Account Access Details
PayPal is constantly working to ensure security by regularly screening the
accounts in our system. We recently reviewed your account, and we need more
information to help us provide you with secure service. Until we can collect
this information, your access to sensitive account features will be limited.
We would like to restore your access as soon as possible, and we apologize
for the inconvenience.
Why is my account access limited?
Your account access has been limited for the following reason(s):
In accordance with PayPal's User Agreement and Acceptable Use Policy, we
have closed your account. Your funds may be held for 180 days from the date
of your last transaction. After 180 days, you will be able to access your
funds by requesting an online bank transfer or, if applicable, a check from
PayPal. Please update your address or bank information as we cannot be held
responsible for checks issued to an incorrect address. We do ask that you
please remove reference(s) to PayPal from your site.
How can I resolve this issue?
If you are the rightful holder of the account you must click the link below
and then complete all steps from the following page as we try to verify your
personal informations. If you choose to ignore our request, you leave us no
choise but to temporaly suspend your account.
[1]Click Here To Verify Your Account
As we wait authorisation from the FSA, we wish to inform you in advance of
our plans and how these may affect you. We will notify you of further
measures in the coming days. Until then, thank you for using PayPal.
Yours sincerely,
PayPal, Inc.
____________________________________________________________________________
Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the footer of any page.
To receive email notifications in plain text instead of HTML, update your
preferences.
Copyright 2007 PayPal, Inc. All rights reserved. Designated trademarks and
brands are the property of their respective owners.
References
1. http://www.geocities.com/panaramelesefut/finalpp.swf