Fake PayPal email

Now that you have a PayPal account, you should be wary of emails you receive supposedly from PayPal. Although the email might have a header and logo similar to that of PayPal, most of these are actually phishing mails intent on stealing your personal information.

More information about phishing, how to check if an email is fake, and ways to protect yourself from phishing can be found in the What is Phishing? article. A sample phishing website is explained in the “Beware of the fake egold website!” article.

Yesterday we received an email purportedly from PayPal asking us to login to the site to update our personal records. Failure to do so, the email says, will result in account suspension. Here’s a screenshot of the email.

At first glance, it looks like an authentic PayPal email. A closer analysis of the entire content, however, will lead you to believe this is a fake email. Let’s go through the contents in detail.

The Email Header

If you didn’t pay much attention to the header, you would think the email was indeed from PayPal. In the first place, the sender of the mail was “service@paypal.com” — supposedly an official PayPal address.

Date: 30 Oct 2006 16:09:34 -0000
Subject: Warning Notification !
From: service@paypal.com

Advances in technology, however, have given mail senders the ability to change the header of an email. Although the mail was sent by “service@paypal.com,” the actual sender was different. To see who sent the mail and from where it was sent, check the email’s full headers. Our email in question has these full headers:

X-Apparently-To: xxxxx@yahoo.com via 66.218.93.230; Mon, 30 Oct 2006 10:38:46 -0800
X-Originating-IP: [69.26.175.108]
Return-Path: <anonymous@vhost.onestop.net>
Authentication-Results: mta241.mail.mud.yahoo.com from=paypal.com; domainkeys=neutral (no sig)
Received: from 69.26.175.108 (HELO vhost.onestop.net) (69.26.175.108) by mta241.mail.mud.yahoo.com with SMTP; Mon, 30 Oct 2006 10:38:46 -0800
Received: (qmail 64089 invoked by uid 65534); 30 Oct 2006 16:09:34 -0000
Date: 30 Oct 2006 16:09:34 -0000
Message-ID: <20061030160934.64088.qmail@vhost.onestop.net>
To: xxxxx@yahoo.com
Subject: Warning Notification !
From:service@paypal.com
Reply-to:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Content-Length: 1827

Note the message ID, domain keys, sender’s IP and mail server and compare these with the headers of an authentic PayPal email:

X-Gmail-Received: e3648473ad76129564fb58bfcdf8607df9661f7c
Delivered-To: xxxxx@gmail.com
Received: by 10.82.162.9 with SMTP id k9cs34780bue;
Tue, 31 Oct 2006 09:59:51 -0800 (PST)
Received: by 10.78.128.11 with SMTP id a11mr7196313hud;
Tue, 31 Oct 2006 09:59:51 -0800 (PST)
Return-Path: <payment@paypal.com>
Received: from mx1.phx.paypal.com (mx1.phx.paypal.com [66.211.168.231])
by mx.google.com with ESMTP id 30si7241523hub.2006.10.31.09.59.49;
Tue, 31 Oct 2006 09:59:51 -0800 (PST)
Received-SPF: pass (google.com: domain of payment@paypal.com designates 66.211.168.231 as permitted sender)
DomainKey-Status: good (test mode)
Received: from phx22web06.phx.paypal.com ([10.190.3.65])
by mx1.phx.paypal.com (8.13.7/8.13.7) with SMTP id k9VHxmQQ009397
for <futuregizmo@gmail.com>; Tue, 31 Oct 2006 09:59:48 -0800
X-DomainKeys: Sendmail DomainKeys Filter v0.4.1 mx1.phx.paypal.com k9VHxmQQ009397
DomainKey-Signature: a=rsa-sha1; s=dkim; d=paypal.com; c=simple; q=dns;
b=djHkqQ3G0SBcInbasEfcnysOosmZs2BFgprBglyhUY06Xxi92G9tBrAWXT61fQK97
BqzuD678UhG3jSt1KcaVbNqvVTxUC37FAF7p/lxUeq3ceXCGS/uh8nNSIuHjlPJbt9Q
lGdb++neV/DZ5Uf2wne+WgIXyuQsARLvXpJ9Xlk=
X-DKIM: Sendmail DKIM Filter v0.5.1 mx1.phx.paypal.com k9VHxmQQ009397
DKIM-Signature: a=rsa-sha1; c=simple/simple; d=paypal.com; s=dkim;
t=1162317588; bh=itgF7PyvQkUyZa4tpiPKD1MSl1E=; h=Received:Date:
Message-Id:Subject:X-MaxCode-Template:To:From:X-Email-Type-Id:
X-XPT-XSL-Name:Content-Transfer-Encoding:Content-Type:MIME-Version:
Sender; b=MMkZrnvaGEjSDxMgDfqirGRzsMaBBCi1dB4DEtzkA/wec6hnewcyHjZ5F
nAKBdaftKXA9/dFtQGKAeSyAKwVSeTtydSTPOCcEMiIvdsCpkBt5voENlNz+De2j57H
IPHhrnQcP1Mch4zYzo2pmmjLTOEfgPAclmLvkNxWSKk1SIk=
Received: (qmail 9317 invoked by uid 99); 31 Oct 2006 17:59:48 -0000
Date: Tue, 31 Oct 2006 09:59:48 -0800
Message-Id: <1162317588.9317@paypal.com>
Subject: Receipt for your Money Request
X-MaxCode-Template: email-receipt-individual-money-request
To: <xxxxx@gmail.com>
From: “service@intl.paypal.com” <service@intl.paypal.com>
X-Email-Type-Id: PP117
X-XPT-XSL-Name: /default/en_US/request/ReceiptIndividualMoneyRequest.xsl
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=windows-1252
MIME-Version: 1.0
Sender: <sendmail@paypal.com>

