Supicious Transaction - PayPal Spam Warning !!!
Once again we are seeing that the spammers are deliberately misspelling words to try and catch out vulnerable people as well as using the 'base href' command to try and hide URLs that scanning software may miss.
This email is based upon PayPal paranoia as is often the case and has several dangerous links within.
The <base href="http://fsrar.ru/menu/"> command gives us the site that they have hacked or they own.
And once again it has the words: 'Di isi dong bossku' in the title which means 'My boss filled it in' in Indonesian.
Here is the email:
Di isi dong bossku
From: [email protected] <[email protected]>
Sent: Sunday, July 14, 2019 5:00 PM
To: Recipient
Subject: Supicious Transaction
Pay Pal
Supicious Transaction
|
Your account just make supicious transaction, We've temprary limited your account due o this supicious activity until this issue is resolved.
|
Here is transaction detail:
- Transaction date : July 10 2019
- Transaction amount : $35 USD
- Transaction ID : GG3178523194EF4
|
If You didn't authorize this transaction please dispute transaction soon.
Please login to your account and provide the requested information to dispute this transaction before July 15 2019.
If we don't receive the requested information soon, We can't refund your money and your account may be closed without any notification.
|
Sincerly,
|
Paypal Inc
|
Click here to unsubscribe
Now the unsubscribe link actually points to:
http://emarketer.softdebut.com/unsubscribe.php?[STRING]L=151&N=489
Which appears to give a unique code to the system to indicate that this particular email address was opened, so that they can monitor who is vulnerable to attack. Do not click unsubscribe.
The actual link from 'I Didn't Authorize This Purcase' seems to take us through to a site that has been marked as deceptive but appears to be an alcohol regulation site that they must have hacked previously.
Mark as spam and delete :)