Credit card fraud or hello from “Papal”

Credit Card Fraud

Credit Card Fraud

Everyone met with spam emails. Everyone knows what to do with such noisy kind of mail – recycle bin is the right place for such messages. But some messages we read from time to time. And some of those dangerous messages we can accidentally trust.
My friends, I wish to pay your attention one more time. Again. Do not trust to emails which asks you send somewhere your passwords, credit card numbers, etc. Do not trust them, even if they looking very similar to messages you could receive from well known services.

I received such message this morning and want to show it to you. Just in order you know, how it could be masks.


Look to the image below. Text seems reasonable and legal. Even name from where this email was sent looks as service@paypal.com and it seems that it belong to PayPal from the first glance.

NO! 1000 times NO!

Message from papal@service.com

Message from papal@service.com


Be careful and very attentive. Look thoroughly to not the name, but to real email address (I underlined it with red color line) – it does not bellong to paypal.com domain. It is not even named as ‘paypal’. Just ‘papal’. It is one of the strong arguments why I made this post: ‘papal’ in Russian is very similar to looser, some kind of ‘robbed’ :). It is a large irony. They tries fraud us and send us messages from such kind of faked email addresses. If you follow the instructions in this email and open HTML/JavaScript form, attached to this message, you will see:
Fraud restore your PayPal account form

Fraud restore your PayPal account form


Thefts boldly requires from you to send them your credit card number and PIN :). “Send securely”, – they offer. And even opens real PayPal help snippets from two links. But look inside theirs HTML. Where you probably intended to send so critical data? Will it be secure? I say again:

NO! 1000 times NO!

Just look where this form submits data from user input:
action="http://www.rfid-asia.info/cms/config/w.php"
Is it PayPal? IT IS NOT. They even not use secure HTTPS protocol. That’s it.

Finaly, there is no any solid company which could ask you send them your passwords or credit card number and PIN by email or using insecure connection and unknown domain. If you receive such request – it is a try to cheat you. Do not be a victim of fraud. Always win! 🙂

Did you see other tries of cheating, fraud in your mailbox?

Tags: ,