The email in question was sent through IP address 69.26.175.108 while the original PayPal email was sent from the IP address 66.211.168.231. Looking up the WHOIS record of the first IP address, we get the following, a confirmation that the mail did not originate from any of PayPal’s servers.

Net Sentry Corp NETSENTRY (NET-69-26-160-0-1)
69.26.160.0 – 69.26.191.255
xeex NETSENTRY-XEEX-01 (NET-69-26-172-0-1)
69.26.172.0 – 69.26.175.255
Your OneStop Network, Inc. YOUR-ONESTOP-NETWORK (NET-69-26-175-0-1)
69.26.175.0 – 69.26.175.255

The second IP address has the following WHOIS record, and shows that the mail was in fact from a server of eBay, mother company of PayPal.

OrgName: eBay, Inc
OrgID: EBAY
Address: 2145 Hamilton Ave
City: San Jose
StateProv: CA
PostalCode: 95008
Country: US

NetRange: 66.211.160.0 – 66.211.191.255
CIDR: 66.211.160.0/19
NetName: EBAY-2
NetHandle: NET-66-211-160-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Assignment
NameServer: SJC-DNS1.EBAYDNS.COM
NameServer: SJC-DNS2.EBAYDNS.COM
NameServer: SMF-DNS1.EBAYDNS.COM
NameServer: SMF-DNS2.EBAYDNS.COM
Comment:
RegDate: 2006-01-25
Updated: 2006-01-25

The Logo

Don’t be fooled by the logo used in the email. It was simply grabbed from PayPal’s site (URL: and intentionally used to deceive recipients that the email was an official PayPal correspondence.

The Welcome Greeting

All PayPal emails start with a personalized greeting that mentions your PayPal’s account name. The email in question used the generic “Dear sir” greeting, a sign that this email was sent in bulk.

The Login Link

The final giveaway that the email is in fact a fake PayPal email is the login link to your account. If you hover (rest) your cursor over the “Click here to update your PayPal account information” link, you will notice in the lower-left portion of the browser that the link redirects to — a link unrelated to PayPal. Visiting the site will lead you to an exact replica of the PayPal login page, but this is actually a phishing site.

THE SPOOF PAYPAL EMAIL

Warning Notification

Dear sir,

It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension. Please update your records before November 06, 2006.

Once you have updated your account records, your PayPal® account activity will not be interrupted and will continue as normal.

Click here to update your PayPal account information

Actual Link (DO NOT VISIT):

What you should do

We advise you not to visit that link and not to input any information in the login fields in the site. Forward the fake email to spoof@paypal.com to notify PayPal about these new PayPal phishing emails and sites. If you are using Gmail, you can report the mail as a phishing email by clicking More Options > Report Phishing.

You should never fully trust any email you receive supposedly from PayPal. Use the guide above to check whether the mail is indeed authentic or merely a fake, phishing email.

