fake PayPal your account has been limited leads to a money making scam

When I received this email, I thought it was another badly done PayPal phishing attempt. At first glance it looks like it with a typical email that doesn’t have any of the PayPal logos or imprint details. I probably get 10 or 15 PayPal phishing attempts every day. But no! it is Continue reading → Continue reading fake PayPal your account has been limited leads to a money making scam

PayPal Scam Email?

Is this a scam email or is it a valid email from PayPal?

To: XXXXXX XXXXXX From: PayPal Credit Request attempted on: June 10,
2017

You attempted to open an account or make a purchase using the PayPal
Credit payment method on June 10, 2017. We regret that you were unable
to use PayPal Credit at that time. As a convenience, we are providing
you with immediate access to view the reasons why your request was not
authorized. By clicking on the secure link below, you can begin the
process of viewing this important information.

View Important Information About Your Request When you applied, you
provided certain information about yourself that we will request for
verification when you click the link above. After clicking the secure
link above, a screen will appear requiring you to enter this
information for verification purposes. 

You will have access to this information for up to 180 days from the
date of this email using the link in this e-mail. If you wish to
continue to have access to this information, you must keep this email,
and use the above link to access this information in the future.

Please do not reply to this email. If you are unable to access this
information, you will receive a letter within 30 days.

Sincerely,

PayPal Credit 

The lender for PayPal Credit accounts is Comenity Capital Bank

The link points to https://bml.applications.billmelater.com and they want me to put in my birth date and last 4 digits of my SSN. The sender is supposedly from customercare@paypal.com.

Here is the provided message header:

