help tracking fraudster
Dear PayPal user,
We recently reviewed your account, and suspect that your PayPal account may have been accessed by an unauthorized third party. Protecting the security of your account and of the PayPal network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to
sensitive PayPal account features. Click below in order to regain access to your account: https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
For more information about how to protect your account, please visit PayPal's Security Center, accessible via the "Security Center" link located
at the bottom of each page of the PayPal website.
We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire PayPal system. Thank you for your prompt attention to this matter.
Sincerely,
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the header of any page.
PayPal Email ID PP198
PayPal Email ID PP316
We recently reviewed your account, and suspect that your PayPal account may have been accessed by an unauthorized third party. Protecting the security of your account and of the PayPal network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to
sensitive PayPal account features. Click below in order to regain access to your account: https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
For more information about how to protect your account, please visit PayPal's Security Center, accessible via the "Security Center" link located
at the bottom of each page of the PayPal website.
We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire PayPal system. Thank you for your prompt attention to this matter.
Sincerely,
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the header of any page.
PayPal Email ID PP198
PayPal Email ID PP316
http://pvsllc.com/images/webscr.dll
Wonder how the phishing has been lately. A heads up to everyone. Not sure how they got my paypal address, but they didnt get my login/pass thats for sure.
Now..
Here are the headers: (my domain removed xxxxx)
From service@paypal.com Tue Feb 24 11:07:28 2004
Return-path: <service@paypal.com>
Envelope-to: billing@xxxxx.com
Delivery-date: Tue, 24 Feb 2004 11:07:28 -0500
Received: from [148.78.247.131] (helo=hestia.email.starband.net)
by smack.trouble-free.net with esmtp (Exim 4.24)
id 1Avf5k-0004jr-B1
for billing@xxxxx.com; Tue, 24 Feb 2004 11:07:28 -0500
Received: from 200.42.72.19 (200-42-72-19.cab.prima.net.ar [200.42.72.19])
(authenticated bits=0)
by hestia.email.starband.net (8.12.10/8.12.10) with ESMTP id i1OG5YIE031201
for <billing@xxxxx.com>; Tue, 24 Feb 2004 11:06:04 -0500
Message-Id: <200402241606.i1OG5YIE031201@hestia.email.starband.net>
From: "service@paypal.com" <service@paypal.com>
To: "Billing" <billing@xxxxx.com>
Subject: Notification of PayPal Limited Account Access
Date: Tue, 24 Feb 2004 17:06:23 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
Reply-To: "service@paypal.com" <service@paypal.com>
X-Mailer: Internet Mail Service
Content-Type: multipart/alternative; boundary="----_NextPart_141130815061573"
Status: R
So what does the astute sleuth do next?
Why are there two Received From: fields? One is from Starband, a satellite ISP provider, and the other is from a UK webhosting company.
PVS, LLC, the company who is graciously hosting the operation, is located in chicago. I ran a whois and dig on their domain, and it appears they are hosting it in-house.
So the question is - what should I do next? I sort of feel like sticking it to these idiots, if possible. Advice?