About the Author

PSEi support seen at 6,200 and 6,000 amid weaker Peso

In a not-so-surprising move, the U.S. Federal Reserve (Fed) yesterday raised interest rates by 75 basis points (bps) or 0.75% in a bid to tame rising inflation in the United States. This was the third consecutive 0.75% rate hike by the Fed, which brings the federal funds rate, the central bank’s benchmark interest rate, to ... Read more

Official SWIFT Code of BDO, BPI, Metrobank, Philippine banks

When sending cash remittances or wire transfer to a bank account in the Philippines (such as BDO, BPI, Metrobank, Landbank, DBP, etc.), you’ll surely need the SWIFT Code of the bank. Look no further because you can find all the SWIFT Codes you need in this list! Make sure you’re using the right bank code ... Read more
blank

How to Waive your Credit Card Annual Fee (BDO, BPI, Metrobank, RCBC, Citibank, UnionBank)

Without a doubt, one of the most annoying fees that credit cardholders have to pay is the annual fee. Majority of cardholders are familiar with this fee and majority of us likely pay this grudgingly year after year after year. In the case of my credit card with BPI (Bank of the Philippine Islands), I’m ... Read more
blank

Why Filipinos do not become business owners or entrepreneurs

For a majority of Filipinos, entrepreneurship does not seem to be a typical, expected path. This is not surprising, considering that in school, students are primarily taught to become employees after graduation. Students train for years to become staff workers, reporting to a supervisor, and just waiting to receive their wages or salaries every month. ... Read more
blank

My experience investing in Mutual Funds in the Philippines

I started investing in mutual funds when I was 22 years old. As an Overseas Filipino Worker (OFW) then, I was fortunate to be able to save some money at that young age because of my work abroad. One time while I was on vacation in the Philippines, I saw a large billboard in EDSA ... Read more
blank

Income Tax Tables in the Philippines (2022)

The Philippines’ new tax reform bill, known as TRAIN or Tax Reform for Acceleration and Inclusion, was signed into law on December 19, 2017 and its implementation began on January 1, 2018. What are the new income tax rates under the TRAIN law? How will TRAIN affect income taxes of individuals and corporations? How is the ... Read more
blank

PSE Stocks Performance under each Philippine President (1987-2021)

Did you know that Philippine stocks were able to achieve an astounding growth of 800% in a span of 30 years? From 1987 until 2018, the Philippine Stock Exchange index (PSEi) rose from 1,000 points to a peak of 9,000 points — generating a return of 800% over 30 years. (The PSEi is an index ... Read more
blank

SSL 2022: Salary Increases for Teachers, Nurses, Gov’t Employees

Good news to all government employees! There’s a new round of salary increases beginning January 1, 2022! Millions of employees of the Philippine government — including public school teachers, nurses and staff of government hospitals, and workers in local and national government agencies, etc. — will be getting an automatic salary adjustment this 2022 under ... Read more
blank

PSE Trading Hours in 2022: What time open, when closed?

Before you take the plunge into stock trading and investing, make sure you understand what stocks are and how the Philippine Stock Exchange (PSE) operates. Unlike other investments that are relatively safe, stock trading is risky and loss of money is a possibility. So before you deep dive into the exciting world of stock trading, ... Read more

Price Floor and Price Ceiling of PSE Stocks

Trading bands in the PSE come in two forms: Price Ceiling, or the upper price limit, and Price Floor, or the lower price limit.

13 thoughts on “Fake PayPal email”

    • how to know the IP address? which part that must i click on?

      I also get order from Anna Travis. I am curious since she used different facebook nickname. last time, i ignored her. Now, she inbox me again with different name. But I still remember the email. She asked me to send the request money from paypal to annatravis@hotmail.com. Then i search information about her.

      Thank you so much for the nice and beneficial article.

      Warm greeting 🙂
      Linot Queenza – Indonesia

      Reply
  1. Is this email I received real or a fake?

    Hello Candace Sparg,
    You have an instant payment of $610.00 USD from Sharon Rodney (sharonrodney32@yahoo.com)
    Thanks for using PayPal. To see all the transaction details, log in to your PayPal account.

    It may take a few hours for this transaction to appear in your account.

    ——————————————————————————–

    Seller Candace Sparg
    Candace.sparg@acerafrica.co.za

    Note to seller
    You have to provide to us the shipment tracking number so that your funds can reflect in your account as soon as possible.

