Date: 25 Mar 2005 01:49:53 -0000
From: PayPal <paypal@email.paypal.com>
To: email removed
Subject: Security Center

Military Grade Encryption is Only the Start

At PayPal, we want to increase your security and comfort level with every transaction. From our Buyer and Seller Protection Policies to our
Verification and Reputation systems, we'll help to keep you safe.

We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address and we have reasons to belive that your account
was hijacked by a third party without your authorization.

If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you are the rightfull
holder of the account, click on the link below to log into your account and follow the instructions.


https://www.paypal.com/cgi-bin/webscr?cmd=_login-run


If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.

We ask that you allow at least 72 hours for the case to be investigated and we strongly recommend to verify your account in that time.

If you received this notice and you are not the authorized account holder, please be aware that it is in violation of PayPal policy to represent
oneself as another PayPal user. Such action may also be in violation of local, national, and/or international law. PayPal is committed to assist law
enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be
provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the fullest extent of the law.

Thanks for your patience as we work together to protect your account.

Sincerely,
PayPal Account Review Department
PayPal, an eBay Company

_____________________________________________________________________________________________________________________________________________________________
*Please do not respond to this e-mail as your reply will not be received.



Here are the headers of this attempted scam.

Return-Path: <root@cathoo.schedom-europe.net>
Received: from laura.schedom-europe.net (laura.schedom-europe.net [193.109.184.68])
by bugsbunny.castlecops.com (8.13.2/8.13.2) with SMTP id j2P1nrRO013575
for <email removed>; Thu, 24 Mar 2005 20:49:54 -0500
Received: (qmail 8767 invoked by alias); 25 Mar 2005 01:49:54 -0000
Received: from cathoo.schedom-europe.net (193.109.185.2)
by laura.schedom-europe.net with SMTP; 25 Mar 2005 01:49:54 -0000
Received: (qmail 28894 invoked by uid 4; 25 Mar 2005 01:49:53 -0000
Date: 25 Mar 2005 01:49:53 -0000
Message-ID: <20050325014953.28891.qmail@cathoo.schedom-europe.net>
To: email removed
Subject: Security Center
From: PayPal < paypal@email.paypal.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
bugsbunny.castlecops.com
X-Spam-Level: ****
X-Spam-Status: No, score=4.2 required=5.6 tests=BAYES_50,DCC_CHECK,
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,
REPLY_TO_EMPTY autolearn=no version=3.0.2
X-Spam-DCCB: WEiAPG
X-Spam-DCCR: bugsbunny.castlecops.com 1072; Body=1 Fuz1=1 Fuz2=many


*** Please note the URL above does not direct to paypal. It directs to the following page http://210.0.213.115/~chuihf/Secure/paypal/

Millitary Grade Encryption?

Also, they spelled choice wrong...they typed CHOISE ...that's not acceptable by any means for any big company.

OJ

_________________


"Your every move is my calculated step"

This one is already dead. The page is down and the URL is blocked by Netcraft.

_________________
MS MVP Security 2006-2008

Excellent to hear it is down already

OJ,

That is one of the quickest ways to spot these things.