Categories
Uncategorized

Yet Another PayPal Phishing Scheme

Those of you who check this site often know I track such things. This one is an interesting one, in that it looks for all the world as though you just bought $400+ worth of Creative sound equipment, and then gives you a nice, fancy “Cancel this transaction” link, which of course goes to the phisherman’s cove. The body of the scam email is contained after the flip, as is the registrant information for the offending domain, in case you want to give him a jingle. As always, I have reported this email to PayPal and recommend you always do the same.

Email Body (links sanitized)

PayPal
Dear member,

This email confirms that you have paid paypal@creative.com $423.98 USD using PayPal.

This credit card transaction will appear on your bill as “PAYPAL *CREATIVE”.

Payment Details

Purchased From:creative.labs

Item # Item Title Quantity Price Subtotal
8751475190 EMU E-MU 1616M PCMCIA Digital Audio Sound Card Warranty 1 $399.99 USD $399.99 USD

Shipping & Handling via USPS First Class Mail to 154XX
(includes any seller handling fees) —
Shipping Insurance (optional): —
Sales Tax (6.000% inPA) : $23.99 USD
Total: $423.98 USD
Note:Thank you!

Shipping Information

Shipping Info: Wayne E Bakewell
16 elm st
Brownsville, PA 15417
United States
Address Status: Confirmed

If you have questions about the shipping and tracking of your purchased item or service, please contact the seller paypal@creative.com.

Do you confirm this transaction?

If this transaction was not made by you please immediately take the following steps:

* Login to your account by clicking on the link below
* Provide requested information to ensure you are the owner of the account
* Find this transaction in HISTORY and click ‘Cancel Transaction’

CANCEL TRANSACTION!

Thank you for using PayPal!
The PayPal Team

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and choose the Help link located in the top right corner of any PayPal page.

PayPal Email ID PP843

Contained links (WARNING! Do browse to this location!):

http: // ladamasarabians . com / https / www . paypal . com / cgi-bin / webscr.php?cmd=_login-run

Whois Information:

[whois.enom.com]
=-=-=-=
Visit AboutUs.org for more information about ladamasarabians.com
AboutUs: ladamasarabians.com

Registration Service Provided By: Supreme Center
Contact: support@propersupport.com
Visit: http://www.propersupport.com/

Domain name: ladamasarabians.com

Registrant Contact:

Rob Simpson (rob@simpsonequine.com)
+1.5409374796
Fax:
67 Hackleys Mill Rd.
Amissville, VA 20106
US

Administrative Contact:

Rob Simpson (rob@simpsonequine.com)
+1.5409374796
Fax:
67 Hackleys Mill Rd.
Amissville, VA 20106
US

Technical Contact:

Rob Simpson (rob@simpsonequine.com)
+1.5409374796
Fax:
67 Hackleys Mill Rd.
Amissville, VA 20106
US

Status: Locked

Name Servers:
dns1.supremecenter17.com
dns2.supremecenter17.com

Creation date: 15 Nov 2005 11:57:26
Expiration date: 15 Nov 2008 11:57:26

By Tommy Belknap

Owner, developer, editor of DragonFlyEye.Net, Tom Belknap is also a freelance journalist for The 585 lifestyle magazine. He lives in the Rochester area with his wife and son.