Muschamp Rd

Another PayPal Scam

August 22nd, 2006
Phishing graphic

First off, I’m not a PayPal fan, but it is often necessary to use eBay. I remember eBay before they bought PayPal, but I digress. Every now and then I get an email from PayPal asking me to jump through hoops. They are never happy with me, however it is just this situation the unscrupulous hope to take advantage of.

I just got the following email:

Dear Paypal User,

In accordance with our major database relocation, we are currently having major adjustments and updates of user accounts to verify that the informations you have provided with us during the sign-up process are true and correct. However, we have noticed some discrepancies regarding your account at Paypal. Possible causes are inaccurate contact information and invalid logout process.

We require you to complete an account verification procedure as part of our security measure.

You must click the link below to securely login and complete the process.

† _ Click here to activate your account _

Choosing to ignore this message will result in a temporary suspension of your account within 24 hours, until you will choose to solve this unpleasant situation.

Thank you for using PayPal!
The PayPal Team

It says it is from service@paypal.com. Some scam artists aren’t smart enough to spoof the address or use a poorly chosen reply to address, that is why they usually direct you to a website.
Another PayPal spoof site

Note the URL, if it doesn’t say PayPal.com it isn’t PayPal. This URL is particularly dodgy as they try to make it look like a .edu domain. I tried to report all this to PayPal but they don’t seem to want to let me do it using the Opera browser. I keep clicking continue and nothing happens. I was able to fill in the form and my contact info then I could get no further, I think I’ll let someone else report this, I’m tried of helping ungrateful people. While I was writing this blog post I received the email again at another email address of mine.

These scams are easier to spot if you don’t use HTML email. correo.udenar.edu.co is using the IP Address 200.21.87.163 and is supposedly run by COLOMBIA TELECOMUNICACIONES S.A. ESP. I’m not sure what PayPal can do to a Colombian website, it is hard to run elaborate online scams from major Western countries you need to at least have a server in South America, Africa, Eastern Europe or someplace in Asia where the government has bigger problems than online fraud.

It isn’t just a legal issue, it is a societal issue. Always check the URL before giving over login or credit card information, if the URL looks dodgy than don’t enter your personal information.


  • They’ve altered the email and I received it again twice. They must have used some sort of bot to crawl and get my email addresses off this website. Here is the text of the email I just received:

    Dear Paypal User,

    In accordance with our major database relocation, we are currently having major adjustments and updates of user accounts to verify that the informations you have provided with us during the sign-up process are true and correct. However, we have noticed some discrepancies regarding your account at Paypal. Possible causes are inaccurate contact information and invalid logout process.

    We require you to complete an account verification procedure as part of our security measure.

    You must click the link below to securely login and complete the process.

    † _ Click here to activate your account _

    Choosing to ignore this message will result in a temporary suspension of your account within 24 hours, until you will choose to solve this unpleasant situation.

    Thank you for using PayPal!
    The PayPal Team

  • They’ve altered the email and I received it again twice. They must have used some sort of bot to crawl and get my email addresses off this website. Here is the text of the email I just received:

    Dear Paypal User,

    In accordance with our major database relocation, we are currently having major adjustments and updates of user accounts to verify that the informations you have provided with us during the sign-up process are true and correct. However, we have noticed some discrepancies regarding your account at Paypal. Possible causes are inaccurate contact information and invalid logout process.

    We require you to complete an account verification procedure as part of our security measure.

    You must click the link below to securely login and complete the process.

    † _ Click here to activate your account _

    Choosing to ignore this message will result in a temporary suspension of your account within 24 hours, until you will choose to solve this unpleasant situation.

    Thank you for using PayPal!
    The PayPal Team

  • Got another PayPal scam email. This one tries to direct you to http://www.renosto.com.ar which is in Argentina and seems to load slowly and be about marine equipment.

  • Got another PayPal scam email. This one tries to direct you to http://www.renosto.com.ar which is in Argentina and seems to load slowly and be about marine equipment.

  • I just got a Royal Bank of Canada phishing email. It has to be a phishing email because I don’t have a bank account at the Royal Bank of Canada.

