A badly made example of a PayPal scam/phishing email

I just received this quite badly made attempt at a official PayPal email, “”apparently”” theres a issue with my PayPal account. Lets take a deeper look…

paypal email phishing scam email example badly made

Here is the mail :


Content-Type: text/plain

Content-Transfer-Encoding: 8bit

Dear PayPal Customer,

On MAY 23, 2013, We recently have determined that different computers have logged in your PayPal account.

And multiple password failures were present before the logo’s. We now need you to re-confirm your account information to us.

If this is not completed by ,29, 05, 2013, we will be forced to suspend your account indefinitely.

Case ID Number : PP-001-544-375

To restore your account,

Please download the attached form to verify your Profile information and restore your account access.

Make sure you enter the information accurately, and according to the formats required.

Fill in all the required fields.

It’s usually pretty easy to take care of things like this. Most of the

time, we just need a little more information about your account or latest


To help us with this and to see what you can and can’t do with your account

until the issue is resolved, log in to your account and go to the

Resolution Center.

Yours sincerely,



Help Center:


Security Center:


Please do not reply to this email because we are not monitoring this inbox. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page.

Copyright © 2013 PayPal Inc. All rights reserved.

Consumer advisory: PayPal Pte Ltd, the Holder of the PayPalT payment service stored value facility, does not require the approval of the Monetary Authority of Singapore. Consumers (users) are advised to read the terms and conditions: www.paypal.com/eg/sg/cgi-bin/webscr?cmd=p/gen/ua/ua-outside carefully.

PayPal Email ID  PP076

__________ Information from ESET NOD32 Antivirus, version of virus signature database 7942 (20130128) __________

The message was checked by ESET NOD32 Antivirus.




Content-Type: ; name=”Case ID Number PP-001-544-375.htm”

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename=”Case ID Number PP-001-544-375.htm”


A massive jumble of letters and numbers goes on for some time, so I cut it down, they tried to attach a file and somehow got the files insides splattered at the bottom of the mail….

Good : 

  • It’s in English (mostly)
  • Contains genuine working links to help articles on PayPals US site

Bad :

  • The customers name is missing
  • There are no logos, the whole thing is just pure text
  • They made a huge mess of attempting to attach what they wanted you to download, resulting in hundreds of lines of computer language jibberish…
  • Date formatting makes no sense “completed by ,29, 05, 2013,”
  • And multiple password failures were present before the logo’s.” What? lol
  • Sent from “noreplay-paypal@uk.com” NOREPLAY??? UK.com??? really….
  • Scammers used a dedicated server (Kimisufi) to send it out hopefully they lost money on that, after seeing this I doubt they managed to “h&x0r” it :p

Result this ones just bad, really bad. The whole file attachment part that there scam revolves on does not even work rendering there scammy efforts worthless.

Leave a Reply

Your email address will not be published. Required fields are marked *