Victim Location 55987
Type of a scam Phishing
Actual e-mail supposedly in service to PayPal (with headers included, along with spelling and grammatical errors from original):
X-Apparently-To: [email protected]; Mon, 04 Mar 2019 13:30:31 +0000
Return-Path:
Received-SPF: none (domain of setting86bd42ce72258f363ba0e8ad16536ef8.inbox.com does not designate permitted sender hosts)
X-YMailISG: p1jszJ4WLDsUxkMa5_QLqqZXkrqILhXjeYoZPIPP7bKQ0W2z
MAnBrpyufbq4KFJImWHxHFJjq_SsZYbyRpNa6kqcXH5ZX1KsSuib7I41N_ZH
x7fkFcSPLnCwGXBSSxPjJQ99ePLWTRSdUZ_bJnXid5f6ZEEZpIgxnDUAMfYh
QNha35W51gbPuznjCzgXS07h0tI0LDwpKljl_6LFB84YjjFQ_vkc8j5XgPbP
NXnGegDg2Y0yTl_VXVoPorpnUmrk9lnPTP_SsJCD4CGxqp6JlbFtnKvpbIPR
a_cKtOaco9DpoYFQaA8j_RWg4wyTcqmxQv3nKkgPdfahBARtD0X.MUhlHJLf
u6OEMgY59WyVwjUCm_Np6.FLYGA7CrflS4v10QRRXugKoHJPcLhCNsaPjb33
IYO_H0hmGqCWDqySZgtrnsX0D2jh_ucoKYtAFzjW4Vfv64E_feflPjQx5Ihc
L1LjnY1grMGn_yhS1fAPZj2s3qwZeOqMgGvXE_ZJQXE0CejvlKHzzwxnJCp1
LfbhWLbQMZ6vxm8aQEWIzQV0u1qPptQZncpZHYaHk9JlUNYUZlclTxHC72fv
pnO6HWncQQYGuiGoNq3iC0_gyzucW.07dpZfeTyBEpKFUjQ23OoT5zC_odnG
shtenefJhZUunnDPKPrKLZamrqUunVx_KVQYjknUfwK9EVFgA52M7WrshzdI
_iLsEsJNk4OdLohWD77Qt7u6bYaYbLDEN_RkPrMPjrHmBRgh18HjirFSdpUj
oFahhV1zynoGSX4RrdoNvWx7vZj7SAdJrjDy9dnad93fgYnHT6mWSUMTVn49
EGDuFkTpHiBPje8yxRxQdQIAKK4uPk_N9DOxpAMSdKYKXBxGWUDgkb3HmiHj
1iLSNUuZBPQYZtsZyAqb5lbGP4AkQ3B3Z.CDP9KvMhhvZNi64AsuTH4a1cSV
zIusEn3xnxbAyEmsRZHFlHwCA.pR9ScnyJu9muu6VgSsdyFM_lLFU5IhOY7I
.nE6GnkI02qeLUiYoYNBqJmEJDxGLR6wYaGzoxCQWCUjPzyIzmt_H_ruCjps
6n_J_LzIwJFUUMCFedj_lE5KKjBM93dE2xcNWGXisqOBKrdyI2tTf7amXfOx
jpHMTvLY5ewnKs22dmjtW8nX6qf3IlHI7tnrmljssgYinx_FUljna0aghgvu
Yxxigqid7diP0A–
X-Originating-IP: [212.227.126.135]
Authentication-Results: mta4011.mail.gq1.yahoo.com from=setting86bd42ce72258f363ba0e8ad16536ef8.inbox.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mout.kundenserver.de) (212.227.126.135)
by mta4011.mail.gq1.yahoo.com with SMTPS; Mon, 04 Mar 2019 13:30:30 +0000
Received: from infong-es3.kundenserver.de ([82.165.83.82]) by
mrelayeu.kundenserver.de (mreue009 [172.19.35.7]) with ESMTPA (Nemesis) id
1MyK9U-1hAv2815O0-00yin3 for ; Mon, 04 Mar 2019
14:30:28 +0100
Received: from 160.178.235.198 (IP may be forged by CGI script)
by infong-es3.kundenserver.de with HTTP
id zRZqJ2-1h4ZV61VZ9-0166Q7; Mon, 04 Mar 2019 14:30:27 +0100
X-Sender-Info:
Precedence: bulk
Subject: RE: [ SERVICE ] : Important from TeamSupport : Account virefication statut : [ ALERT ] Multiple Password Was Attempted With Your Account. [Online banking] Recibo : #391295288970272430.! Recibo cuenta
Date: Mon, 4 Mar 2019 14:30:27 +0100
From: PayPal
Message-ID:
