I just received a FAKE Pay Pal renewal message which looks VERY legit. If I had fallen for it I could have had my identity stolen and my bank account cleaned out.
The thing that initially tipped me off was that it was sent to a email address at a domain name that I maintain for a church group web site. That domain name's email is set up for "star addressing" - anything and everything sent to that domain-name.org gets forwarded to one of my webmaster accounts. And the only legitimate email addresses that have ever been used from that domain are "webmaster@" and "postmaster@". So receiving an email sent to webmetaname@ got my attention. The fake message is here: >Date: Thu, 13 Nov 2003 22:58:12 -0500 >From: PayPal.com <[EMAIL PROTECTED]> >X-Mailer: Microsoft Outlook Express 6.00.2800.1106 >Reply-To: [EMAIL PROTECTED] >Organization: None X-Priority: 1 (High) >To: [EMAIL PROTECTED] >Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------716A2B1C01688342" > >Dear PayPal member, > >PayPal would like to inform you about some important information regarding your PayPal >account. This account, which is associated with this email address will be expiring within five >business days. We apologize for any inconvenience that this may cause, but this is occurring >because all of our customers are required to update their account settings with their personal >information. > >We are taking these actions because we are implementing a new security policy on our website >to insure everyone's absolute privacy. To avoid any interruption in PayPal services then you will >need to run the application that we have sent with this email (see attachment) and follow the >instructions. Please do not send your personal information through email, as it will not be as >secure. > >IMPORTANT! If you do not update your information with our secure application within the next >five business days then we will be forced to deactivate your account and you will not be able to >use your PayPal account any longer. It is strongly recommended that you take a few minutes >out of your busy day and complete this now. > >DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message >system and the reply will not be received. > >Thank you for using PayPal. An attached file was named "paypal.asp.scr" Telling my email program (Eudora) to show the headers revealed something interesting... (I've deleted the mail server name and the targeted domain name - they are not relevant): >Return-Path: [EMAIL PROTECTED] >Received: from 24.83.161.46 ([24.83.161.46] verified) > by zzzzzzzz.com (Stalker SMTP Server 1.8b9d14) > with SMTP id S.0001603835 for <zzzzzzzz.org>; Thu, 13 Nov 2003 >20:07:02 -0800 >Date: Thu, 13 Nov 2003 22:58:12 -0500 >From: PayPal.com <[EMAIL PROTECTED]> >X-Mailer: Microsoft Outlook Express 6.00.2800.1106 >Reply-To: [EMAIL PROTECTED] >Organization: None >X-Priority: 1 (High) >To: [EMAIL PROTECTED] >Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES >MIME-Version: 1.0 >Content-Type: multipart/mixed; boundary="----------716A2B1C01688342" According to the Geektools Whois web page (http://www.geektools.com/whois.php) the address 24.83.161.46 is registered to a company in Canada, but that mail server could have been hijacked, as could the Earthlink account referenced in the top line of the message. Anyway, enough off-topic blathering. I just hope that I've saved someone some grief. Mike WA6ILQ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/