TOKYO (MacHouse) – An organized cyber criminal group circulated a spam message worldwide to scam PayPal users randomly. The title of the message is PayPal Member Notification. The spam message goes
PayPal is constantly working to ensure security by screening accounts daily in our system. We recently reviewed your account, and we need you to verify information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited or terminated. We would like to restore your access as soon as possible, and we apologize for the inconvenience.
Why is my account access limited?
Your account access has been limited for the following reason(s):
August 20, 2008: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have placed limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
(See Screenshot 01.) Yeah, whatever, huh!? The link underlying Click here to Remove Account Limitations is http://62.14.230.86/netalerter/19483.paypal.com/
webscr_cmd_login-run.php?%3C-*-%3Eun8]Hm6i%20zd[S0,sz%3C-*-%3E. (A continuous URL is divided into two lines) Clicking on it, the mail recipient is forwarded to a PayPal phishing website.
 Screenshot 01 – Source: MacHouse |
 Screenshot 02 – Source: 62.14.230.86 |
Our preliminary analysis shows that the phishing website is hosted in Spain. Furthermore, the phishing message seems to originate from China. We will have a detailed report in several hours.
Click on the button to watch a short documentation video. 
Click on the button to watch more documentation videos.