X-Mailer: Leaf PHPMailer 2.7 (leafmailer.pw)
MIME-Version: 1.0
Content-Type: text/html; charset=
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:hO4FE/fJCAwu+JTaqHo/Smy9xpTLTd5KhxuM8v+Ld2eHoOmPqE4
uID0zoFFpql4ezjGFO8L2tPyaDbpx2U5hAyz+6Tzl6eC/gY4gaAkLyWIkyMv5nrSobsZt+t
Hgrnv0Iez3CW1kMRKLYLPqq0cuCTgD9J5CLZNkqxwz+bOra/LZZY9NH90G7QbJat2ncpreX
lbFfEQnjuHawWzoIzbgYdoJYFKtYpaTehw3s0kiiR4=
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:LpKcagqlfPU=:0E0zUDhn9tweUwmnQ2IXFF
VgQNawXiiDiKhNj82evRSJPygXEW0ayD7GubQxwsClpk1yXxhEb/xfO7ijVgv7Z8JdeKpmotq
OeejM+HlmgRIvtFE+Vsp6bntP84ERumuf4T/gp3X5ny5ajKBI/79h38y42kfKIfp7msgwdw6Z
J1GEQ8nJgAhaakV0luVmJy+pY9OewQY/VSoPa473xIJmH2IE7zlzg1mQSynOvytDwSfAWtyZF
K7nPqV6+kshdozoi/PKDB0rRcs6hqixbC77JH8wBquWD3H/DvSW6bigh+WFrEIFccxPznqoa5
a/ObIniicV4JawtLsIwvm8sW9CZ+IfQ+GnFTN1PuPjlp3qjbEz+QjcD7pKIhRaTRTt22hlqrh
qrpBKCa8yB+Bm+o6/3k6f+sp/8CqatTkLjp5b00RPGb1Ei0QNs+b5gdx52HSCvrdZOq2itKdT
zFn8trIEIlybeZermTJwO5yXKGCSKmjhomAjm/9E8owdaJpHRn2MKbI8vjx+G3zWv3RaIcaP7
npVULn9ck9hCqbwFFz0e8LVy5NGIT7UPzHwp8vApmqwGjwNDEtprx7XB+jV0gr862fp4+gXnR
YPFSjOaJ0daI9y5GxMYjy1EdmewsVBxX1Hj6lSy3wbRgjc9aJD6PTebRkZczBYYh1vuP/ctq0
5ryF8Jt0IPdONgP00Sduh2BiTiI7yrb9YUeALBY6OcmVC/1ZrqYasaZTVMph7N2TiZEsb7QYm
5qM/1aUS/6pkuxkmDI58+zkpBBI+Cqlv7iv2NXEYUPBhzQcsHo7kTU+ejsw3Cp/fg4nPbxAUk
YqDmgyn6VPZjTQZoNs33q0E7E5ado+2TMNFJAnhvrx4K1TWUEBRYPGmLKqczHOqo2vwnzyRni
dwV0ChAnO+Is3CPblpoUqP+J1D9rv5Nukq5KoHKckz4ATBzx5ODtoQwzv2XxqXprHcdP+6qhm
iHHcxL/gPvA==
Content-Length: 25427
Your Account Will Be Limited.
Dear customer,
Your Account Will Be Limited , Until We Here From You . To Update Your Info . Simply click on the web address below (or copy and paste the link into your browser):
Victim Location 56468
Total money lost $50
Type of a scam Counterfeit Product
Looked like legitimate message from PayPal, needing to verify my account. Asked for CC and bank account information. Used PayPal logo, etc.
Victim Location 56187
Type of a scam Other
I received an email stating that my order was being processed by Eastbay Clothing. It included the usual order # info, no credit card info. At the bottom is had a spot to click if you did not place this order….sending you to a simple page saying PayPal and asking for email & password to get into the PayPal account. Lucky I don’t have an active PayPal account so no active passwords. There was no transaction processed through my bank. Eastbay said that they had received other similar reports in the last week and it was a scheme. No credit card info was exchanged. I will keep my eyes open now to other possible scams using my yahoo email.