Friday, January 5, 2018

Account Notification (PayPal Phishing)

PayPal
Notification : janvier 02, 2018

Beloved , Costumer(s)

Your account acces will be denied because we've noticed significant changes in your activity. As your last payment method, we need to understand these update sbetter.
This account Iimitation will affect your ability to:

Send or receive money
Withdraw money
Also, you won't be able to:
Remove any accounts
Remove credit cards
Close your account
What to do next ?

Please log in to your account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further Iimited.

Reload my account

Thank you for your understanding and cooperation. If you need further assistance, please check our support case ID
Copyright © 2017 PayPol, Inc. All rights reserved. PayPol is located at 2211 N. First St., San Jose, CA 95131.I'm a new Text block ready for your content.

Phishing screenshot :


Email analysis :

NOTE : no-reply@server5.floathosting1.com
NOTE : Account Notification

Phishing analysis :

CLICK : Reload my account
OPEN : http://bksvm.in/includes/.international/Login-account/
REDIRECT : http://bksvm.in/includes/.international/Login-account/*/Up-dating.php?country.x=*&ACCT.x=*
SCREENSHOT :


CLICK : Einloggen
REDIRECT : http://bksvm.in/includes/.international/Login-account/*/Up-dating.php?log=*
SCREENSHOT :


NOTE : PayPal phishing at : http://bksvm.in/

Monday, December 18, 2017

Attention: Your account status change ! (PayPal Phishing attempt)


PayPal
Notification : November 24, 2017
Beloved , Costumer(s)
Your account acces will be denied because we've noticed significant changes in your activity. As your last payment method, we need to understand these update sbetter.
This account Iimitation will affect your ability to:
Send or receive money
Withdraw money
Also, you won't be able to:
Remove any accounts
Remove credit cards
Close your account
What to do next ?

Please log in to your account and provide the requested information through the Resolution Center. If we don't receive the information before this deadline or we notice additional significant changes in your account activity, your account access may be further Iimited.
Reload my account
Thank you for your understanding and cooperation. If you need further assistance, please check our support case ID
Copyright © 2017 PayPol, Inc. All rights reserved. PayPol is located at 2211 N. First St., San Jose, CA 95131.I'm a new Text block ready for your content.

Phishing screenshot :


Email analysis :

NOTE : Supportpaypel@live.net
NOTE : X-Authenticated-Sender : server.1seodev.com: harzin
NOTE : X-Php-Script : 64.131.65.172/~harzin/wp-value.php for 197.1.172.74
NOTE : X-Mailer : Leaf PHPMailer 2.7 (leafmailer.pw)
NOTE : X-Source-Args : /usr/bin/php /home/harzin/public_html/wp-value.php

Phishing analysis :

CLICK : Reload my account
OPEN : http://ourshopee.com/payment/.assets/Login-account/
RESULT : NOT FOUND
NOTE : PayPal Phishing attempt

Friday, November 17, 2017

Verify Your PayPal Account! (PayPal Phishing Attempt)

Dear PayPal user,

This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it.

To proceed to confirm your account information please click on the link below and follow the instructions that will be required.This will help protect you in the future. The process does not take more than 3 minutes.

Confirm your account

Click here to verify

Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.

Sincerely,
PayPal Account Review Department
(Case ID #PP-003-498-237-832)

Email analysis :

NOTE : sal.moncalieri@engim.it
NOTE : Received : from zimbra.engim.it (zimbra.engim.it [192.168.67.112])

NOTE : 192.168.67.112

Phishing screenshot :


Phishing analysis :

CLICK : Click here to verify
OPEN : http://rederswhitesincs.com/secure_pp
RESULT : PayPal Phishing attempt

Sunday, September 3, 2017

Notification(1) (PayPal Phishing Attempt)

ΡayΡal

PayΡal Security Center !
Hello Customer,
We've Iimited access tο yοur accοunt, because yοur accοunt was recently lοgged intο frοm a new brοwser οr device.
Was that yοu ?

Whаt dο i need tο dο ?

In οrder tο аccess yοur accοunt again, yοu need tο verify yοur identity by fοllοwing sοme οf οur security steps.

Click here to update your paypaI account
Please dο nοt reply tο this email. Tο get in touch, gο tο the PayΡal website and click Help.
Cοpyright © 1999-2017 PayΡal Support. All rights reserved.

[Νotice]: If this email was sent to your junk or spаm box please mаke sure to tick it as not spаm due to our new security updаte ! аnd we аre sorry аbout thаt.

Email analysis :

NOTE : email@pay.com
NOTE : hargakac@wp.eazysmart.com
NOTE : client-ip=192.252.214.196;


Screenshot of the Phishing :


Phishing analysis :

CLICK : Click here to update your paypaI account
OPEN : https://www.jackpad.com.au/-/Found/
RESULT : PayPal Phishing Attempt

Tuesday, June 28, 2016

During your last purchase (Phishing Paypal)

Header Image

Privacy Policy for PayPal Services Copyright ©2016

PayPal fraud prevention set standards by presenting the best security solution in the industry that make your business more secure.If you do not renew your paypal account will be limited or closed permanently

Update Your Account Info. Please click below.

Thank you for choosing PayPal

border

Copyright ©2016 All rights reserved.

Email analysis :NOTE :

NOTE : Return-Path : < *@sendgrid.net >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Mailer : ColdFusion 9 Application Server
NOTE : client-ip=50.31.42.127;
NOTE : Received : from o1.email.britishsoapawards.tv ([50.31.42.127])
NOTE : Received : by filter0036p1las1.sendgrid.net
NOTE : Received : from vaya-backend09-optusrts (unknown [103.1.216.177])
NOTE : by ismtpd0018p1sin1.sendgrid.net (SG)
NOTE : During your last purchase

Phishing analysis :

CLICK : THE BUTTON
OPEN : https://bit.ly/1RFlDg4
REDIRECT : http://64.71.78.238/CFIDE/web.html
REDIRECT : http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php
SCREENSHOT :


CLICK : Log In
REDIRECT http://horseridingholidaysgb.co.uk/php/update_info*/True-Login/*/signin.php?error_login_id=*#


NOTE : THE LOGIN ASK FOR A VALID PASSWORD...
NOTE : SHORT THE URI TO http://horseridingholidaysgb.co.uk/php/update_info/
SCREENSHOT :


NOTE : FUNNY...
NOTE : CHANGE IP
SCREENSHOT :


NOTE : LAUGHT...