An
Email with the Subject "***SPAM*** Critical Information Regarding Your Account" was
received in one of Scamdex's honeypot email accounts on Sun, 28 Nov 2010 10:55:13 -0800
and has been classified as a Generic Scam Email.
The sender shows as PayPal <support@microsoft.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
paypalpaypal.comlog inlogincreditmicrosoftendedpasswordcheckwinsafeaccountminderinternetaccesssecuremailreferencesincerelysupport@microsoft.com will spamsecurity(e.g. internet explorer o...(http://paypal.com/)http://paypal.com/)https://www.paypal.com/us...fs
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => scams@scamdex.com
[delivery-date:] => Sun, 28 Nov 2010 10:55:14 -0800
[received:] => Array
(
[0] => from [208.89.219.134] (helo=quatro2r.infinitie.net)by chester.loopbiz.com with esmtps (TLSv1:AES256-SHA:256)(Exim 4.69)(envelope-from )id 1PMmP3-00049n-Ilfor scams@scamdex.com; Sun, 28 Nov 2010 10:55:13 -0800
[1] => from nobody by quatro2r.infinitie.net with local (Exim 4.69)(envelope-from )id 1PMmNT-0004Z7-Plfor scams@scamdex.com; Sun, 28 Nov 2010 18:53:35 +0000
)
[to:] => scams@scamdex.com
[x-php-script:] => 208.89.219.134/~ninja/ns/massmailer.php for 213.163.101.26
[from:] => PayPal
[reply-to:] =>
[mime-version:] => 1.0
[content-type:] => text/html
[content-transfer-encoding:] => 8bit
[message-id:] =>
[date:] => Sun, 28 Nov 2010 18:53:35 +0000
[x-antiabuse:] => Array
(
[0] => This header was added to track abuse, please include it with any abuse report
[1] => Primary Hostname - quatro2r.infinitie.net
[2] => Original Domain - scamdex.com
[3] => Originator/Caller UID/GID - [99 99] / [47 12]
[4] => Sender Address Domain - quatro2r.infinitie.net
)
[x-spam-status:] => Yes, score=4.9
[x-spam-score:] => 49
[x-spam-bar:] => ++++
[x-spam-report:] => Spam detection software, running on the system "chester.loopbiz.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: PayPal information about your account: Security Center Attention!Your PayPal account was limited! As part of our security measures, we regularlycheck the work of the screen PayPal. We hace requested information from youfor the following reason: Our system has detected unusual charges to a creditcard link to your PayPal account. [...] Content analysis details: (4.9 points, 4.0 required)pts rule name description---- ---------------------- --------------------------------------------------2.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist[URIs: 173.236.99.82]0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL0.0 HTML_MESSAGE BODY: HTML included in message1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
[x-spam-flag:] => YES
[subject:] => ***SPAM*** Critical Information Regarding Your Account
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
As part of our security measures, we regularly check the work
of the screen PayPal. We hace requested information from
you for the following reason:
Our system has detected unusual charges to a credit card
link to your PayPal account.
Reference Number: PP-259-187-991
This is the last reminder to log into PayPal, as soon as
possible. Once you connect. PayPal will provide measures to
restore access to your account
Once connected, follow the steps to activate your account.
We appreciate your understanding as we work to ensure
security.
Click
Here To Activate
We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you and your
account. We apologise for any inconvenience.
To safely and securely access the PayPal website or your
account, open a new web browser (e.g. Internet Explorer or Netscape)
and type in the PayPal login page (http://paypal.com/) to be sure you are
on the real PayPal site.
For more information on protecting
yourself from fraud, please review our Security Tips at
https://www.paypal.com/us/securitytips
Protect Your Password
You should never give your PayPal password to
anyone.
