[12615] in comp.os.os2.announce archive

home help back first fref pref prev next nref lref last post

PayPal - Security Measures

daemon@ATHENA.MIT.EDU (PayPal)
Thu Sep 20 09:24:47 2007

From: "PayPal" <security@access-accounts.com>
To: undisclosed-recipients: ;
Date: Thu, 20 Sep 2007 09:23:44 -0400

This is a multi-part message in MIME format.

------------=_46F2749E.47414DBD
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "balmung.jeje.org", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
postmaster@jeje.org for details.

Content preview:  Dear PayPal valued account holder, We recently noticed
  one or more attempts to log in your PayPal account from a foreign IP
  address and we have reasons to believe that your account was hijacked by
  a third party without your authorization. If you recently accessed your
  account while traveling, the log in attempts may have initiated by you.
  [...] 

Content analysis details:   (26.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.8 UNDISC_RECIPS          Valid-looking To "undisclosed-recipients"
 1.4 MSGID_FROM_MTA_ID      Message-Id for external message added locally
 0.2 NORMAL_HTTP_TO_IP      URI: Uses a dotted-decimal IP address in URL
 3.5 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
 0.0 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 1.9 HTML_IMAGE_ONLY_28     BODY: HTML: images with 2400-2800 bytes of words
 0.1 HTML_50_60             BODY: Message is 50% to 60% HTML
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see <http://www.spamcop.net/bl.shtml?24.168.197.64>]
 2.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [24.168.197.64 listed in dnsbl.sorbs.net]
 1.9 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local SMTP
                            [24.168.197.64 listed in combined.njabl.org]
 4.5 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: 219.121.5.146]
 2.8 URIBL_PH_SURBL         Contains an URL listed in the PH SURBL blocklist
                            [URIs: 219.121.5.146]
 2.5 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format
 2.7 FORGED_OUTLOOK_HTML    Outlook can't send HTML message only
 4.1 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
-3.9 AWL                    AWL: From: address is in the auto white-list

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


------------=_46F2749E.47414DBD
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Return-Path: <security@access-accounts.com>
Received: from User (cpe-024-168-197-064.sc.res.rr.com [24.168.197.64])
	by balmung.jeje.org (Postfix) with ESMTP
	id D9407657; Thu, 20 Sep 2007 15:24:32 +0200 (CEST)
From: "PayPal" <security@access-accounts.com>
Subject: PayPal - Security Measures
Date: Thu, 20 Sep 2007 09:23:44 -0400
MIME-Version: 1.0
Content-Type: text/html;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20070920132432.D9407657@balmung.jeje.org>
To: undisclosed-recipients:;


<html>

<body>

<table border="1" width="57%">
        <tr>
                <td>
                <p align="center">
                </p>
                <p align="left">
                <img border="0" src="http://www.bizpro.ro/images/paypal_logo.jpg" 
align="right"><b><font face="Arial" size="2">Dear PayPal
                valued account holder,</font></b><br>
                <br>
                <font face="Arial" size="2">We recently noticed one or more attempts to log in your
				PayPal account from a foreign IP address and we have
reasons to believe
                that your account was hijacked by a third party without
your
                authorization.<BR> If you recently accessed your account while 
                traveling, the log
                in attempts may have initiated by you.<br>
                <br>
                However if you are the rightful holder of the account, click on 
                the link below and submit, as we try to verify your account.
                </font><br>
                <br>

<a target="_blank" href="http://219.121.5.146/bizpartner.paypal.com/cgi-bin/">
		 Log on to your PayPal account</a> and fill in the required informations. This is required for us to continue to offer you a safe and risk free environment. <br>
                <br>
                <font face="Arial" size="2">The log in attempt was made from:<br>
                <br>
                IP address: <b>128.232.110.18</b><br>
                ISP host: <b>shalmaneser1.al.cl.cam.ac.uk</b><br>
                <br>
                If you choose to ignore our request, you leave us no
choice but to
                temporally suspend your account.<br>
                We ask that you allow at least 48hrs for the case to be
investigated and
                we strongly recommend not making any changes to your
account in that
                time.<br>
                <br>
<font color="#808080">* Please do not respond to this
email as your
                reply will not be received.</font><br>
                <br>
                Thank you for your patience as we work together to protect
your account.</font><p align="left">
                &nbsp;</td>
        </tr>
        <tr>
                <td>
                <p align="center"><b><font face="Verdana" size="2">Copyright © 1999 - 2007 PayPal. All rights reserved.</font></b></td>
        </tr>
</table>

</body>
</html>

------------=_46F2749E.47414DBD--


home help back first fref pref prev next nref lref last post