Paypal scam email

Got an email in one of my Hotmail accounts stating I had unclaimed funds,so I do my usual look up to see where the email came from using the Outlook properties app.

The IP address looks legit and I'm just wondering how the spammer/spoofer did this?

All the links look legit too.


X-Message-Info: NhFq/7gR1vRwaSZwDIomdmFNZRxydZt2Z7K+k748Gm6bITGfrJTxOeNJjnV5HF3RzsD+v97/VSRMLabN+6KkooZg14xWEPtwnSacKkMj6ZddvzJmVBiuZ0lH00JoilxxUU4Be7rLwHOGse/2jw138QBI89Mv6LRgfD2V3yr3uz0=
Received: from mail2550.paypal.mkt2944.com ([74.112.67.243]) by SNT0-MC3-F4.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);

Reverse IP lookup :

 Reverse DNS and IP Lookup :
74.112.67.243
 

            Server:            161.58.104.2
Address:      161.58.104.2#53

Non-authoritative answer:
243.67.112.74.in-addr.arpa      name = mail2550.paypal.mkt2944.com.

I got this with a Google search:

http://www.reputationauthority.org/lookup.php?ip=74.112.67.243

Anybody got a clue?
LVL 31
pgm554Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
Most of it they just made up.  If you have the programming skills, you can write a fairly short program that will generate all the fake email info you want.  Usually all the links are legit except for the one where they ask for your username and password.
0
Frosty555Commented:
The majority of the headers in an email are provided by the SMTP server that is delivering the message. There is little verification to ensure the authenticity of the headers or their values. The receiving server has to trust that the headers the sending server delivered haven't been manipulated or falsified.

So basically, headers can easily be forged when you are operating your own SMTP server.

Out of curiosity... can you post the entire message header?
0
TintinCommented:
While the IP address might be legit, Silverpop doesn't send out Paypal notifications.
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

Dave BaldwinFixer of ProblemsCommented:
For what it's worth, I get Paypal scam emails on several accounts at least once a month and have for years.  I just delete them.
0
pgm554Author Commented:
Normally when you see these emails,they end up in the junk folder and you see the links without all the HTML camo and can see the bogus links,but those were not to be found.

Just had me going OK,so where's the payload?
0
Frosty555Commented:
Also be aware that the hostname "mail2550.paypal.mkt2944.com" is NOT owned or controlled by PayPal in any way. They threw "paypal" into a subdomain of the host to throw you off, but "mkt2944.com" is most definitely not paypal.

If there wasn't any links, they may have intended for an unsuspecting victim to reply to the email instead of clicking a link.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
From paypal...you may want to see that email again
@ https://www.paypal.com/uk/cgi-bin/webscr?cmd=p/gen/fraud-prevention-outside
@ https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/general/SecuritySpoof-outside

Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account. If you believe you have received a fraudulent email, please forward the entire email—including the header information—to spoof@paypal.com. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.

Don't share personal information via email: We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to www.paypal.com/uk.

Don't download attachments: PayPal will never send you an attachment or software update to install on your computer.

Questions PayPal will never ask you in an email

To help you better identify fake emails, we follow strict rules. We will never ask for the following personal information in emails:

Credit and debit card numbers
Bank account numbers
Driver's License numbers
Email addresses
Passwords
Your full name


How to spot SPOOF (fake) eBay + PayPal phishing emails
http://www.ebay.co.uk/gds/How-to-spot-SPOOF-fake-eBay-PayPal-phishing-emails-/10000000001711994/g.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.