Here's the source of the e-mail - in plain text so you can see it. I'll put line breaks and ########### signs to call your attention to the important stuff... #################################################### These are the mail headers-- Of course, they doctored the "from" line and the subject line is: Your PayPal account is limited but if you look closely at the "received" line, you can see that this mail went through a Spanish "es" relay PayPal wouldn't be sending through a spanish relay - there's a clue for you. Return-path: <880014q9@waid.com> Envelope-to: (my e-mail address) Delivery-date: Wed, 05 Mar 2003 12:42:12 -0500 Received: from 217-126-232-228.uc.nombres.ttd.es ([217.126.232.228] helo=217.126.232.228) by kai.katai.org with smtp (Exim 3.36 #1) id 18qcuW-0002sG-00 for (my e-mail address) ; Wed, 05 Mar 2003 12:42:11 -0500 Date: Wed, 05 Mar 2003 13:53:35 -0600 #### From: info@paypal.com ##### To:(my e-mail address) ##### Subject: Your PayPal account is Limited. ##### Mime-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit X-Mailer: Internet Mail Service (5.5.2653.19) ##################################################### Message-ID: 235574@paypal.com --- they even gave a fake message ID ##################################################### NEXT IS THE BODY OF THE MAIL THIS IS JUST SETTING THE STYLE - but it's not, really, because the mail uses XML ########################################################
################################################ NOW WE"RE BACK TO IMPORTANT STUFF ################################################![]() |
![]() |
Dear PayPal Customer |
############################################################################# Everything above this line sets up the tables and makes it look like it's really from Paypal. Below the line is the only true and easy to spot proof that if you answer this mail, your info will not be going to paypal. Because the source is formatted in such a way as to scroll off the right hand side of your page, unless you are specifically looking for it, you won't see the form submit that sends your information to a Russian server. Right now, move the little bar at the bottom of your screen to the right, look down and you'll see what I'm talking about. Yes, right now. ############################################################################ PayPal is currently performing regular maintenance of our security measures. Your account has been randomly selected for this maintenance, and placed on Limited Access status. Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause. To restore your account to its regular status, you must confirm your email address by logging in to your PayPal account using the form below: |
#############################
|
Thanks for using PayPal! |
![]() |
This PayPal notification
was sent to your mailbox.
Your PayPal account is set up to receive the
PayPal Periodical newsletter
and product updates when you create your
account. To modify your notification
preferences and unsubscribe, go to https://www.paypal.com/PREFS-NOTI
and log in to your account. Changes to your
preferences may take several
days to be reflected in our mailings. Replies to
this email will not be
processed. If you previously asked to be excluded from Providian product offerings and solicitations, they apologize for this e-mail. Every effort was made to ensure that you were excluded from this e-mail. If you do not wish to receive promotional e-mail from Providian, go to http://removeme.providian.com/. Copyright© 2002 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. |