SNGX1275
Posts: 10,615 +467
I know we've had a thread on this before, but it was a few years back. Plus its not going to hurt to have another result in google for someone searching.
I use Outlook XP at work where I get my mail from an Exchange server. Messages are scanned at the server level and flagged if they have spam, this takes care of 95% of my spam mail. But today I got a paypal scam, thought I'd document what it looked like for those of you that haven't gotten one yet, and a refresher for those that have.
Mail message:
Actual e-mail:
Had a pretty good idea this was spam at this point. But I decided to view source for fun.
So the address had some numbers tossed up in front of it, that didn't look right. I copied the link from there and opened it in Opera.
I know this is large, but its important to show that the page looked normal, except for the address.
Screenshot:
I'm not sure if Opera will check that site for fraud on its own, I had to manually check it. When I did I noticed the perform fraud check automatically box wasn't checked.
Fraud Check:
I'm not sure how IE handles it, so if someone feels their IE is sufficiently safe they can paste the url from the code box above and test it. I just didn't feel like fighting any malware that may come with visiting that site.
So things to check for are:
Are you the only one the email was sent to?
Are there misspellings in the body?
What does the address look like?
Will it pass fraud check, or whatever your browser does?
I use Outlook XP at work where I get my mail from an Exchange server. Messages are scanned at the server level and flagged if they have spam, this takes care of 95% of my spam mail. But today I got a paypal scam, thought I'd document what it looked like for those of you that haven't gotten one yet, and a refresher for those that have.
Mail message:
Actual e-mail:
Had a pretty good idea this was spam at this point. But I decided to view source for fun.
Code:
<HTML>
<TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0>
<TBODY>
<TR vAlign=top>
<TD><IMG height=35 alt=PayPal
src="http://images.paypal.com/en_US/i/logo/email_logo.gif"
width=255 border=0></TD>
</TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD width="100%" background=http://images.paypal.com/images/bg_clk.gif>
<IMG height=29
src="http://images.paypal.com/images/pixel.gif" width=1
border=0></TD></TR>
<TR>
<TD><IMG height=10 src="http://images.paypal.com/images/pixel.gif"
width=1
border=0></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0>
<TBODY>
<TR vAlign=top>
<TD width=400>
<TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
<TBODY>
<TR vAlign=top>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD class=pp_heading align=left><BR> Security Center
Advisory!</TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD><BR> We recently noticed one or more attempts to log in to your PayPal
account from a
foreign IP address and we have reasons to belive that your account was
hijacked
by a third party without your authorization. If you recently accessed your
account while
traveling, the unusual log in
attempts
may have been initiated by you.<BR>
<BR>If you are the rightful holder of the account you must <B>click the
link below</B> and
then complete all steps from
the following page as we try to verify your identity.<BR><BR>
<TABLE cellSpacing=0 cellPadding=1 width="75%" align=left bgColor=#ffe65c
border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=4 width="100%" align=center
bgColor=#fffecd border=0>
<TBODY>
<TR>
<TD class=pp_sansserif align=middle><A target="_blank"
href="http://3560217410/www.paypal.com/cgi-bin/webscr_cmd=_login-run4928/"
onclick="return ShowLinkWarning()"
>Click here to verify your
account</A></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><BR><BR><BR><BR>If
you choose
to ignore our request, you
leave us no choise but to temporaly suspend
your account.<BR><BR>Thank you for using PayPal!</TD></TR>
<TR>
<TD>
<HR class=dotted>
</TD></TR>
<TR>
</TR>
<TR>
<TD><SPAN class=pp_footer>PayPal Email ID
PP268</SPAN></TD>
</TR></TBODY></TABLE></TD>
<TD><IMG height=1 src="http://images.paypal.com/en_US/i/scr/pixel.gif"
width=10
border=0></TD>
<TD vAlign=top width=190></HTML>
I know this is large, but its important to show that the page looked normal, except for the address.
Screenshot:
I'm not sure if Opera will check that site for fraud on its own, I had to manually check it. When I did I noticed the perform fraud check automatically box wasn't checked.
Fraud Check:
I'm not sure how IE handles it, so if someone feels their IE is sufficiently safe they can paste the url from the code box above and test it. I just didn't feel like fighting any malware that may come with visiting that site.
So things to check for are:
Are you the only one the email was sent to?
Are there misspellings in the body?
What does the address look like?
Will it pass fraud check, or whatever your browser does?