Return-Path: <customercare@paypal.com> Received: from
mx0.slc.paypal.com ([173.0.84.225]) by mx.perfora.net  (mxeueus001
[74.208.5.21]) with ESMTPS (Nemesis) id 0MTydT-1dCYnS2MwD-00Qg0p  for
<XXXXXX@XXXXXXXXXXXX.XX>; Fri, 16 Jun 2017 07:31:00 +0200
DKIM-Signature: v=1; a=rsa-sha256; d=paypal.com; s=pp-dkim1;
c=relaxed/relaxed;  q=dns/txt; i=@paypal.com; t=1497591058;
h=From:From:Subject:Date:To:MIME-Version:Content-Type;
bh=1QULyOBdV2fQFWq+fY0tQ1diErpOz89Nr0ZW8Q/t9O8=;
b=0yzdRiM1B55ey8LoOBH0iXb3E5yqxdVk1dhjwi9YZem6zKAM8yP6hPvvl9l5Y/EJ
f93DxSsnM5VTd4EQb803oFL05utxp9GmAXiYeAbba+MRVxl/OTGWThQDk1s7SDJQ
DXX9SCHzYzeVZ/5dijQj0aaCrPw7+9Sw0Vm4yn1B0VysSWcnHGJWwbTC9E7NBaFr
A33cVi3lE1uNVJwz8ypxq6RRjMhWYA5Nmhn0RJfE6v8BbRj8HvMKCO4UUrUg/OIb
e+GiqjR5w3gUsvbEuVBF8IlVFzGEeWE+QTuPzkQQPrWwlQ+Pv59dte7O0sZwT682
SJdx1RRSxXOg8mF9mHNhsA==; Received: (qmail 11576 invoked by uid 993);
16 Jun 2017 05:30:58 -0000 Date: Thu, 15 Jun 2017 22:30:58 -0700
Message-Id: <1497591058.11576@paypal.com> AMQ-Delivery-Message-Id:
EMAILDELIVERY-Notification_EmailDeliveryEvent-185-1497591052064-3809733053
X-PP-REQUESTED-TIME: 1497591050550 X-PP-Email-transmission-Id:
f642bda6-5254-11e7-bd77-5cb90192ccbc PP-Correlation-Id:
ddc61267a22a1bb0 Subject:
=?UTF-8?Q?Request_attempted_on=3A=C2=A0June_10=2C_2017?= X-MaxCode-Template: PPC001143 To: <XXXXXX@XXXXXXXXXXXX.XX> From:
PayPal Credit <customercare@paypal.com> X-Email-Type-Id: PPC001143
Content-Transfer-Encoding: base64 Content-Type: text/html;
charset=UTF-8 MIME-Version: 1.0 Envelope-To: <XXXXXX@XXXXXXXXXXXX.XX>
X-UI-Filterresults:
notjunk:1;V01:K0:LdGxQFRpRdo=:36HTTy+jN84T1PARbUXaam6TaP 
/vZtms/sJ5AC2EAGL34ilyA8HGVtQHGuD5/MNyrXPgjCBpMgyCf5HXT0oo5T/94SpRqgh+aHZ
PbAK2JatMnw40up2972ATAveQN4ejppluCgm3tglysTaDhCc+oDjbj5+RoLSdGYL3EpL9ZxnH
NaTkIj9JhebaViiAzA1S89Ea4LxXK43tWjyc9GOVWMh55DI8K69/mQW6dCAjnRKk8MGP6iATN
hHYgWOSEMbJy5HPmwSD5ZwC0SIziTpk+TLftmUGRuDIsXNqUKMynyN+W0eljz6zV2rswrCggJ
GdSynaaVXzQ0WrhPjc4uc39PyX3UlrH0SM7cbGbaMfCgQGz3EJHaVkBlomVUgauBUPgDRB4qY
ZN4JNLCxCDciRxWP3p0MtQ95TK8JDfSF9UYBbkPmEjcbgTqFTYYRAtenlyz2HMTRQW6CMyNDD
AxAZndGz5Jo47ZXivbebQnQTOczSTFG/QrO3yY5PJZfLR5MJcDqHqMca0mzO/8PHErOU0H6J1
CNZ9oVDMp76Z3ZMlnwKBr6npVoUEp1qZ8YCeZ5SA657pA+dSM1/JTfFkq7GqkrtRUscQd4V4o
5MmWoPIG0PUYd8DnA5GsoPn4OQd20zk2naYCRKdhr01PWJ7AkrERSJyZGh/9lgg5Kg/u+vxYn
i4oqqi0PEVzfOz/IQvj7l2I0R1ibJKbjGcDZDheLCXwQXzt8fTUQZDD4MLBsNyY+e5lQQcgaZ
RxnT9QI62oXk9pqvlxknzOmLCcA2Xlwimr6WUNcRc6Joh/wgXQUBJRpl3YdOwQ/UDPDhlskag
H5Qls8E1GUcEy6114jBLZsRmexGsklw7qA+UEvRcajBRktYjPewN7YkQVQlp9vhDpSjVf2gtD
WA5lOh0YlkBOxDrv0m1g5iKvpEZRO7IntT0p9kA5bevZtgWHvBQaa+IGDA1F+Ot4ldT2EEVjs
EkKGGhK4JNwdZCaTwmqgyPzDJt3I6wnVdeZIzR77XtDXjv+maDNZ9M4xVNwOW0/puP4rGAXHM
82SGxdPLv/mnEgLe3zTY1sF8D9eU0Bqtvcv9GYcScoz1n2yObr8P4PJ/SqfQJ0vFvT52qxLxG
1/yQa0OLG1UJlqywAqlWAoNmy8DQYZcrXxebyaN+zslBVh/b9iH+tMc3PVcal+0yiET0DOA1g
IVa/ECYMR8PmIywvSZvQBnAdR8OgGAigSIrItxkj6rPxvkfSoeRgwWTmSmD5PzYPxbAWIpQ0f
khmztigydZcMKglCWABd7iXHmmJSrkIW2sXH1G0fIoJ9PVV6nVzOV6fLUNjy5F15m7zoYFDBV
FiJ3896cAvR+sr69vHk+ivbAWg==

Continue reading PayPal Scam Email?

Following the Money Hobbled vDOS Attack-for-Hire Service

A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline.

Last fall, two 18-year-old Israeli men were arrested for allegedly running a vDOS, perhaps the most successful booter service of all time. The pair were detained within hours of being named in a story on this blog as the co-proprietors of the service (this site would later suffer a three-day outage as a result of an attack that was alleged to have been purchased in retribution for my reporting on vDOS).

That initial vDOS story was based on data shared by an anonymous source who had hacked vDOS and obtained its private user and attack database. The story showed how the service made approximately $600,000 over just two of the four years it was in operation. Most of those profits came in the form of credit card payments via PayPal.

But prior to vDOS’s takedown in September 2016, the service was already under siege thanks to work done by a group of academic researchers who teamed up with PayPal to identify and close accounts that vDOS and other booter services were using to process customer payments. The researchers found that their interventions cut profits in half for the popular booter service, and helped reduce the number of attacks coming out of it by at least 40 percent. Continue reading Following the Money Hobbled vDOS Attack-for-Hire Service

Rash Of Phishing Attacks Use HTTPS To Con Victims

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they’re visiting a safe site. Continue reading Rash Of Phishing Attacks Use HTTPS To Con Victims