PayPaI: Due to recent irreguIar activity aII services on your account have been Iimited.

So once again I got spam messages about PayPal or in this case “PayPaI” but something the scammer doesn’t know I don’t have a PayPal account never had one. So lets investigate.

Message

“PayPaI: Due to recent irreguIar activity aII services on your account have been Iimited. Visit: REDACTED LINK to Iift Iimitation.”

Analysation

For the start there is a few things wrong with the text message right off the mark.

if we take a look at the message the first thing I notice is the mobile phone number and not a text messaging service number at the top. moving down the message we can see its misspelt and down more to the link we can see the website domain doesn’t look right, it doesn’t content PayPal and clearly is not an official domain.

Any.run Analysation

Any.run analysation of the link HERE

As we can see the webpage doesn’t load which is strange.

so i decided to check the DNS entry for the domain using googles DNS over https web page we can easly look up the domain and see the records.

GOOGLE DNS SEARCH HERE

so I got thinking if this is sent to a mobile phone I might be designed to only be opened on a mobile phone. so this is my next step and low and behold, as you can see from the image below it loads a fake paypal login screen phishing for credimental.

looking at the source code for the website we can see its heavily protected and encrypted, to hinder analysation by automated tools or scanners.

End thoughts

So at the end of it all, we have once again found phishing page attempting to steal user credentials in this case for PayPal most likely to steal money from users accounts, if you are ever in question about a link do not click the one in the email and use the official website via google or another device.