    Here is the text:

    Dear Royal Bank of Canada customer,

    We at Royal Bank of Canada, would like to remind you that your Royal Bank of Canada Account has not been updated to the latest Online Access Agreement for Royal Bank of Canada Online Services.

    In order for us, at Royal Bank of Canada to guarantee your online security, you need to update your account information. We urge you to partner with us to prevent consumer fraud, by going through the 2 steps Royal Bank of Canada Account Confirmation process. This operation involves logging in and confirming your identity over a secure connection at:

    https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi

    After completing this process, you will be informed that your account has been updated and you will be redirected to the actual Online Access Agreement, for you to review.

    Thank you for choosing Royal Bank of Canada as your Financial Institution.

    When you use Royal Bank of Canada Æ or Royal Bank of Canada Business Online Æ Banking, we guarantee that you will be covered 100% for any funds improperly removed from your Royal Bank of Canada accounts, while we are handling your transactions, subject to your responsibility, described below.
    © 1999 – 2005 Royal Bank of Canada. All rights reserved.

    I sent some feedback to RBC, their real website is http://www.rbc.com

  • I just got a Royal Bank of Canada phishing email. It has to be a phishing email because I don’t have a bank account at the Royal Bank of Canada.

    Here is the text:

    Dear Royal Bank of Canada customer,

    We at Royal Bank of Canada, would like to remind you that your Royal Bank of Canada Account has not been updated to the latest Online Access Agreement for Royal Bank of Canada Online Services.

    In order for us, at Royal Bank of Canada to guarantee your online security, you need to update your account information. We urge you to partner with us to prevent consumer fraud, by going through the 2 steps Royal Bank of Canada Account Confirmation process. This operation involves logging in and confirming your identity over a secure connection at:

    https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi

    After completing this process, you will be informed that your account has been updated and you will be redirected to the actual Online Access Agreement, for you to review.

    Thank you for choosing Royal Bank of Canada as your Financial Institution.

    When you use Royal Bank of Canada Æ or Royal Bank of Canada Business Online Æ Banking, we guarantee that you will be covered 100% for any funds improperly removed from your Royal Bank of Canada accounts, while we are handling your transactions, subject to your responsibility, described below.
    © 1999 – 2005 Royal Bank of Canada. All rights reserved.

    I sent some feedback to RBC, their real website is http://www.rbc.com

  • I just got my first MySpace phishing or some other type of scam. It came to the email address I use for sending email in Japanese.

    I’m not a big MySpacer and recently I’ve noticed I’m no longer receiving messages telling me I have a new friend request or email at MySpace even though when I login to MySpace I have one…

    The sender was:
    urbiculture@s-t-i-l-l.com

    And they seem to want me to go to this site:
    http://myspace.mp3shest.com/

    with some more garbage in the URL

    I wish the only problems I have are phishing emails…

  • I just got my first MySpace phishing or some other type of scam. It came to the email address I use for sending email in Japanese.

    I’m not a big MySpacer and recently I’ve noticed I’m no longer receiving messages telling me I have a new friend request or email at MySpace even though when I login to MySpace I have one…

    The sender was:
    urbiculture@s-t-i-l-l.com

    And they seem to want me to go to this site:
    http://myspace.mp3shest.com/

    with some more garbage in the URL

    I wish the only problems I have are phishing emails…

  • Received another PayPal phishing email. This one directs you to the following IP address: 203.117.205.115

    One give away that this isn’t legit is the favicon. I’ve never got around to making a favicon for Muschamp.ca but it is the little icon you see in the URL bar in your browser. I don’t know when this became a defacto standard, but if it was really PayPal it would have the correct logo as the favicon.

  • Received another PayPal phishing email. This one directs you to the following IP address: 203.117.205.115

    One give away that this isn’t legit is the favicon. I’ve never got around to making a favicon for Muschamp.ca but it is the little icon you see in the URL bar in your browser. I don’t know when this became a defacto standard, but if it was really PayPal it would have the correct logo as the favicon.

  • I got another Phishing email that made it through my filters… The text is signifigantly different than usual.

