# Friday, August 5, 2005

If you get a message like this that landed in the trash folder of your email client DON’T JUST LEAVE IT THERE FORWARD IT TO THE PROPER AUTHORITIES TO SHUT THESE PEOPLE DOWN!

This particular piece of mail had an extremely suspicious header even though it was forwarded to my main address from my mklump@comcast.net account:

Received: from [63.240.76.44] by mx254a.mysite4now.com [66.102.133.254] with SmartMax MailMax for matthew@klump-pdx.com; Fri, 05 Aug 2005 11:07:05 -0700
Return-Path: <securitycenter@paypal.com>
X-SmartMax-AuthUser:
Received: from 201-0-91-38.dsl.telesp.net.br ([201.0.91.38])
          by sccrmxc20.comcast.net (sccrmxc20) with SMTP
          id <20050805175955s2000f9dgge>; Fri, 5 Aug 2005 18:00:16 +0000
X-Originating-IP: [201.0.91.38]
Received: from web33.nix.paypal.com (web87.nix.paypal.com [10.192.2.49]) by smtp-outbound.nix.paypal.com (Postfix) with SMTP id 659NB1CC814 for <mklafoll@comcast.net>; Fri, 05 Aug 2005 10:56:21 -0800

Obviously mklafoll@comcast.net is NO WHERE NEAR mklump@comcast.net


Received: (qmail 84229 invoked by uid 92); Fri, 05 Aug 2005 10:56:21 -0800
Message-ID: 0585098601.85788@paypal.com
From: "Paypal Security" <securitycenter@paypal.com>
Reply-To: "Paypal Security" <securitycenter@paypal.com>
Subject: New Security Requirements
X-Email-Type-Id: PP%RND_DIGI%RND_DIGI%RND_DIGI
Date: Fri, 05 Aug 2005 10:56:21 -0800
X-MaxCode-Template: email-transaction-counterparty
X-XPT-XSL-Name: /en_US/transaction/seller/TransactionCounterparty.xsl
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--03566965836101187173"
X-NAS-Language: English
X-NAS-Bayes: #0: 4.39383E-066; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 517
X-NAS-Validation: {5B5B9485-C143-4BF7-A92E-7AE728A34958}

 

Dear valued PayPal® member,

Due to recent fraudulent transactions, we have issued the following security requirements.

It has come to our attion that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell non existant items. Thus we require our members to add a Debit/Check card to their billing records as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. Your Debit/Check card will only be used to identify you. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the PayPal® service. However, failure to confirm your records will result in your account suspension.

We are requesting this information to verify and protect your identity. Federal regulations require all financial institutions to obtain, verify, and record identification from all persons opening new accounts or obtaining ongoing payment services. This is in order to prevent the use of the U.S. banking system in terrorist and other illegal activity. For these reasons, PayPal® will utilize services provided by various credit reporting agencies to verify the information you submit to us.

Once you have updated your account records your pending PayPal® account transactions will not be interrupted and will continue as normal.

To update your billing records please login to your account by clicking here. (DO NOT CLICK HERE UNDER ANY CIRCUMSTANCES!!!) This web site with the following querry string http://paypal.signin2.com/cgi-bin/webscr.html?cmd=_login-run points to GOD ONLY KNOWS WHO’s home desktop pc just like a loaded pistol!

Thank you for your time,
PayPal® Billing Department.


Copyright © 1995-2005 PayPal Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this Web site constitutes acceptance of the PayPal User Agreement and Privacy Policy.

I’m forwarding this belligerently obvious case of of fraud to the proper paypal authorities, and with any luck, we’ll never hear from these people at this particular domain again…

Friday, August 5, 2005 7:41:35 PM UTC  #    Comments [0]Trackback
All comments require the approval of the site owner before being displayed.
OpenID
Please login with either your OpenID above, or your details below.
Name
E-mail
(will show your gravatar icon)
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):

Live Comment Preview