    Shipping address – confirmed
    Adekunle Oluwaseun

    28 Olayinka street, Ijeshatedo
    Surulere
    Lagos,23401
    Nigeria.
    Shipping details
    POST OFFICE

    Description Unit price Qty Amount
    “Nokia 5230”
    Item #
    $610.00 USD

    1 $610.00 USD

    Shipping and handling

    $0.00 USD

    Insurance – required

    $0.00 USD

    Total

    $610.00 USD
    Payment

    $610.00 USD

    Payment sent to: Candace Sparg
    Candace.sparg@acerafrica.co.za

    Issues with this transaction?
    You have 45 days from the date of the transaction to open a dispute in the Security Center

    IMPORTANT NOTE: This PayPal® payment has been deducted from the buyer’s account and has been “APPROVED” but will not be credited to your account until the shipment reference/tracking number is sent to us for verification so as to secure both the buyer and the seller.Below are the necessary information requested before your account will be credited.Send tracking number to us or email us through this mail tracking_manager@accountant.com and our Customer security service center will attend to you. As soon as you send us the shipment’s tracking number to us for security purposes and the safety of the buyer and the seller,the money will be credited to your account.
    **PLEASE NOTE**
    Once item has been shipped and the tracking number sent to us,
    You will receive a “CONFIRMATION EMAIL” from PayPal® Team informing you that the Fund has been credited.

    Questions? mail our agent incharge of your transaction at tracking_manager@accountant.com or reply this mail for assistance.

    To receive email notifications in plain text instead of HTML, log in to your PayPal account, go to your Profile, and click Notifications.

    Copyright © 1999-2009 PayPal. All rights reserved.

    PayPal Email ID PP1525.

    Reply
    • I just received the exact same email and the person I have been dealing with on Facebook by the name of Anna Travis. I have a bad feeling about this when she sent me payment of US$1,335 with this same email instructions from Paypal asking me to provide the shipping tracking no. And it’s for the same address in Nigeria and email that you have.

      Reply
      • I was scammed by Anna Travis on facebook as well, with an address in Dundee, Scotland. She will pay u any amount, and u wonder why she’d be willing to pay that much. She has my camera and she did not pay a dime for it. I lost out on money for shipping and a good camera.

        1) She created fake paypal emails
        2) She used a onlinedeliverytrack@accountant.com email

        and after i confronted her about it. she said sorry. *awkward*

        So selling on facebook is not a good idea. and even when u deal with paypal. just make sure u get the money first. paypal wont withold any money or ask u for all kinds of details.

        be careful everyone! there are a lot of evil / greedy ppl in this world!

        Reply
  2. Excellent Article! I personally really like your post. This is a great website. I will make sure that I’d stop by again!

    Reply
  3. Collection of some of your personal information is essential for completion of some of the functions and activities of this Website. We will? if it is reasonable or practicable to do so? also collect your personal information directly from you. For instance? the collection of your personal information may happen when you????.

    Reply
  4. Thanks for ones marvelous posting! I genuinely enjoyed reading it, you
    can be a great author.I will always bookmark your blog and may come back sometime soon. I want to
    encourage one to continue your great job, have a nice afternoon!

    Reply
  5. Get Legit Hacked Western Union Transfers, Bank Transfers/Logins, MoneyGram Transfer, Hacked PayPal Transfers/Accounts, Credit Card TopUp….

    **** WE DO NOT SELL ANY FAKE WU BUG SOFTWARE, NO DUMB PAYPAL MONEY ADDERS, NO PAID TO CLICK, FOREX, HYIP.

    **** Live screen offer or video evidence of Accounts or Transfers before Payment is made!

    **** We bargain STRICTLY on Transfers and Logins.

    all exchanges are Legit and sponsored by Secure Dedicated Offshore servers.

    **** No charge Back or Trace Backs.

    We have MoneyBack and Reinbursement Policy with every minute of every day Support.

    visit http://undergroundfunds.ru

    Contact eMail _____ undergroundfunds (at) gmail.com

    Contact Skype _____ undergroundfunds

    Facebook _____

    Website _____ http://www.undergroundfunds.ru
    ,
    ICQ _____ 651395850

    Youtube _____ https://www.youtube.com/watch?v=SXn_XjycFqw

    Reply

Leave a Comment