    [1]PayPal Header

    Notice of Account Review Necessity

    Read this notice thoroughly and follow the instructions.
    _________________________________________________________________

    Why did I get the notice?
    You have been sent this notice because the records of PayPal database
    indicate you are a current or former PayPal account holder. PayPal is
    conducting a periodic update of the database record. To ensure your
    account’s security, it is important that you provide us accurate
    information. Please take a moment to verify the information we have on file.
    This notice provides instructions on how to confirm your PayPal account.
    _________________________________________________________________

    What should I do now?

    We sincerely ask you, as a PayPal account holder, to login to your account
    and give us the necessary information. Complete the necessary verification
    tasks within 5 days, or your account might get temporarily suspended.
    Proceed with the link below.

    [2]Click here to confirm your account
    _________________________________________________________________

    We apologize for your inconvenience.

    Thank you for your support,
    PayPal Accounts Department
    _________________________________________________________________

    Please do not reply to this email. Anything you send to this address cannot
    be answered. For assistance, [3]login to your PayPal account and choose the
    “Help” link in the footer of any page.
    To receive email notifications in plain text instead of HTML, update your
    preferences [4]here.
    PayPal Email ID PP571

    They want to sent you to the following URL: http://190.47.150.33/ Access is denied to the root.

  • I got another Phishing email that made it through my filters… The text is signifigantly different than usual.

    [1]PayPal Header

    Notice of Account Review Necessity

    Read this notice thoroughly and follow the instructions.
    _________________________________________________________________

    Why did I get the notice?
    You have been sent this notice because the records of PayPal database
    indicate you are a current or former PayPal account holder. PayPal is
    conducting a periodic update of the database record. To ensure your
    account’s security, it is important that you provide us accurate
    information. Please take a moment to verify the information we have on file.
    This notice provides instructions on how to confirm your PayPal account.
    _________________________________________________________________

    What should I do now?

    We sincerely ask you, as a PayPal account holder, to login to your account
    and give us the necessary information. Complete the necessary verification
    tasks within 5 days, or your account might get temporarily suspended.
    Proceed with the link below.

    [2]Click here to confirm your account
    _________________________________________________________________

    We apologize for your inconvenience.

    Thank you for your support,
    PayPal Accounts Department
    _________________________________________________________________

    Please do not reply to this email. Anything you send to this address cannot
    be answered. For assistance, [3]login to your PayPal account and choose the
    “Help” link in the footer of any page.
    To receive email notifications in plain text instead of HTML, update your
    preferences [4]here.
    PayPal Email ID PP571

    They want to sent you to the following URL: http://190.47.150.33/ Access is denied to the root.

  • I keep getting these PayPal phishing scams. The latest one says I added a new email address I need to confirm. I don’t think this one is that clever but I don’t know where exactly it takes me. I tried clicking on the link but it didn’t do much. Maybe cause I’m on a Mac…

    You’ve added an additional email address to your account.
    If you don’t agree with this email BIGREGSR@CHARTER.NET and if you need assistance with your account,
    _ click here _ and login.

    To make sure you can use your PayPal account the next time you make a purchase,
    all you need to do is confirm or not your email address.
    If your email program has problems with hypertext links,
    you may also confirm your email address by logging in to your account.

    Thank you for using PayPal!
    The PayPal Team

  • I keep getting these PayPal phishing scams. The latest one says I added a new email address I need to confirm. I don’t think this one is that clever but I don’t know where exactly it takes me. I tried clicking on the link but it didn’t do much. Maybe cause I’m on a Mac…

    You’ve added an additional email address to your account.
    If you don’t agree with this email BIGREGSR@CHARTER.NET and if you need assistance with your account,
    _ click here _ and login.

    To make sure you can use your PayPal account the next time you make a purchase,
    all you need to do is confirm or not your email address.
    If your email program has problems with hypertext links,
    you may also confirm your email address by logging in to your account.

    Thank you for using PayPal!
    The PayPal Team

Posts on Muskblog © Andrew "Muskie" McKay comments not necessarily so...
CFA Institute does not endorse, promote or warrant the accuracy or quality of Muskblog. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.