PayPal Scam: Your account has been limited.

I’ve mentioned phishing scams before, in a number of places. This email arrived yesterday,

phishing

Note the red flags on this one:

  1. A sender’s address that is not “Paypal.com”
  2. Poor formatting
  3. Incomplete text

The attachment they mention gives you this:

Phishing2

If you are foolish enough to provide this information, it will be sent not to PayPal but to http://162.213.154.42/~oilreol/service.php:

NetRange 162.213.152.0 – 162.213.155.255
CIDR 162.213.152.0/22
NetName FUC-US-2001
NetHandle NET-162-213-152-0-1
Parent NET162 (NET-162-0-0-0-0)
NetType Direct Allocation
OriginAS AS26272
Organization FortaTrust USA Corporation (FUC-9)
RegDate 2013-06-10
Updated 2013-12-17
Ref http://whois.arin.net/rest/net/NET-162-213-152-0-1
OrgName FortaTrust USA Corporation
OrgId FUC-9
Address 3701 NW 82 Ave.
City Doral
StateProv FL
PostalCode 33166
Country US
RegDate 2012-03-08
Updated 2014-07-02
Ref http://whois.arin.net/rest/org/FUC-9
OrgAbuseHandle IPADM602-ARIN
OrgAbuseName IP Admin
OrgAbusePhone +1-305-898-0033
OrgAbuseEmail ipadmin@fortatrust.com
OrgAbuseRef http://whois.arin.net/rest/poc/IPADM602-ARIN
OrgNOCHandle IPADM602-ARIN
OrgNOCName IP Admin
OrgNOCPhone +1-305-898-0033
OrgNOCEmail ipadmin@fortatrust.com
OrgNOCRef http://whois.arin.net/rest/poc/IPADM602-ARIN
OrgTechHandle IPADM602-ARIN
OrgTechName IP Admin
OrgTechPhone +1-305-898-0033
OrgTechEmail ipadmin@fortatrust.com
OrgTechRef http://whois.arin.net/rest/poc/IPADM602-ARIN

This information does not mean that FortaTrust itself is necessarily behind the phishing attempt, but someone could be using their servers in spurious ways.

Whatever the case, be careful out there. PayPal and other legitimate financial institutions will never ask you for sensitive financial data by email.

The Old Wolf has spoken.

Advertisements

3 responses to “PayPal Scam: Your account has been limited.

  1. Gmail cautioned me that the message I got pointing me to this post might be a scam. I had to assure it that I know you personally. Then it let me click on the link. 😀

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s