Mara’s PayPal account was compromised this morning. Among some other PayPal e-mail was one claiming that an attempt was made to access her account and that she needed to re-verify her account to keep it from being suspended. Mara was busy, and so did so before she realized that anything was up. It was a phishing scam. So Mara had to change her password to protect her PayPal account.
Mara was mortified that she could make such a mistake, but I think it proves a very important point. If someone as web-savvy as Mara can be fooled, nearly anyone can.
Well, I got the same message. So I checked it out and tried to track down the offender. I just sent an e-mail to a company called Global Net Access (a hosting company in Atlanta, Georgia) requesting that they take action against their user, whose Global Net Acess account is being used for this scheme.
I’ve posted the e-mail below so that people might notice the domains and IP addresses.
From: Wicasta Lovelace
Date: April 23, 2006 2:30 PM
Subject: Phishing Scheme Using Global Net account
I thought I should make you aware of a phishing scheme using your services.
The offending account is; http://184.108.40.206/~jokerco/
This party is sending out an e-mail claiming to be from PayPal, and informs the user that his or her PayPal account has been accessed by a foreign IP address, and asks the user to sign-in to their account to avoid having their PayPal account suspended. The intial link address goes to http://binhech.com/, which then redirects the user to http://www.paypal-unlocking.net/. It is while on this page that one can view the source code of the page and find that its frameset is being pulled from http://220.127.116.11/~jokerco/new/.
I would appreciate it if you would suspend or block this account. I have no doubt this person will simply take his or her scheme elsewhere. Personally, I would prefer it if the Government would arrest people who commit fraud.
Thank you for your time.
– Wicasta Lovelace
P.S. A copy of the original message follows:
Subject: Your paypal account could be suspended!
Date: 4/22/2006 11:56 PM
To: Wicasta Lovelace
We recently noticed an attempt to log in to your PayPal account from France,a foreign IP address and we have reason to believe that your account was used by a third party without your authorization.
If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. Therefore, if you are the rightful account holder, click on the link below to log into your account and follow the instructions.
If you choose to ignore our request, you leave us no choice but to temporarily suspend your account.
If you received this notice and you are not the authorized account holder, please be aware that it is in violation of PayPal policy to represent oneself as another PayPal user. Such action may also be in violation of local, national, and/or international law. PayPal is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that impersonators are prosecuted to the fullest extent of the law.
Thank you for your patience as we work together to protect your account.
PayPal Account Review Department
PayPal, an eBay Company