Temporarily Suspended Your Account

27th July 2015 | By admin

Date: Jul 23, 2015 11:52:43 AM

From:“PayPal.com” <intl@lapyap.com>

To: *undisclosed recipients

Reply To: “PayPal.com” <intl@lapyap.com>

Subject: As a result we have temporarily suspended your account.

 

We have been given reason to believe that there maybe some question as to the authenticity of the information that you have uploaded to PayPal.com, or that you do not have permission/rights to modify them.

As a result we have temporarily suspended your account. You will note that our Terms of Use about your details or personal informations for to remove question that this action will be taken. You accepted these terms when you registered.

So that you may continue to enjoy the benefits that PayPal.com provides, would you be so kind as to confirm the following items via:

1. Download the attached document and open it in a secure browser.

2. Follow the verification process and give us your correct information.

The purpose of this verification is to confirm that you are the person who registered the account.

Accordingly the details you send must be correct, so that we can identify you.

Unfortunately we will not enter in to any further correspondence regarding the suspension of your profile until these items have been received and subsequent verification has taken place. It is regrettable that we have been given cause to take this action but will hope that you will agree that the success of the site and it’s advertisers is dependent on the authenticity of it’s advertisers.

Please DO NOT REPLY to this email as they will not be read. Please consult the Knowledge Base for further information.

With kind regards

The PayPal.com Team

The Attachment

This phishing email includes a attachment which is a html file. Upon opening the html file in an internet browser it opens a page which is replicated version of paypal’s website. The page asks for personal information and information about victim’s credit card credentials.

 

PayPal

Overall Analysis

This email is a phishing attack targeting paypal users. The email tells the victim that he/she has a problem with the paypal account and tells them to verify their information through the attachment that they send. The attachment collects the victims personal information, paypal password and credit card credentials and sends them to the attackers. The information collected is sent to a php service located at http://narathiwat.nfe.go.th/htaccess.php.

Analysis of the Link

Domain: NFE.GO.TH
Registrar: T.H.NIC Co., Ltd.
Name Server: NS.JI-NET.COM
Name Server: NS2.JI-NET.COM
Status: ACTIVE
Updated date: 5 Feb 2015
Created date: 5 Nov 2007
Renew date: 17 Jan 2015
Exp date: 16 Jan 2016
Domain Holder: Nonformal Education Department
Ministry of Education, Rajadamneon Ave. Dusit, Bangkok
10300
TH

Tech Contact: 44731
Jasmine Internet Co., Ltd.
200 Moo 4, Chaengwatana Rd.,Pakkred, Nonthaburi
11120
TH

The website is located in Thailand and has no relation with paypal. And this is the main page of the domain that the information is sent to.

phishing attack

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *
Be Sociable, Share!

Tags:

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>