Spam Alert: Please Update Your Account

It's not PayPal

Recently, a new spam email has begun circulating. The message purports to be from the PayPal company, which is owned by eBay. This email is a well-disguised attempt to obtain personal information from unsuspecting PayPal customers. The email is not from PayPal. We will take a close look at the construction of the message to point out some obvious and not-so-obvious visual cues.

The subject of the email is "Please update your account", which is a common request that is mailed out from may reputable companies. A casual PayPal user may well be fooled by the official-appearing graphics and unauthorized use of the PayPal name.

Keep in mind that the Internet is a dangerous place: never respond to an unsolicited email unless you are absolutely sure of the sender.

Spam Alert: Please update your account
Spam Alert: Please update your account

Text of the spam

Warning Notification

Dear PayPal Costumer,

It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension. Please update your records before February 04, 2011

Once you have updated your account records, your PayPal® account activity will not be interrupted and will continue as normal.

Click here to update your PayPal account information

Copyright © 1999-2011 PayPal. All rights reserved.
Information about FDIC pass-through insurance

Deconstruction

Note that the email recipient is "undisclosed-recipients". This could be the result of a BCC (Blind Carbon Copy) email 'blast' or a weak attempt to disguise the fact that the spammer doesn't know the name of the intended recipient.

Nowhere in the message is any specific information that personalizes the email. It is obviously directed at everyone with an email address. PayPal would never send out generic emails asking clients to log in and update personal information.


The link is obviously bogus. It's not PayPal.
The link is obviously bogus. It's not PayPal.

In the above image we hovered our mouse over the link provided in the email. Our email client. Outlook, revealed the actual value of the link, which is obviously not a link to a PayPal web site. Needless to say, but we will say it anyway, never click on a link in an email. If you suspect that the email is legitimate, simply open your browser and type in PayPal.com, or any other legitimate web site. Don't depend on the email to provide you with a valid link.

Interestingly enough, the domain listed above appears to be legitimate, although it is in Lithuania, which is probably not where PayPal houses its' web servers. The company behind the domain seems to be a 'real' CNC (Computer Numerical Control) company. Undoubtedly the site has been hacked and the company is in no way involved with in a scam to obtain personal information from PayPal customers.

Hackers often secret a little code on a legitimate web site. Web hosting is not a trivial pastime. This code collects personal information from unsuspecting Internet users and relays that information via free email accounts. The process is virtually untraceable and certainly impenetrable to anyone without high-level computer security training.

Both links in the email point to the same unsavory location.

Note the reply-to address.
Note the reply-to address.

Bogus Reply-To Address

Clicking "Reply" on an email will cause the email client software to analyze the original message and pick out the "Reply To" email address stored there. Most sender take care to use a reply-to address that is somewhat related to the domain of the sender, but this particular message comes complete with an obviously deceptive reply-to address. The address is "noreply@netlogmail.com", which is not related to PayPal in any way. The domain, netlogmail.com, entered into a browser, redirects to netlog.com, which is an online social community. Those good folks obviously have nothing to do with this scam. They are merely another ancillary victim of this devious email scam.

The message came from the UK

So far, our devious spam purports to be from PayPal, links to a site in Lithuania, and gives a reply-to address for a social networking site.

The message came from a server in the United Kingdom. It originated on a server with the IP address 92.48.121.159, which belongs to "PoundHost Internet Services" in Berkshire. Undoubtedly, no one at PoundHost is in any way involved with this scam. They provide web hosting and Internet access services: one of their customers was either hacked or infected with a malware program that initiated the email.

What can you do about it.

You can't do much.

The computer that initiated the email has probably been shut down by their service provider. Most spam outbreaks are throttled rather quickly, but unfortunately there are virtually infinite numbers of insufficiently protected systems just waiting to be attacked.

Whatever you do, don't click on the links. We didn't. Although the links pointed to a European server owned by a manufacturing company, the pages that pop up may well appear shockingly similar to legitimate PayPal pages. They may also attack your computer and turn it into a spamming zombie that sucks the lifeblood from your bandwidth until your service provider pulls the plug on you.

More by this Author


Comments 10 comments

Robwrite profile image

Robwrite 5 years ago from Bay Ridge Brooklyn NY

I've gotten this message several times in the last few weeks. I just delete it. I wish these people would just get a job.


nicomp profile image

nicomp 5 years ago from Ohio, USA Author

@Robwrite : I think that is their job!


drbj profile image

drbj 5 years ago from south Florida

Yes, as Nicomp suggests, by all means do not click on links of such spammers. They will then have to stand in line to get their unemployment benefits - just like everyone else.


Austinstar profile image

Austinstar 5 years ago from Somewhere in the universe

As long as people keep clicking on these spam emails, they will keep sending them out. It's not as bad as it once was, but it's still bad. We used to get over a thousand spams a day, now less than 500. Some day it will go away.


Stigma31 profile image

Stigma31 5 years ago from Kingston, ON

Spammers are predators, and they wouldn't be doing it if it wasn't profitable, so thanks for relaying the information. Hopefully it will help some people out. 500 spams a day, wow, I get maybe 3???


psychicdog.net profile image

psychicdog.net 5 years ago

Keep in mind that the Internet is a dangerous place - that jarred with me. I believe it's actually the fact it is so hard to comprehend and unscrupulous people take advantage of that. To get your head around a lot of what developers and programmers can comprehend quite easily most people struggle with. And it isn't even easy to explain how to stay safe which can complicate things. The most important thing I've found is to keep virus and software that protects your computer updated.


Fossillady profile image

Fossillady 5 years ago from Saugatuck Michigan

Thank you for the heads up!


hhelen profile image

hhelen 5 years ago

Wow, thanks for this post. One has to be very alert not to be caught out by this scammer.


Kindacrazy profile image

Kindacrazy 5 years ago from Tennessee

Oh, nicomp, when I saw this title, I was expecting you to write on the CANNED spam........


Shyron E Shenko profile image

Shyron E Shenko 4 years ago

Thanks, good information.

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working