An
Email with the Subject "Your credit card information has been changed !" was
received in one of Scamdex's honeypot email accounts on Tue, 12 Jan 2010 10:20:44 -0800
and has been classified as a Generic Scam Email.
The sender shows as "service@paypal.co.uk" <service@paypal.co.uk>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
boxpaypalpaypal.comlog increditcontactaccountnotificationresponseservicemailsincerely will mailboxhttps://www.paypal.com/us...
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => submitted@scamdex.com
[delivery-date:] => Tue, 12 Jan 2010 10:20:58 -0800
[received:] => Array
(
[0] => from [213.189.9.208] (helo=s01.aceahosting.nl)by fire.newsblaze.com with esmtps (TLSv1:AES256-SHA:256)(Exim 4.69)(envelope-from )id 1NUlK8-0005XC-8Cfor submitted@scamdex.com; Tue, 12 Jan 2010 10:20:44 -0800
[1] => from nobody by s01.aceahosting.nl with local (Exim 4.69 (FreeBSD))(envelope-from )id 1NUlK5-0008nI-Cofor submitted@scamdex.com; Tue, 12 Jan 2010 19:18:33 +0100
)
[to:] => submitted@scamdex.com
[subject:] => Your credit card information has been changed !
[x-php-script:] => moniek-hugo.nl/images/banners/.v1.5/sendmail.php for 60.231.152.241
[mime-version:] => 1.0
[content-type:] => text/html; charset=ISO-8859-1
[content-transfer-encoding:] => 7bit
[content-disposition:] => inline
[from:] => "service@paypal.co.uk"
[message-id:] =>
[date:] => Tue, 12 Jan 2010 19:18:33 +0100
[x-antiabuse:] => Array
(
[0] => This header was added to track abuse, please include it with any abuse report
[1] => Primary Hostname - s01.aceahosting.nl
[2] => Original Domain - scamdex.com
[3] => Originator/Caller UID/GID - [65534 65534] / [26 6]
[4] => Sender Address Domain - s01.aceahosting.nl
)
[x-spam-status:] => No, score=
[x-spam-score:] =>
[x-spam-bar:] =>
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
On January 11, 2010, your credit card has been removed from your PayPal
account.
You are receiving this email notification because this email address is
listed as the administrative contact email for your PayPal account. If
you belive this is an error, click the link below, log in to your
PayPal account and follow the instructions.
