Date: Mon, 29 Apr 2013 13:22:03 -0500The link goes through a legitimate but hacked site to land on a malicious payload at [donotclick]frustrationpostcards.biz/news/institutions-trusted.php (report here) hosted on the following IPs:
From: "firstname.lastname@example.org" [email@example.com]
Subject: Requested Reset of Yoyr PayPal Password
Your account will stay on hold untill password reset.
How to reset your PayPal password
To get back into your PayPal account, you'll have to create a new password.
Click the link below to open a secure browser window.
Confirm that you're the owner of the account, and then follow the instructions.
Reset your password now
If you didn't requested help with your password, let us know immediately. Reporting it is important because it helps us prevent fraudsters from stealing your information.
Help Center | Security Center
Please don't reply to this email. It'll just confuse the computer that sent it and you won't get a response.
Copyright © 2013 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95132.
PayPal Email ID 2A7X1
126.96.36.199 (PROXAD Free SAS, France)
188.8.131.52 (Greek Research and Technology Network, Greece)
184.108.40.206 (Umea University, Sweden)
TheWHOIS details identify this domain as belonging to the Amerika gang:
Registrant ID: INTEGOY3JBV8IIHG
Registrant Name: Shouli Cowper
Registrant Address1: 40 W 17th St
Registrant City: New York
Registrant Postal Code: 10011
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.4682697453
Registrant Email: firstname.lastname@example.org