Beware of PayPal Phishing Website Hosted at ESYU.COM.CN

Posted on February 22, 2009 by Administrator

anti spam






TOKYO (MacHouse) – More than 9 hours ago, an organized cyber criminal group circulated a phishing message implicating an online payment company. The title of the message is shown as Update Your Billing Records – Urgent Action Required. And sender’s address is stated as service@paypalservice.com. The phishing message goes







Due to recent fraudulent transactions, we have issued the following security requirements.

It has come to our attention that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell non existant items. Thus we require our members to add a Debit/Check card to their billing records as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. Your Debit/Check card will only be used to identify you. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the PayPal® service. However, failure to confirm your records will result in your account suspension.

We are requesting this information to verify and protect your identity. Federal regulations require all financial institutions to obtain, verify, and record identification from all persons opening new accounts or obtaining ongoing payment services. This is in order to prevent the use of the U.S. banking system in terrorist and other illegal activity. For these reasons, PayPal® will utilize services provided by various credit reporting agencies to verify the information you submit to us.

Once you have updated your account records your pending PayPal® account transactions will not be interrupted and will continue as normal.

To update your billing records please proceed to our secure webform by clicking here.






PayPal phishing info.esyu.com.cn
Screenshot 01 – Source:
MacHouse		   PayPal phishing info.esyu.com.cn
Screenshot 02 – Source:
esyu.com.cn






The URL underlying the hyperlink in the message is http://info.esyu.com.cn/www.paypal.com/EN/
paypal-update/index.htm. (A continuous URL is divided into two lines.) Clicking on it, one will be directed to a phishing website hosted in China (the host connected by Shaoxing Telecom Bureau). (See Screenshot 02.)  





PayPal phishing info.esyu.com.cn
Screenshot 03 – Source:
MacHouse		   PayPal phishing info.esyu.com.cn
Screenshot 04 – Source:
MacHouse/ARIN






Screenshot 03 shows the HTML source code of the phishing message. It appears that the immediate source of the phishing message is traced to the IP address of 68.23.19.3. According to ARIN, this IP address is assigned to the City of Waupaca, WI, USA. The header also indicates the true origin of the PayPal phishing message. It’s the terminal with the IP address of 81.82.213.45. This IP address may be traced to a Telenet service operated in Belgium.






Click on the button to watch a short documentation video. VTC
Click on the button to watch more documentation videos. VTC






Related stories:

Best Nigerian Joke of the Day: Huangshi Dongbei Electrical Appliance Promotion – Part 1

This entry was posted in Internet security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comment spam protected by SpamBam

Notify me of followup comments via e-mail. You can also subscribe without commenting.