I’ve mentioned phishing scams before, in a number of places. This email arrived yesterday,

Note the red flags on this one:

1. A sender’s address that is not “Paypal.com”
2. Poor formatting
3. Incomplete text

The attachment they mention gives you this:

If you are foolish enough to provide this information, it will be sent not to PayPal but to http://162.213.154.42/~oilreol/service.php:

NetRange	162.213.152.0 – 162.213.155.255
CIDR	162.213.152.0/22
NetName	FUC-US-2001
NetHandle	NET-162-213-152-0-1
Parent	NET162 (NET-162-0-0-0-0)
NetType	Direct Allocation
OriginAS	AS26272
Organization	FortaTrust USA Corporation (FUC-9)
RegDate	2013-06-10
Updated	2013-12-17
Ref	http://whois.arin.net/rest/net/NET-162-213-152-0-1
OrgName	FortaTrust USA Corporation
OrgId	FUC-9
Address	3701 NW 82 Ave.
City	Doral
StateProv	FL
PostalCode	33166
Country	US
RegDate	2012-03-08
Updated	2014-07-02
Ref	http://whois.arin.net/rest/org/FUC-9
OrgAbuseHandle	IPADM602-ARIN
OrgAbuseName	IP Admin
OrgAbusePhone	+1-305-898-0033
OrgAbuseEmail	ipadmin@fortatrust.com
OrgAbuseRef	http://whois.arin.net/rest/poc/IPADM602-ARIN
OrgNOCHandle	IPADM602-ARIN
OrgNOCName	IP Admin
OrgNOCPhone	+1-305-898-0033
OrgNOCEmail	ipadmin@fortatrust.com
OrgNOCRef	http://whois.arin.net/rest/poc/IPADM602-ARIN
OrgTechHandle	IPADM602-ARIN
OrgTechName	IP Admin
OrgTechPhone	+1-305-898-0033
OrgTechEmail	ipadmin@fortatrust.com
OrgTechRef	http://whois.arin.net/rest/poc/IPADM602-ARIN

This information does not mean that FortaTrust itself is necessarily behind the phishing attempt, but someone could be using their servers in spurious ways.

Whatever the case, be careful out there. PayPal and other legitimate financial institutions will never ask you for sensitive financial data by email.

The Old Wolf has spoken.