When I received this email, I thought it was another badly done PayPal phishing attempt. At first glance it looks like it with a typical email that doesn’t have any of the PayPal logos or imprint details. I probably get 10 or 15 PayPal phishing attempts every day.

But no! it is yet another scam trying to persuade me to part with my money and join a money making scam where the only person who ever makes any money, is the originator at the top of the pyramid

The email looks like:

From: [email protected]

Date: Sat 01/07/2021 12:19

Subject: Notification PayPaI: Case ID PP-902-711-029-327

Body Content:

Hello!

Your account access has been limited for the following reason(s):

30 Jun 2021: Your credit or debit card issuer advised us that your card was used without your permission.

(Your case ID for this reason is PP-902-711-029-327.)

http://smarturl.it/View_Paypal_Account

Once you have completed all the checklist items, your case will be reviewed by one of our Account Specialists. We will send you an email with the outcome of the review.

Sincerely,

PayPal

The link goes to which immediately redirects you to where you see web page with a video of a partially dressed woman in a pond jabbering on about how easy it is to make money

Don’t fall for this nonsense. Nobody ever makes money from these scams. If it was a genuine money making method then they wouldn’t need to use bait or lures like this one pretending your PayPal account has been limited.

The other “interesting ” bit about this scam is the email headers where if you look carefully you can see the alleged sending address is [email protected] where the what looks like a lower case L is actually an upper case i

This is a case where using a serif font is much safer [email protected] However we all like clean looks on websites and emails and typically use a non serif font making it much harder to distinguish these spoofs and scams

IP Hostname City Region Country Organisation
197.220.109.205  Nairobi South Nairobi Area KE AS37027 Simbanet (T) Limited

Received: from [197.220.109.205] (port=62941 helo=mail.com)
by knight.knighthosting.co.uk with smtp (Exim 4.89)
(envelope-from <[email protected]>)
id 1dRGN0-0007HJ-7v
for [email protected]; Sat, 01 Jul 2021 12:15:23 +0100
Reply-To: <[email protected]>
From: “[email protected]” <[email protected]>
Subject: Notification PayPaI: Case ID PP-902-711-029-327
Date: Sat, 1 Jul 2021 19:18:44 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset=”Windows-1251″
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

The PayPai domain has been around for along time and I am very surprised it hasn’t been taken over by PayPal themselves by now

Currently it doesn’t have an IP address associated with it, but that can be done in 2 or 3 minutes easily

Domain Whois Record

Queried whois.internic.net with “dom paypaI.com“…

Domain Name: PAYPAI.COM
Registrar: MONIKER ONLINE SERVICES LLC
Sponsoring Registrar IANA ID: 228
Whois Server: whois.moniker.com
Referral URL: http://www.moniker.com
Name Server: NS1.MONIKERDNS.NET
Name Server: NS2.MONIKERDNS.NET
Name Server: NS3.MONIKERDNS.NET
Name Server: NS4.MONIKERDNS.NET
Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Status: clientHold https://icann.org/epp#clientHold
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Updated Date: 06-jan-2017
Creation Date: 18-aug-2002
Expiration Date: 18-aug-2018