Tag Archives: notice@security.org

patrick1178@btconnect.com – notice@security.org – Another Attempted Paypal Fraud

Phishing fraudsters pretending to be from Paypal email me most days. Sometimes, they even have my real name (eBay transactions with the Muslim community is usually to blame for the name getting out there). However, you likely landed here after Googling “notice@security.org” or “patrick1178@btconnect.com”

Paypal do not send out emails from a “security.org” address – certainly not a fake one. The domain security.org is a site about lock-picking Medeco locks (whatever they are). Nothing to do with Paypal anyway.

This email comes addressed to “Dear Paypal Customer” – which is wrong. Paypal know your name. If they are writing to you, they will use it.

Apart from the bullsh*t domain, wrong email and not knowing the name of the customer, this one has other howlers: Sending attachments – Paypal don’t do that. Specifying which browser you must open the attachment with – yeah, Paypal don’t do that either. That just means the virus they are sending you only works in insecure browsers. Spelling mistakes: A true sign of a non-English speaking scammer. I wont highlight them so they cannot correct them when they read this.

So, here is the email:

Dear PayPal Customer,

You have added patrick1178@btconnect.com as a new email address for your Paypal account.

If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.

NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the “Help” link in the footer of any page.

Copyright © 1999-2011 PayPal. All rights reserved.

All rubbish of course. DO NOT open the attachment called “PersonalProfileForm-payPal.htm” – that is full of viruses! If you did, change your Paypal passwords immediately and do a virus check on your computer.

So lets see where this fake email was sent from:

It comes from the IP which is traced to a company called Allen Linen in North Brunswick in the USA.

Here is their contact details:

Allen Linen Supply
407 20th Ave.
Paterson, NJ 07513
Phone: (973) 742-6131

Why not contact them and ask why someone is sending phishing emails off their server? That is surely a crime in the land of the free.

However, more digging reveals that “109.203-211-146.static.qala.com.sg” is the sender. That resolves to someone in Barnaul in Russia but has Singapore tags on it. The plot thickens when “www.edenhotelsandresorts.com” is introduced into the mix – also from the email headers. That does trace to Singapore. The site www.edenhotelsandresorts.com doesn’t work and also traces to Singapore. Here is teh domain info:

Domain Name:edenhotelsandresorts.com
Record last updated at 2011-09-20 06:05:47
Record created on 1/18/2006
Record expired on 01/18/2014

Domain servers in listed order:
ns1.webdesignwebdev.com ns2.webdesignwebdev.com

Unit 107, Marina Residence, No.8, Kabaaye Pagoda Rd

name:(Eden Group Co., Ltd.)
mail:() +95.01650624
Eden Group Company Limited
Technical Contactor:
#3/1, Myanmar Info-Tech, Universities Hlaing Campus

name:(Zaw HTUT)
mail:() +95.01652250
Billing Contactor:
Unit 107, Marina Residence, No.8, Kabaaye Pagoda Rd

name:(Eden Group Co., Ltd.)
mail:() +95.01650624
Eden Group Company Limited

Registration Service Provider:
name: Myanmars.NET
tel: +95.01652250
fax: +1.7079880300

So what we have here is likely a scammer from Singapore routing through a proxy server in Russia, and again through another via an innocent linen company in the US to send you his Paypal scam email. Now don’t go writing about his scheme on the internet will you? Dammit…….. I just did! Continue reading

Posted in Politics & Random Musings | Tagged , , , , | 6 Comments