Date: Tue, 1 May 2012 14:31:26 +0300
From: "PayPal" [notify@paypal.com]
Subject: RE:You just sent a payment to Enrique Peterson
You just sent a payment
Transaction ID: 2SM69324P0770102B
Hello xxxxxxxxxxxxxx,
Thanks for using PayPal. It may take a few moments for this transaction to appear in your account.
Merchant
Enrique Peterson
wcEnrique22@hotmail.com
Note to Thad Peterson
You haven't sent a note.
Shipping address - confirmed
Michael Pepe
P.O. Box 173
Cheektowaga, NY�14225
United States
Total $140.00 USD
Payment $60.00 USD
Payment sent to Enrique Peterson
Help Centre | Resolution Centre | Security Centre
This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click "Contact Us" at the bottom of any page.
Copyright � 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.
PayPal Email ID PP1526
The malicious payload is on 72.46.140.14/showthread.php?t=9d77a9163cda8dbe (report here) and is hosted by Versaweb in the US, suballocated to "Silver Knight Enterprises Corp" of Las Vegas.
Update: here is another variant
Date: Tue, 1 May 2012 19:54:34 +0700
From: "PayPal" [notify@paypal.com]
Subject: RE:You just sent a payment to Jame Peterson
You just sent a payment
Transaction ID: 2SM69324P0770102B
Hello xxxxxxxxxxxxxxx,
Thanks for using PayPal. It may take a few moments for this transaction to appear in your account.
Merchant
Jame Peterson
wcJame22@hotmail.com
Note to Thad Peterson
You haven't sent a note.
Shipping address - confirmed
Michael Pepe
P.O. Box 173
Cheektowaga, NY�14225
United States
Total $100.00 USD
Payment $60.00 USD
Payment sent to Jame Peterson
Help Centre | Resolution Centre | Security Centre
This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click "Contact Us" at the bottom of any page.
Copyright � 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.
PayPal Email ID PP1526
3 comments:
Well, I was up late working and didn’t “click” to the fact that it was a phishing scam until after I clicked on the tracking number to find out who the heck Desiree Peterson, Thad Peterson and Michael Pepe were. It took me to a page with a 403 error code and the word “Forbidden” … I’m running a virus/malware scan on my iMac right now, just to be safe. I googled the three names and actually got a hit for Michael Pepe in Cheektowaga, NY. He’s a member of the Construction Exchange of Buffalo & WNY. So I thought I’d call. They gave me the phone number for Pepe Construction (his company), and I ended up talking to the real Michael Pepe. He is in Cheektowaga, on the outskirts of Buffalo, but the p.o. box is not his, and the zip code is not his (though it is a nearby zip). If what he told me was true, his identity was stolen a couple of months ago, and he’s been fighting that battle for weeks.
As long as I run my Mackeeper scan, do you think I have anything else to be concerned about? I changed all my financial passwords (Paypal and bank) just to be safe.
@txmom2jami
I don't think that *this* malware impacts Macs (also some other malicious apps do). Running a scan is a good thing though. If you got a 403 error, it's likely that one of the intermediates sites was taken down (I think I counted two hops before the malware).
That's interesting about Michael Pepe. I kind of assumed that the name was made up, it seems that it goes much deeper..
thanks
i have had this 5 times today all different names
You just sent a payment Transaction ID: 2SM69324P0770102B
Hello darren,
Thanks for using PayPal. It may take a few moments for this transaction to appear in your account.
Merchant
Santos Peterson
wcSantos22@hotmail.com
Note to Thad Peterson
You haven't sent a note.
Shipping address - confirmed
Michael Pepe
P.O. Box 173
Cheektowaga, NY 14225
United States
Total $120.00 USD
Payment $100.00 USD
Payment sent to Santos Peterson
Help Centre | Resolution Centre | Security Centre
This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click "Contact Us" at the bottom of any page.
Copyright © 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.
PayPal Email ID PP1526
Post a Comment