Supicious Transaction - PayPal Spam Warning !!!

Supicious Transaction - PayPal Spam Warning !!!   Once again we are seeing that the spammers ar

Supicious Transaction - PayPal Spam Warning !!!

 

Once again we are seeing that the spammers are deliberately misspelling words to try and catch out vulnerable people as well as using the 'base href' command to try and hide URLs that scanning software may miss.

This email is based upon PayPal paranoia as is often the case and has several dangerous links within.

The <base href="http://fsrar.ru/menu/"> command gives us the site that they have hacked or they own.

And once again it has the words: 'Di isi dong bossku' in the title which means 'My boss filled it in' in Indonesian.

Here is the email:

 

Di isi dong bossku

From:                                                       [email protected] <[email protected]>

Sent:                                                         Sunday, July 14, 2019 5:00 PM

To:                                                            Recipient

Subject:                                                   Supicious Transaction

 

Pay Pal

Supicious Transaction

Your account just make supicious transaction, We've temprary limited your account due o this supicious activity until this issue is resolved.

Here is transaction detail:

  • Transaction date : July 10 2019
  • Transaction amount : $35 USD
  • Transaction ID : GG3178523194EF4

I Didn't Authorize This Purcase

If You didn't authorize this transaction please dispute transaction soon.

Please login to your account and provide the requested information to dispute this transaction before July 15 2019.

 If we don't receive the requested information soon, We can't refund your money and your account may be closed without any notification.

Sincerly,

Paypal Inc

 


Click here to unsubscribe

 

Now the unsubscribe link actually points to:

http://emarketer.softdebut.com/unsubscribe.php?[STRING]L=151&N=489

Which appears to give a unique code to the system to indicate that this particular email address was opened, so that they can monitor who is vulnerable to attack. Do not click unsubscribe.

 

The actual link from 'I Didn't Authorize This Purcase' seems to take us through to a site that has been marked as deceptive but appears to be an alcohol regulation site that they must have hacked previously.

 

Mark as spam and delete :)

 

Add comment