I’ve mentioned phishing scams before, in a number of places. This email arrived yesterday,
Note the red flags on this one:
- A sender’s address that is not “Paypal.com”
- Poor formatting
- Incomplete text
The attachment they mention gives you this:
If you are foolish enough to provide this information, it will be sent not to PayPal but to http://18.104.22.168/~oilreol/service.php:
NetRange 22.214.171.124 – 126.96.36.199 CIDR 188.8.131.52/22 NetName FUC-US-2001 NetHandle NET-162-213-152-0-1 Parent NET162 (NET-162-0-0-0-0) NetType Direct Allocation OriginAS AS26272 Organization FortaTrust USA Corporation (FUC-9) RegDate 2013-06-10 Updated 2013-12-17 Ref http://whois.arin.net/rest/net/NET-162-213-152-0-1 OrgName FortaTrust USA Corporation OrgId FUC-9 Address 3701 NW 82 Ave. City Doral StateProv FL PostalCode 33166 Country US RegDate 2012-03-08 Updated 2014-07-02 Ref http://whois.arin.net/rest/org/FUC-9 OrgAbuseHandle IPADM602-ARIN OrgAbuseName IP Admin OrgAbusePhone +1-305-898-0033 OrgAbuseEmail email@example.com OrgAbuseRef http://whois.arin.net/rest/poc/IPADM602-ARIN OrgNOCHandle IPADM602-ARIN OrgNOCName IP Admin OrgNOCPhone +1-305-898-0033 OrgNOCEmail firstname.lastname@example.org OrgNOCRef http://whois.arin.net/rest/poc/IPADM602-ARIN OrgTechHandle IPADM602-ARIN OrgTechName IP Admin OrgTechPhone +1-305-898-0033 OrgTechEmail email@example.com OrgTechRef http://whois.arin.net/rest/poc/IPADM602-ARIN
This information does not mean that FortaTrust itself is necessarily behind the phishing attempt, but someone could be using their servers in spurious ways.
Whatever the case, be careful out there. PayPal and other legitimate financial institutions will never ask you for sensitive financial data by email.
The Old Wolf has spoken.