Paypal scam email

Posted on 2013-09-15
Medium Priority
Last Modified: 2016-03-24
Got an email in one of my Hotmail accounts stating I had unclaimed funds,so I do my usual look up to see where the email came from using the Outlook properties app.

The IP address looks legit and I'm just wondering how the spammer/spoofer did this?

All the links look legit too.

X-Message-Info: NhFq/7gR1vRwaSZwDIomdmFNZRxydZt2Z7K+k748Gm6bITGfrJTxOeNJjnV5HF3RzsD+v97/VSRMLabN+6KkooZg14xWEPtwnSacKkMj6ZddvzJmVBiuZ0lH00JoilxxUU4Be7rLwHOGse/2jw138QBI89Mv6LRgfD2V3yr3uz0=
Received: from mail2550.paypal.mkt2944.com ([]) by SNT0-MC3-F4.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);

Reverse IP lookup :

 Reverse DNS and IP Lookup :


Non-authoritative answer:      name = mail2550.paypal.mkt2944.com.

I got this with a Google search:


Anybody got a clue?
Question by:pgm554
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39494400
Most of it they just made up.  If you have the programming skills, you can write a fairly short program that will generate all the fake email info you want.  Usually all the links are legit except for the one where they ask for your username and password.
LVL 31

Expert Comment

ID: 39494403
The majority of the headers in an email are provided by the SMTP server that is delivering the message. There is little verification to ensure the authenticity of the headers or their values. The receiving server has to trust that the headers the sending server delivered haven't been manipulated or falsified.

So basically, headers can easily be forged when you are operating your own SMTP server.

Out of curiosity... can you post the entire message header?
LVL 48

Assisted Solution

Tintin earned 500 total points
ID: 39494837
While the IP address might be legit, Silverpop doesn't send out Paypal notifications.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

LVL 84

Expert Comment

by:Dave Baldwin
ID: 39494926
For what it's worth, I get Paypal scam emails on several accounts at least once a month and have for years.  I just delete them.
LVL 30

Author Comment

ID: 39495026
Normally when you see these emails,they end up in the junk folder and you see the links without all the HTML camo and can see the bogus links,but those were not to be found.

Just had me going OK,so where's the payload?
LVL 31

Accepted Solution

Frosty555 earned 500 total points
ID: 39495095
Also be aware that the hostname "mail2550.paypal.mkt2944.com" is NOT owned or controlled by PayPal in any way. They threw "paypal" into a subdomain of the host to throw you off, but "mkt2944.com" is most definitely not paypal.

If there wasn't any links, they may have intended for an unsuspecting victim to reply to the email instead of clicking a link.
LVL 66

Expert Comment

ID: 39507853
From paypal...you may want to see that email again
@ https://www.paypal.com/uk/cgi-bin/webscr?cmd=p/gen/fraud-prevention-outside
@ https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/general/SecuritySpoof-outside

Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account. If you believe you have received a fraudulent email, please forward the entire email—including the header information—to spoof@paypal.com. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.

Don't share personal information via email: We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to www.paypal.com/uk.

Don't download attachments: PayPal will never send you an attachment or software update to install on your computer.

Questions PayPal will never ask you in an email

To help you better identify fake emails, we follow strict rules. We will never ask for the following personal information in emails:

Credit and debit card numbers
Bank account numbers
Driver's License numbers
Email addresses
Your full name

How to spot SPOOF (fake) eBay + PayPal phishing emails

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I came across an unsolved Outlook issue and here is my solution.
Check out the easy way to Export Thunderbird to MS Outlook. It can be done effectively by using manual method and if you are not much into coding then you can definitely try the third party tool for the conversion.
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question