[ale] new email scam: Paypal forgery

[Bob Toxen]

On Wed, Nov 05, 2003 at 11:19:19PM -0500, Ray Knight wrote:
> I have received this or a very similar message at least 6 times in the
> last few months.  If I recall correctly the first one was in early
> June.  You would think the idiot would have been arrested by now.
They're almost never caught.

Btw, the host name "microsoft.com" was spoofed.  The enclosed email does not
indicate a compromised Microsoft machine.

Bob

> On Wed, 2003-11-05 at 09:02, George Johnson wrote:
> > It seems this one will not go away until someone is jailed.  I have seen it
> > a couple of times lately.  I emailed them and called them what they were,
> > crooks!

> > George Johnson


> > -----Original Message-----
> > From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of James P.
> > Kinney III
> > Sent: Wednesday, November 05, 2003 8:54 AM
> > To: Atlanta User Group (E-mail)
> > Subject: [ale] new email scam: Paypal forgery

> > What a scam!!! The really interesting part is the source according to
> > mindspring dns service is microsoft.com. So it looks like a M$ machine
> > has been compromised!! I especially like the deliberate mis-spelling of
> > Paypal to use the "I" instead of "l".


> > Return-Path: <usersupports4 at paypal.com>
> > Received: from holt.mail.atl.earthlink.net (holt.mail.mindspring.net
> >         [207.69.200.187]) by moat.localnetsolutions.com (8.12.8/8.12.8)
> > with ESMTP
> >         id hA52UHEE032685 for <jkinney at castle.localnetsolutions.com>;
> > Tue, 4 Nov
> >         2003 21:30:17 -0500
> > Received: from carus-z.mspring.net ([207.69.231.92]
> > helo=carus.mspring.net)
> >         by holt.mail.atl.earthlink.net with smtp (Exim 3.33 #1) id
> > 1AHDR4-000399-00
> >         for jkinney at castle.localnetsolutions.com; Tue, 04 Nov 2003
> > 21:30:18 -0500
> > X-MindSpring-Loop: jkinney at localnetsolutions.com
> > Received: from microsoft.com ([24.188.106.56]) by carus.mspring.net
> >         (Earthlink Mail Service) with SMTP id 1ahdr33h3Nl5tW0 for
> >         <jkinney at localnetsolutions.com>; Tue, 4 Nov 2003 21:30:17 -0500
> > (EST)
> > Date: Wed, 05 Nov 2003 02:51:15 +0000
> > From: PayPal <usersupports4 at paypal.com>
> > Subject: PayPaI officiaI notice
> > To: Jkinney <jkinney at localnetsolutions.com>
> > References: <3HD8D2FL286L2C54 at localnetsolutions.com>
> > In-Reply-To: <3HD8D2FL286L2C54 at localnetsolutions.com>
> > Message-ID: <71930G2G6I23G8BK at paypal.com>
> > Reply-To: PayPal <usersupports6 at paypal.com>
> > Sender: PayPal <usersupports4 at paypal.com>
> > MIME-Version: 1.0
> > Content-Type: multipart/related;
> > boundary="----=_NextPart_0JK8KCKHH2_51C0HE499IH2CL"
> > X-MailScanner-Information: Please contact the ISP for more information
> > X-MailScanner: Found to be clean
> > X-MailScanner-SpamScore: ss
> > Status:   
> > X-Evolution-Source: pop://jkinney@192.168.0.1/


> -- 
> Ray Knight <audilover at atlantabroadband.com>