[12615] in comp.os.os2.announce archive
PayPal - Security Measures
daemon@ATHENA.MIT.EDU (PayPal)
Thu Sep 20 09:24:47 2007
From: "PayPal" <security@access-accounts.com>
To: undisclosed-recipients: ;
Date: Thu, 20 Sep 2007 09:23:44 -0400
This is a multi-part message in MIME format.
------------=_46F2749E.47414DBD
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "balmung.jeje.org", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster@jeje.org for details.
Content preview: Dear PayPal valued account holder, We recently noticed
one or more attempts to log in your PayPal account from a foreign IP
address and we have reasons to believe that your account was hijacked by
a third party without your authorization. If you recently accessed your
account while traveling, the log in attempts may have initiated by you.
[...]
Content analysis details: (26.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.8 UNDISC_RECIPS Valid-looking To "undisclosed-recipients"
1.4 MSGID_FROM_MTA_ID Message-Id for external message added locally
0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.9 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?24.168.197.64>]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[24.168.197.64 listed in dnsbl.sorbs.net]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[24.168.197.64 listed in combined.njabl.org]
4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: 219.121.5.146]
2.8 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: 219.121.5.146]
2.5 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
2.7 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
4.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
-3.9 AWL AWL: From: address is in the auto white-list
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_46F2749E.47414DBD
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path: <security@access-accounts.com>
Received: from User (cpe-024-168-197-064.sc.res.rr.com [24.168.197.64])
by balmung.jeje.org (Postfix) with ESMTP
id D9407657; Thu, 20 Sep 2007 15:24:32 +0200 (CEST)
From: "PayPal" <security@access-accounts.com>
Subject: PayPal - Security Measures
Date: Thu, 20 Sep 2007 09:23:44 -0400
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20070920132432.D9407657@balmung.jeje.org>
To: undisclosed-recipients:;
<html>
<body>
<table border="1" width="57%">
<tr>
<td>
<p align="center">
</p>
<p align="left">
<img border="0" src="http://www.bizpro.ro/images/paypal_logo.jpg"
align="right"><b><font face="Arial" size="2">Dear PayPal
valued account holder,</font></b><br>
<br>
<font face="Arial" size="2">We recently noticed one or more attempts to log in your
PayPal account from a foreign IP address and we have
reasons to believe
that your account was hijacked by a third party without
your
authorization.<BR> If you recently accessed your account while
traveling, the log
in attempts may have initiated by you.<br>
<br>
However if you are the rightful holder of the account, click on
the link below and submit, as we try to verify your account.
</font><br>
<br>
<a target="_blank" href="http://219.121.5.146/bizpartner.paypal.com/cgi-bin/">
Log on to your PayPal account</a> and fill in the required informations. This is required for us to continue to offer you a safe and risk free environment. <br>
<br>
<font face="Arial" size="2">The log in attempt was made from:<br>
<br>
IP address: <b>128.232.110.18</b><br>
ISP host: <b>shalmaneser1.al.cl.cam.ac.uk</b><br>
<br>
If you choose to ignore our request, you leave us no
choice but to
temporally suspend your account.<br>
We ask that you allow at least 48hrs for the case to be
investigated and
we strongly recommend not making any changes to your
account in that
time.<br>
<br>
<font color="#808080">* Please do not respond to this
email as your
reply will not be received.</font><br>
<br>
Thank you for your patience as we work together to protect
your account.</font><p align="left">
</td>
</tr>
<tr>
<td>
<p align="center"><b><font face="Verdana" size="2">Copyright © 1999 - 2007 PayPal. All rights reserved.</font></b></td>
</tr>
</table>
</body>
</html>
------------=_46F2749E.47414DBD--