First of all remember, on what email you PayPal account is registered and look, on what email you got this message. Other one? Do not worry about it. Investigate it together with me, just for pleasure, and delete. 2nd, thing we should always check from what email such message was sent. My email client shows ‘PayPal <email@example.com>’. Is it from paypal.com domain? No. Delete this message.
Some more advanced scammers could put valid email into visible part of email header – “From” field, but we always can check real email from which this message was sent, look into “Received” field value. In ‘Thunderbird’ I click ‘View->Message Source’ and see real information about it:
Delivery-Date: Fri, 02 Dec 2011 17:20:39 -0500
Received: from vps.switchandsave.com (vps.switchandsave.com [220.127.116.11])
by mx.perfora.net (node=mxus2) with ESMTP (Nemesis)
id 0LgZuH-1R2oXy08N3-00oXs3 for …@shinephp.com; Fri, 02 Dec 2011 17:20:39 -0500
Received: from 187-28-24-111.poolip.sdr.embratel.net.br ([18.104.22.168] helo=User)
by vps.switchandsave.com with esmtpa (Exim 4.69)
id 1RWbRn-0006tW-Pf; Fri, 02 Dec 2011 14:19:12 -0800
Subject: Notification of limited account access
Date: Fri, 2 Dec 2011 19:23:42 -0300
Again, if e-mail address from there you got the message is not valid email address of your trusted service provider, PayPal in this case (PayPal always send email from paypal.com domain), this is a phishing message, move it to the spam box.
Let’s return to this phishing message itself.
1st, this email is scam as it isn’t started from your name – PayPal begin all its messages from your first and sure name in greetings row.
2nd, and really dangerous for trusting and not experienced in Internet security newbies the following link to PayPal site
which really leads to
http://hosthost.biz/wmwith automatic redirection to
http://www.tiamopizza.ru/css/update/webscr.htm. This page is bad imitation of PayPal page.
I repeat, this scammer is a very lazy scammer. Only small left part with login and password input field works as web form, the largest part of page is just an image copy of real PayPal page. Compare two images (top – fake and below – real) and you will find critical differences easily. Quant and placing of links, etc.
So we see that 1st image is the image of dangerous phishing page for PayPal service. It’s purpose to catch victim’s PayPal login and password. After that scammer will take off his/her money in seconds.
Do not click on the links inside untrusted e-mail messages. Always check where such link lead before really go there. It is not necessary for you in the most cases, and more rarely could be really dangerous as you your computer could be infected by virus from such site. Browsers got information about dangerous sites show warning, like this
and like this
Internet Explorer shows warning from “Microsoft Smart Screen” service about dangerous sites too. But in case such site is not included into security databases yet it is better to be careful and do not rely much on smart browser software.
Very bad news is that owner of tiamopizza.ru site most probably doesn’t know about this issue, while open his page in Google Chrome or get message from some site visitor. Site was hacked.
Conclusion, dear Internet citizens, be careful, look where you input your critical data, where you send it. Do not eat dangerous Internet pizza from hacked sites as this one
If you are site owner, think about your site security today in order do not become victim of phishing scammer as tiamopizza.ru mentioned higher. It will be needed a lot of time before this site could restore its reputation, lost traffic and clients base.
If you wish to know more about Internet phishing and how defend yourself form it, visit this links: