Phishing Example: PayPal, You added a new email address to your PayPal account

Phishing Example: PayPal - Fake Emails
"You added a new email address to your PayPal account"

Below is another example of a PayPal phishing / spoofing attempt sent vian email. Here is what PayPal suggests:

• Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear Customer", "Dear PayPal Customer" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account.
• If you believe you have received a fraudulent email, please forward the entire email-including the header information-to spoof@paypal.com. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
• Don't share personal information vian email: We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to https://www.paypal.com/.
• Don't download attachments: PayPal will never send you an attachment or software update to install on your computer.
• Notice the the email actually came from moi@bioloka.com NOT accounts@paypal.com. This information is found in the message header.
• Do not click on the links in the email.  If you want to check your email account go to www.Paypal.com by typing that into your browser.
• The link to http://emawwe.com/mexico/admin/language/english/localisation/zone/ is not on the Paypal.com domain.

 And if you think you have been victimized, see our What to do, if you think you have been the victim of identity theft page!

---

Example PayPal Scam Email:

From: service [mailto:moi@bioloka.com]
Sent: Sunday, May 07, 2017 8:15 PM
To: Your email address
Subject: You added a new email address to your PayPal account

You added a new email address to your PayPal account Dear Customer,  This is just to confirm that you added a new email address (simons.lawler@hotmail.com) to your PayPal account. If want to make this your primary email address - where we'll send all your account-related information - log in to your PayPal account and go to your Profile. If you didn't add this email address, Let Us Know Straight Away. This helps us make sure that no one is accessing your account without you knowing. Yours sincerely, Your PayPal team        Help  | Security      Please do not reply to this email.     Copyright © 1999-2017 PayPal. All rights reserved. PayPal (Europe) S.à r.l. et Cie, S.C.A. Société en Commandite par Actions Registered Office: 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118 349 PayPal PPX001524:f2f008b1ed394

 

Message headers:

Return-Path:
Return-path:
Delivery-date: Sun, 07 May 2017 20:51:01 -0400
Received: from s2.bioloka.com ([178.63.73.144]:34000)
Content preview: You added a new email address to your PayPal account Dear
Customer, This is just to confirm that you added a new email address (simons.lawler@hotmail.com)
to your PayPal account. [...]

Content analysis details: (4.6 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
2.5 URIBL_DBL_ABUSE_PHISH Contains an abused phishing URL listed in the
DBL blocklist
[URIs: emawwe.com]
0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
[178.63.73.144 listed in dnsbl.sorbs.net]
-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4990]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
X-Spam-Flag: NO
X-Brightmail-Tracker: AAAAAyTF/h4t/PpMLf2CcA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrOqMTGxcIABLqsh/gjDY5O47fYd+A7iwOjx/EX75kCGKNYggsScxNYMnp2X2ArYKgAUQ2MDKsYhXNLyw2LMxKLSxITi4oLivJTDIw3MUIN28G4/aLMKUZVjkv32z8zCbEUA82QEucNPcAfKSQA4mSU5pWkFsUXleakFr9iFOdgVBLmNTgIlOXJzCspzkyHyUhwMCmJ8IqL8UQK8QJtQkhJNTBy3Ft3/0GUs3rx01vNv8Tq9S+07b8hPPvZbbs5RQd+7j/LXnv9zStRyc8LRO6bH8vIMSlxmd6dmZ211v5YWjNfZaLg7/vfj5Vsapt2UIpLMmSxyqvA+fx9cR/WJL0JN9i99cm9nxvObu9sCqmJfybTKVK9aX+w2rykCJPbtXtZ/FQrO560nOhWYgF631CLuag4EQDRNptcSgEAAA==



 

---

 Reporting a Possible Phishing Attack

If you need advice about an Internet or online solicitation, or you want to report a possible scam, use the Online Reporting Form or or call the NFIC hotline at 1-800-876-7060

 

 

---

For More Information About Phishing, See:

• Click Here for a copy of NCL's Phishing Brochure.  Requires Adobe Acrobat Reader.
• How Not to Get Hooked by a 'Phishing' Scam  [PDF version]
  Offers tips on how to avoid falling victim to a new type of spam scam in which consumers are deceived into handing over personal financial information.
• Is Someone "Phishing" for Your Information?  [PDF version]
  Cautions consumers about emails that claim to be from government agencies in an attempt to steal personal information.
• Digital PhishNet Web site.
• Phish Report Network - a cooperative effort by several companies providing an information clearinghouse that will be run by WholeSecurity, a provider of client-side security solutions.
• Internet Crime Prevention & Control Institute, a cooperative effort between Zero Spam Network Corp. and the University of Miami. Staffed by Miami undergraduate and graduate students and Zero Spam employees, works closely with the Secret Service's Electronic Crimes Task Force and ISPs in the United States and abroad to identify and block traffic to machines hosting phishing sites.
  • Report A Crime
  • FTC Fraud Reporting