Log in

View Full Version : Another scam. Beware of paypal messages

Lynn
10-19-2006, 09:06 PM
Just in case you don't catch it, you may receive an email purportedly from paypal asking you to "update" your account. I received this one:


Dear Customer,

YOUR ACCOUNT HAS BEEN SUSPENDED !!!

After the energy breakdown from 22/09/2006 it appears that some of our
hardware is not working properly. The data of five thousands customers
stored on computer backup tapes was lost.
Can we regain what was once lost? - YES
PayPal temporarily suspended your account.
Some restrictions applied until you update your account.

Once you have completed these steps, we will send you an email notifying
that your account is available again. After that you can upgrade or downgrade
your account at any time.
The information provided will be treated in confidence and stored in our secure database.
If you fail to provide information about your account you'll discover that your account
has been automatically deleted from PayPal database.

Please click on the link below to start the update process:


Please click here and complete the next Step to update your account.



Go To My Account


PayPal case ID PP-121-601-924

DON'T RESPOND!!!!!

It is a scam. I have my email set up to reveal the IP address of all incoming messages. This one originated from England (that is also why it refers to the date of 9-22-06 as 22-09-2006 - only in the U.S. do we use mm/dd/yyyy instead of dd/mm/yyyy). Anyway, here is the info I got on the IP address:

inetnum: 80.6.32.0 - 80.6.47.255
netname: NTL
descr: NTL Infrastructure - Luton
country: GB
admin-c: NNMC1-RIPE
tech-c: NNMC1-RIPE
status: ASSIGNED PA
mnt-by: AS5089-MNT
source: RIPE # Filtered

role: NTLI Network Management Centre
address: NTL Internet
address: Crawley Court
address: Winchester
address: Hampshire
address: SO21 2QA
remarks: -------------------------------------------------------
remarks: For abuse notifications please -
remarks: file an online case @ http://www.ntlworld.com/netreport
remarks: +44 1633 710142 (Voicemail Only)
remarks: -------------------------------------------------------
remarks: For peering issues/requests please -
remarks: email : [email protected]
remarks: -------------------------------------------------------
admin-c: MH22007-RIPE
admin-c: NR731-RIPE
admin-c: CW1083-RIPE
tech-c: MH22007-RIPE
tech-c: CW1083-RIPE
admin-c: NR731-RIPE
nic-hdl: NNMC1-RIPE
mnt-by: AS5089-MNT
e-mail: [email protected]
source: RIPE # Filtered


route: 80.6.0.0/16
descr: NTL-UK-IP-BLOCK
origin: AS5089
mnt-by: AS5089-MNT
source: RIPE # Filtered

Of course, if you "update" your account, the scammers will have all they need to start purchasing online with your money.

Lynn
Lynn
10-19-2006, 09:16 PM
Unbelievably, I just received another one, this one looking much more legit, complete with paypal logos, but it is not legit! Again the IP address does not line up with previous emails I have received from Paypal, but this one is from inside the U.S. Here is the second one:

Dear Member
--------------------------------------------------------------------------------

Closing Accounts and Limiting Account Access
This is your official notification that your account has been Limited. We recently reviewed your credit card and it seems that you are using the same credit card for 2 accounts. As you can read in our User Agreement ( section 2.13 ) opening multiple accounts is strictly forbidden. You are now requested to provide information relevant to your account. PayPal will investigate the matter promptly and if the investigation is in your favor, we will restore your account.

PayPal Email ID PP133320

--------------------------------------------------------------------------------

How can I restore my account access?

Click here to visit the Resolution Center and complete the steps to remove limitations.


Completing all of the checklist items will automatically restore your account access.

Thank you for using PayPal!
The PayPal Team

Copyright © 2006 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. PayPal is located at 2211 N. First St., San Jose, CA 95131.

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

Note that it is addressed to "Dear Member", whereas a legit message from paypal would use my full name.

The techical info for this IP address is:

Extra Technical Information
InQuent Technologies Inc. INQUENT-2 (NET-205-178-128-0-1)
205.178.128.0 - 205.178.191.255
Network Solutions, LLC NSLLC02 (NET-205-178-146-0-1)
205.178.146.0 - 205.178.146.255

# ARIN WHOIS database, last updated 2006-10-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

A message from paypal should come from an IP in San Jose. Here is the technical info for the IP address on a legit email from paypal:

OrgName: eBay, Inc
OrgID: EBAY
Address: 2145 Hamilton Ave
City: San Jose
StateProv: CA
PostalCode: 95008
Country: US

NetRange: 66.211.160.0 - 66.211.191.255
CIDR: 66.211.160.0/19
NetName: EBAY-2
NetHandle: NET-66-211-160-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Assignment
NameServer: SJC-DNS1.EBAYDNS.COM
NameServer: SJC-DNS2.EBAYDNS.COM
NameServer: SMF-DNS1.EBAYDNS.COM
NameServer: SMF-DNS2.EBAYDNS.COM
Comment:
RegDate: 2006-01-25
Updated: 2006-01-25

OrgTechHandle: EBAYN-ARIN
OrgTechName: eBay Network
OrgTechPhone: +1-408-376-7400
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2006-10-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Hope this helps someone.