I recently received an email from the address security@onlineupdate.com. They’re trying to phish for PayPal accounts. The contents of the email read as follows.

Dear shiping angel,
We recently reviewed your account, and we are suspecting that your PayPal account may have been accessed from an unauthorized computer.
This may be due to changes in your IP address or location. Protecting the security of your account and of the PayPal network is our primary concern.
We are asking you to immediately login and report any unauthorized withdrawals, and check your account profile to make sure no changes have been made.
To protect your account please follow the instructions below:
* DO NOT SHARE YOUR PASSWORD WITH OTHER USERS
* LOG OFF AFTER USING YOUR ONLINE ACCOUNT
Please click on the following link, to verify your account activity:

http://www.paypal.com/cgi-bin/webscr?cmd=_login-run

We apologize for any inconvenience this may cause, and appreciate your support in helping us maintaining the integrity of the entire PayPal system.
Please login as soon as possible.
Thank you,
PayPal Security Center.

Email Content

The link within the email directs you to “cheersandgears.com/waw/”, which has been flagged as a forged website.

The headers are as follows:

Content-Type: text/html; charset=”iso-8859-1″
Date: 02 Apr 2010 22:53:05 +0800 [04/02/2010 08:53:05 AM MDT]
Delivery-date: Mon, 05 Apr 2010 12:34:02 -0600
Envelope-to: [My Email]
From: PayPal
MIME-Version: 1.0
Message-ID: <20100402225305.0A9EC7129E153A42@onlineupdate.com>
Received: * from [72.253.60.56] (helo=server1.tnwre.com) by [My Email Server] with esmtp (Exim 4.69) (envelope-from ) id 1Nyr7Z-0005Dm-K9 for [My Email]; Mon, 05 Apr 2010 12:34:01 -0600
* from onlineupdate.com (h186-210-66-252.seed.net.tw [210.66.252.186]) by server1.tnwre.com with ESMTP; Fri, 02 Apr 2010 05:04:25 -1000
Return-path:
Subject: shiping angel, your PayPal account will be closed on 03/04/2010

Email Headers

Obviously, they have no idea how to read a calendar. If the senders email address doesn’t send a red flag up for you, the subject line should. Since it’s a month behind.

*Tips to keep you safe.
Always scroll over links in your emails. If they don’t lead to the website that the email is referring to, it’s most likely a phishing attempt.
Right-Click the link, and copy/paste it in to Google. This will more than likely bring up reviews and scam reports on the website in question.
If it doesn’t feel right, it probably isn’t. It’s always better to manually type out a URL you know than to click a hyperlink you don’t.

With phishing at its all-time high, you should always be careful of the emails you open, and the links that are contained inside of them.