Paypal Scams

by john on June 12, 2003

Get home after being gone for the week and what do I find? A couple of new Paypal scams in my inbox.


This first one came as an HTML form, with the form processed by A whois search reveals an Administrative contact of, I guess you have to give him some credit for putting Paypal somewhere in there. The Technical contact seems like a genuine hosting business and I’ve sent them a complaint email.

The email spoofs but the email header shows the email coming from Received: from ([]), which appears to be a cable modem user in New Jersey. Figures.


The second one took a couple of different tactics. Rather than being a form it was an HTML email with a link to another site. The URL for the link is Some users may glance at that quickly and see the at the beginning and think everything is OK but a closer look would show them you are actually being sent to Not positive, but I doubt that’s where you have your money. At least their whois record looks a bit more professional than the other scam.

This one spoofed with the header showing Received: from ([](untrusted sender)). As you can see they did a little better spoof actually trying to show the from as coming from paypal, but again it would appear to be from a cable modem user, this time in California.

Both scams rely on screens that look authentic and could easily fool less sophisticated users into revealing their paypal account names and passwords.

Be careful out there.


Mary McGeever October 22, 2003 at 10:18 am

I’m a producer with WCBS-TV in NY working on a story about PayPal. I’m trying to find some people in the NYC area who have had problems with the service…any suggestions. Thank you, Mary

none July 31, 2005 at 10:57 am

Notification of Limited Account Access – Security Measures ?

Can anyone explain e-mails with the subject of:
“Notification of Limited Account Access – Security Measures ”

and links going to:

Is this what this blog is talking about in regards to spoof e-mails ?


OrgName: Vortech Inc.
Address: 106 S. Semoran Blvd.
City: Orlando
StateProv: FL
PostalCode: 32807
Country: US

NetRange: –
NetHandle: NET-216-81-64-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation

Previous post:

Next post: