I got this email just now. Authentic looking format. Smells very suspicious. Can't recall ever using PayPal. Reckon someone's looking for a sucker.

------------------------------------------

Dear PayPal Customer

This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.

The inactive customers are subject to restriction and removal in the next 3 months.

Please confirm your email address and credit card information by logging in to your PayPal account using the form below:

Email Address:
Password:
Full Name:
Credit Card #:
Exp.Date(mm/yyyy):
ATM PIN (For Bank Verification) #:

[Login Box]

This notification expires September 30, 2003

Thanks for using PayPal!

This PayPal notification was sent to your mailbox. Your PayPal account is set up to receive the PayPal Periodical newsletter and product updates when you create your account. To modify your notification preferences and unsubscribe, go to https://www.paypal.com/PREFS-NOTI and log in to your account. Changes to your preferences may take several days to be reflected in our mailings. Replies to this email will not be processed.

Copyright© 2003 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners.
dx5XobHodk

---------------------------------------------

The Login Box (of course I didn't fill anything in!) leads to http://211.184.216.61 which Visual Trace shows to be an unknown registrant in Seoul.

I smell fish...

Hilarious! What will they think of next?

Not the first time: News.com. Now they've all gone phishing.

If the moderators will allow (fair game, I'd say):

query: 211.184.216.61

IP Address : 211.184.216.0-211.184.216.63
Network Name : GWANGMYUNG-E
Connect ISP Name : PUBNET
Connect Date : 20001204
Registration Date : 20001207

[ Organization Information ]
Orgnization ID : ORG151516
Org Name : GWANGMYUNG ELEMENTARY SCHOOL
State : CHUNGNAM
Address : ******************
Zip Code : 355-847

[ Admin Contact Information]
Name : GIMAN KIM
Org Name : GWANGMYUNG ELEMENTARY SCHOOL
State : CHUNGNAM
Address : *******************
Zip Code : 355-847
Phone : *************
Fax : ************
E-Mail : [email protected]

[ Technical Contact Information ]
Name : GIMAN KIM
Org Name : GWANGMYUNG ELEMENTARY SCHOOL
State : CHUNGNAM
Address : *********************
Zip Code : 355-847
Phone : ***************
Fax : ***************
E-Mail : [email protected]

Mac the Knife,

Expand the header I would like to see the:

Return-Path:

X-ClientAddr:

Received:

From:

Subject:

X-Mailer:

Also it would be worth it to forward the email to:

bl.spamcop.net and relays.ordb.org

Let them blacklist it.

Take Care,

Richard

It must be going around ....

In the last few weeks I received a similar request for info from (supposedly) Paypal and also from my bank. Responded to neither, of course, but the camouflage was very convincing, especially the one purporting to be from the bank. I bet it sucked a few poor folk in.

AA

Last weekend I got 2 similar messages from an e-Bay look-alike site. Both looked very authentic. The e-mail sender address was "[email protected]". Here's the first one:

"

Dear eBay User,

During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete.

As a result, your access to bid or buy on eBay has been restricted.

According to our site policy you will have to confirm that you are the real owner of the eBay account by log in and complete the form that will pop up or else your account will be suspended without the right to register again with eBay.

After you will login please verify your information in order to complete this verification.

Thank you

eBay Customer Support




eBay User ID
You can also use your registered email.



eBay Password
Forgot your password?




Having problems signing in? Get help now. "

.....Here's the 2nd one, which supposedly came from [email protected]:

"
Please Sign In...





For security reasons please enter your user ID and password.
This is a security check that we have introduced to improve our customers security. eBay is committed to providing you with the highest quality, most convenient and secure shopping experience on the Internet.


eBay User ID
Forgot your User ID?



eBay Password
Forgot your password?




Having problems signing in? Get help now. "

Having used e-Bay frequently I am aware of their stated policy of never asking for personal information. When I got both e-mails one day apart I was very suspicious and forwarded them to e-Bay for verification. Their response came within a few hours and they confirmed that they did NOT originate from them, and that they would investigate.

Best to Beware out there.

Ja boet, thought the pong was tuna (fish in a barrel...)
Bullsh$t detector verified functional.
Didn't realise this sort of scam was so common.

I can imagine a lot of punters would be taken in by the seeming authenticity of the message and skinned alive. "They are really getting sophisticated out there," said Ina Steiner, publisher of AuctionBytes.com, a Web site with a pair of auction-focused newsletters. "People that I talk to are experienced Internet and eBay users, and they got fooled."

Will suggest to Danny that he puts up a warning somewhere.

GWANGMYUNG ELEMENTARY SCHOOL - PaperTiger, thatz interesting!

Richard, here's the full header (real email addy replaced)

------------------------------------------------------------------------

Return-path: <[email protected]>
Received: from msg-proxy6 ([196.2.55.30])
by mailhost4.mweb.co.za (iPlanet Messaging Server 5.2 HotFix 1.10 (built Jan
23 2003)) with ESMTP id <[email protected]> for
macsemail@ims-ms-daemon; Mon, 11 Aug 2003 20:24:09 +0200 (SAST)
Received: from viruswall-mw05.mweb.co.za ([196.2.42.37])
by msg-proxy6.mweb.co.za
(iPlanet Messaging Server 5.2 HotFix 1.09 (built Jan 7 2003))
with ESMTP id <[email protected]> for [email protected]
(ORCPT [email protected]); Mon, 11 Aug 2003 20:16:08 +0200 (SAST)
Received: from viruswall-mw05.mweb.co.za (unknown [127.0.0.1])
by vwfilter.mweb.co.za (Postfix) with ESMTP id 8F3AD3179B for <[email protected]>; Mon, 11 Aug 2003 18:20:26 +0000 (UTC)
Received: from bgp553095bgs.ewndsr01.nj.comcast.net
(bgp553095bgs.ewndsr01.nj.comcast.net [68.38.187.19])
by viruswall-mw05.mweb.co.za (Postfix) with SMTP id 6E0AA3053F for <[email protected]>; Mon, 11 Aug 2003 20:20:24 +0200 (SAST)
Date: Tue, 12 Aug 2003 03:26:11 +0000
From: "[email protected]" <[email protected]>
Subject: Important Information Regarding Your Paypal Account (54504844)
In-reply-to: <[email protected]>
To: macsemail <[email protected]>
Message-id: <[email protected]>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 8bit
References: <[email protected]>
Original-recipient: rfc822;[email protected]

Lets all be careful out there...
[I preferred "Let's do it to them before they do it to us"]

Mac

Mac the Knife,

According to the header, that email originated from someone on a Comcast Cable Modem in New Jersey U.S.A.

There was no X-Mailer so it was send from a virus on the poor guy in N.J.'s Computer and the Virus has its on SMTP since it was not sent from an email program.

I would not send anything to the poor guy in New Jersey, since it was not his fault, it is the fault of the virus.

Take Care,

Richard

Unless the URL starts with https://www.paypal.com then it IS an attempt at fraud.

Suggest you contact PayPal with the details as they are no doubt going to spend the money trying to track down these fraudsters.

More of them today. I just collected two days worth of email. Five Paypal "renew your details" spams and three for my bank.

AA