View Full Version : Possible ID theft attempt

15th Jun 2003, 00:04
[B]Dear PayPal Customer

This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.

The inactive customers are subject to restriction and removal in the next 3 months.

Please confirm your email address and credit card information by logging in to your PayPal account using the form below:

Email Address:
Full Name:
Credit Card #:
ATM PIN (For Bank Verification) #:

Never give your pin number out. The fact that this letter seems to be from PayPal does not change that. I got this as an email from the address at the bottom.

This notification expires September 31, 2003

Thanks for using PayPal!

This PayPal notification was sent to your mailbox. Your PayPal account is set up to receive the PayPal Periodical newsletter and product updates when you create your account. To modify your notification preferences and unsubscribe, go to https://www.paypal.com/PREFS-NOTI and log in to your account. Changes to your preferences may take several days to be reflected in our mailings. Replies to this email will not be processed.

Copyright© 2002 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners.

Date: Sat, 14 Jun 2003 22:24:22 +0000
Subject: Dear PayPal Customer
Message-ID: <2B3JL16DI83C0GG9@paypal.com>
References: <BE4I1I7KEH3E82GL@juno.com>
Received: from mx05.lax.untd.com (mx05.lax.untd.com [])
by maildeliver26.lax.untd.com with SMTP id AAA9QZMKHANVQJ7A
for <@juno.com> (sender <7000aipaj5-INFORMATION-UPDATE@paypal.com>);
Sat, 14 Jun 2003 16:17:59 -0700 (PST)
Received: from compuserve.com (adsl-35-82-58.asm.bellsouth.net [])
by mx05.lax.untd.com with SMTP id AAA9QZMKHAGUZ5Y2
for <> (sender <7000aipaj5-INFORMATION-UPDATE@paypal.com>);
Sat, 14 Jun 2003 16:17:59 -0700 (PST)
MIME-Version: 1.0
Content-Type: text/html

15th Jun 2003, 00:49
hmmm.. considering I didn't get that one and I haven't used my paypal account in at least six months...

Its always fun to see these guys try to be sneaky like that..

Thorin Oakenshield
15th Jun 2003, 14:03
You wouldn't believe the amount of people that get suckered like that:eek:

15th Jun 2003, 15:08
The "Received:" header gives the most information regarding who sent you the e-mail (or what server was used that first identified itself). I did a lookup on the domain registration for untd.com and got:

United Online, Inc. (YCIWJTNJKD)
2555 Townsgate Rd.

Domain Name: UNTD.COM

Administrative Contact, Technical Contact:
United Online, Inc. (E4184-OR) hostmaster@noc.untd.com
2555 Townsgate Rd.
805 418 2000 fax: 805 418 2002

Record expires on 16-Dec-2004.
Record created on 09-Dec-2002.
Database last updated on 15-Jun-2003 10:52:33 EDT.
You might want to check using a PayPal listed contact e-mail address on their web site or a webform for e-mail on their web site if untd.com is authorized to issue such statements on their behalf. If not, and if the domain registration is correct, you can then tell PayPal to take action against this impersonator.

I have a PayPal account and have not received this message, so it is not something that PayPal appears to be broadcasting to all their users via some 3rd party service.

<font color=maroon>"Please confirm your email address and credit card information by logging in to your PayPal account using the form below"</font><br>Did that mean you were supposed to respond via e-mail? Or was there an unshown link back to the paypal.com web site? I would never respond via e-mail. Even if it were to go to PayPal and wasn't an impersonator, e-mail is rarely encrypted and anyone could intercept this sensitive information. If there was a link to a webform on their web site, I would still require that the page was HTTP<b>S</b> (i.e., secured). The link would have to be DIRECTLY to their web site and not a rerouted URL. I would probably just open a browser and go to www.paypal.com to review my account that way instead of using the link provided in an e-mail.