21408). PayPal - Email.Phishing.Pay-21
This email targets customers of PayPal.
Message Details
| Malware Name: | Email.Phishing.Pay-21 |
| Origin: |  China |
| Date first seen: | 15/02/2007 12:51:07 |
| Number seen: | 2 |
| Date last seen: | 19/02/2007 20:21:48 |
| From: | PayPal <service@email-paypal.com> |
| Subject: | Please Restore Your Account Access |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
14/02/2007 20:54:18 | 15/02/2007 16:10:04 |  201.73.96.222 |
http://servpro-ntl.telesa.net.br/new.paypal.com/index.html | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear PayPal, We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address. If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you did not initiate the log ins, please visit PayPal as soon as possible to verify your identity: http://servpro-ntl.telesa.net.br/new.paypal.com/index.html Verify your identity is a security measure that will ensure that you are the only person with access to the account. Thanks for your patience as we work together to protect your account. Sincerely, PayPal ------------------------------------------------ ---------------- PROTECT YOUR PASSWORD NEVER give your password to anyone and ONLY log in at https://www.paypal.com/. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account. ----------------------------------------------------------------Pleasedo not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the header of any page. PayPal Email ID PP321
Additional Examples