Beware of PayPal Phishing Website Hosted at ESYU.COM.CN
TOKYO (MacHouse) - More than 9 hours ago, an organized cyber criminal group circulated a phishing message implicating an online payment company. The title of the message is shown as Update Your Billing Records - Urgent Action Required. And sender’s address is stated as service@paypalservice.com. The phishing message goes
Due to recent fraudulent transactions, we have issued the following security requirements.
It has come to our attention that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell non existant items. Thus we require our members to add a Debit/Check card to their billing records as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. Your Debit/Check card will only be used to identify you. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the PayPal® service. However, failure to confirm your records will result in your account suspension.
We are requesting this information to verify and protect your identity. Federal regulations require all financial institutions to obtain, verify, and record identification from all persons opening new accounts or obtaining ongoing payment services. This is in order to prevent the use of the U.S. banking system in terrorist and other illegal activity. For these reasons, PayPal® will utilize services provided by various credit reporting agencies to verify the information you submit to us.
Once you have updated your account records your pending PayPal® account transactions will not be interrupted and will continue as normal.
To update your billing records please proceed to our secure webform by clicking here.
 Screenshot 01 - Source: MacHouse |
 Screenshot 02 - Source: esyu.com.cn |
The URL underlying the hyperlink in the message is http://info.esyu.com.cn/www.paypal.com/EN/
paypal-update/index.htm. (A continuous URL is divided into two lines.) Clicking on it, one will be directed to a phishing website hosted in China (the host connected by Shaoxing Telecom Bureau). (See Screenshot 02.)
 Screenshot 03 - Source: MacHouse |
 Screenshot 04 - Source: MacHouse/ARIN |
Screenshot 03 shows the HTML source code of the phishing message. It appears that the immediate source of the phishing message is traced to the IP address of 68.23.19.3. According to ARIN, this IP address is assigned to the City of Waupaca, WI, USA. The header also indicates the true origin of the PayPal phishing message. It’s the terminal with the IP address of 81.82.213.45. This IP address may be traced to a Telenet service operated in Belgium.
Click on the button to watch a short documentation video. 
Click on the button to watch more documentation videos.
Related stories:
Best Nigerian Joke of the Day: Huangshi Dongbei Electrical Appliance Promotion - Part 1
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.