Important: We noticed unusual activity in your PayPal account (Ref #PP-823-636-935-323)

Reference #PP-823-636-935-323

Account Status Update Response required
Provide additional information regarding your account Upon receipt
Log in to your PayPal account as soon as possible
Dear Manchester Vacs,
Recently, there’s been activity in your PayPal account that seems unusual compared to your normal account activities. Please log in to PayPal to confirm your identity. To help protect your account, no one can send money or withdraw money. In addition, no one can close your account, send refunds, remove any bank accounts, or remove credit cards.

Click here to confirm your identity
What’s going on?
We’re concerned that someone is using your PayPal account without your knowledge. Recent activity from your account seems to have occurred from a suspicious location or under circumstances that may be different than usual.
What to do
Log in to your PayPal account as soon as possible. We may ask you to confirm information you provided when you created your account to make sure you’re the account holder. You should also do the following for your own protection:

Log in to your PayPal account as soon as possible. Click here to log in.
Confirm your account details (address, email, phone, etc.) to make sure they’re accurate.
Provide additional information regarding your account.

What’s next?
Let’s work together to restore your account. After you complete all of the tasks, we should respond within 72 hours.
Thanks for choosing PayPal. If you need help or have any questions, call us at 1-888-221-1161, 4:00 AM to 10:00 PM Pacific Time Monday through Friday, 6:00 AM to 8:00 PM Pacific Time Saturday and Sunday, Please note that hours of operation may vary on holidays.

Help Center | Security Center
This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page.
Copyright © 2014 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

PayPal Email ID PP1779 – – Another Attempted Paypal Fraud

Phishing fraudsters pretending to be from Paypal email me most days. Sometimes, they even have my real name (eBay transactions with the Muslim community is usually to blame for the name getting out there). However, you likely landed here after Googling “” or “”

Paypal do not send out emails from a “” address – certainly not a fake one. The domain is a site about lock-picking Medeco locks (whatever they are). Nothing to do with Paypal anyway.

This email comes addressed to “Dear Paypal Customer” – which is wrong. Paypal know your name. If they are writing to you, they will use it.

Apart from the bullsh*t domain, wrong email and not knowing the name of the customer, this one has other howlers: Sending attachments – Paypal don’t do that. Specifying which browser you must open the attachment with – yeah, Paypal don’t do that either. That just means the virus they are sending you only works in insecure browsers. Spelling mistakes: A true sign of a non-English speaking scammer. I wont highlight them so they cannot correct them when they read this.

So, here is the email:

Dear PayPal Customer,

You have added as a new email address for your Paypal account.

If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.

NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the “Help” link in the footer of any page.

Copyright © 1999-2011 PayPal. All rights reserved.

All rubbish of course. DO NOT open the attachment called “PersonalProfileForm-payPal.htm” – that is full of viruses! If you did, change your Paypal passwords immediately and do a virus check on your computer.

So lets see where this fake email was sent from:

It comes from the IP which is traced to a company called Allen Linen in North Brunswick in the USA.

Here is their contact details:

Allen Linen Supply
407 20th Ave.
Paterson, NJ 07513
Phone: (973) 742-6131

Why not contact them and ask why someone is sending phishing emails off their server? That is surely a crime in the land of the free.

However, more digging reveals that “” is the sender. That resolves to someone in Barnaul in Russia but has Singapore tags on it. The plot thickens when “” is introduced into the mix – also from the email headers. That does trace to Singapore. The site doesn’t work and also traces to Singapore. Here is teh domain info:

Record last updated at 2011-09-20 06:05:47
Record created on 1/18/2006
Record expired on 01/18/2014

Domain servers in listed order:

Unit 107, Marina Residence, No.8, Kabaaye Pagoda Rd

name:(Eden Group Co., Ltd.)
mail:() +95.01650624
Eden Group Company Limited
Technical Contactor:
#3/1, Myanmar Info-Tech, Universities Hlaing Campus

name:(Zaw HTUT)
mail:() +95.01652250
Billing Contactor:
Unit 107, Marina Residence, No.8, Kabaaye Pagoda Rd

name:(Eden Group Co., Ltd.)
mail:() +95.01650624
Eden Group Company Limited

Registration Service Provider:
name: Myanmars.NET
tel: +95.01652250
fax: +1.7079880300

So what we have here is likely a scammer from Singapore routing through a proxy server in Russia, and again through another via an innocent linen company in the US to send you his Paypal scam email. Now don’t go writing about his scheme on the internet will you? Dammit…….. I just did!

Copy Protected by Chetan's WP-Copyprotect.