Best phishing ever!

[SLMYRCB]

I have never seen such a good phisher with such clean and clear information. No spelling mistakes and (basically) no glitches.
I have been raped, of my CSP credit card number.
Yes I have many different email accounts. This email came to the account I use exclusively for sensitive  info (ie banking, government logins, ect). I NEVER get spam to this account.
A) after entering my email I hit "login" by mistake and it "logged me in" but I figured chrome must have filled the password and I just didn't realize the yellowed selector.
B) after "verifying" my address I was asked for my credit card info and then the next screen was for bank account info and something called a swift number. That must be some European verification process but that's what triggered my concern. (Never trust the Europeans ).
So I took the website address (also quite professional), striped it down and checked whois...

[SLMYRCB]

Here's the whois page and you can see the account was created today...

BEWARE!

[Work-for-ur-muny]

I have never seen such a good phisher with such clean and clear information. No spelling mistakes and (basically) no glitches.
I have been raped, of my CSP credit card number.
Yes I have many different email accounts. This email came to the account I use exclusively for sensitive  info (ie banking, government logins, ect). I NEVER get spam to this account.
A) after entering my email I hit "login" by mistake and it "logged me in" but I figured chrome must have filled the password and I just didn't realize the yellowed selector.
B) after "verifying" my address I was asked for my credit card info and then the next screen was for bank account info and something called a swift number. That must be some European verification process but that's what triggered my concern. (Never trust the Europeans ).
So I took the website address (also quite professional), striped it down and checked whois...

How did you even get there? IOW, what do I have to watch from?

[Freddie]

How did you even get there? IOW, what do I have to watch from?

An email from paypal asking you to log in and update information.

[SLMYRCB]

How did you even get there? IOW, what do I have to watch from?

How did I get where? I clicked the link that didn't arouse any concern.
I guess you gotta be very keen and more suspicious as the "other-side" is getting better and better.

[Work-for-ur-muny]

How did I get where? I clicked the link that didn't arouse any concern.
I guess you gotta be very keen and more suspicious as the "other-side" is getting better and better.

You're saying that you got an authentic-looking email from PayPal which contained malicious links?

BTW On your second post of the whois page, the site does look amateurish as many letters that should be capitalized (names, states etc.) are not. Something that a legit site would never have. But by the time you get to see that it may be too late.

[SLMYRCB]

You're saying that you got an authentic-looking email from PayPal which contained malicious links?

BTW On your second post of the whois page, the site does look amateurish as many letters that should be capitalized (names, states etc.) are not. Something that a legit site would never have. But by the time you get to see that it may be too late.

I hear ya. I usually use the "created on" date. And yes, by the time you're at the whois page it is usually too late.

[Aussie88]

Ouch. I get spoof PayPal emails pretty much daily, and I'll admit that's one of the best I've seen.

Legit PayPal emails will <b>always</b> have your full name on it. It will say "Dear Joe Shmoe" and then will go on to explain the issue.

[dudi]

Wow. May be a good idea to report the name of the person registered

[Centro]

How is it possible for them to have paypal.com as their Web address, is it because there's no slash after the .com?

[aeman1]

PayPal emails always have your full name.  Report to paypal as well.

[JoeyShmoe]

How is it possible for them to have paypal.com as their Web address, is it because there's no slash after the .com?

That's the trick, it isn't a paypal.com address, it's a account-premier.info web address with a subdomain of paypal.com, so paypal.com.account-premier.info

[MeirS]

I have never seen such a good phisher with such clean and clear information. No spelling mistakes and (basically) no glitches.
I have been raped, of my CSP credit card number.
Yes I have many different email accounts. This email came to the account I use exclusively for sensitive  info (ie banking, government logins, ect). I NEVER get spam to this account.
A) after entering my email I hit "login" by mistake and it "logged me in" but I figured chrome must have filled the password and I just didn't realize the yellowed selector.
B) after "verifying" my address I was asked for my credit card info and then the next screen was for bank account info and something called a swift number. That must be some European verification process but that's what triggered my concern. (Never trust the Europeans ).
So I took the website address (also quite professional), striped it down and checked whois...

I always check the email address of the sender first. What was it here?

[Zalc]

OP, please forward the entire email to spoof@paypal.com

[lubaby]

How is it possible for them to have paypal.com as their Web address, is it because there's no slash after the .com?

The domain there is not Paypal.com.
The domain name is account-premier.info.
WHOIS Record.

Read more about domain structuring here.

Subdomain Names with Dots
Although I said that you cannot buy a domain name with embedded dots, you can still create a domain name where there are embedded dots. For example, if you were to look up at your web browser's address bar right now, you will notice that this site has a web address of "www.thesitewizard.com", where there is a dot separating "www" from my main domain name "thesitewizard.com". Since I own the domain called "thesitewizard.com", I can create any number of web addresses ending with ".thesitewizard.com" that I want. These new addresses, like "www.thesitewizard.com", are often referred to as subdomains. They are subdomains of my main domain, thesitewizard.com.

As such, even though you cannot buy a domain name like "this.is.an.example.com", nothing stops you from buying a domain called "example.com" (unless it's already taken), and then creating a subdomain name called "this.is.an.example.com". Once you own the main domain name, you can create any subdomain of that domain that you want.

AVG caught a Phish.

[yuneeq]

It's kinda obvious already from the email.

-PayPal always capitalizes the 2 P's.
-The Help at the bottom is not formatted properly.
-"Now, Please resolve Your account" makes it obvious again.
-PayPal is NEVER kind in their emails, they would never ever use that kind and friendly tone.
-Too late now, but when ANYONE emails for you to change or update your account information, you should ALWAYS check the senders email address carefully. Even better would be to login to your account by typing it in the URL bar, not by following any links.

[tageed-lee]

Even better would be to login to your account by typing it in the URL bar, not by following any links.

That is my motto for all "link related things" online..

I never trust links when you could just go to their site direct...

[SLMYRCB]

Wow. May be a good idea to report the name of the person registered

Doubt its a real name.

PayPal emails always have your full name.  Report to paypal as well.

OP, please forward the entire email to spoof@paypal.com

Done that. Thanx though

I always check the email address of the sender first. What was it here?

PayPal."something".com

[SLMYRCB]

The End.

[Work-for-ur-muny]

The End.

Hopefully.