Notification of Limited Account AccessNOTE: Resolution Center links to an insecure website with some cgi.bin stuff in the link. At that site they require your login data.
Why is my account access limited?
Your account access has been limited for the following reason(s):
Nov. 15, 2005:
1. We would like to ensure that your account was not accessed by an unauthorized third party.
Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features.
2. Unusual account activity has made it necessary to limit account access until additional verification information can be collected.
3. If your account was hijacked, the bank account attached is vulnerable too. Please respond as soon as possible!
How can I restore my account access?
Please visit the Resolution Center and complete the "Steps to Remove Limitations."
Once you complete all of the checklist items, your case will be reviewed by one of our Account Specialists.I have informed PayPal about this event. It is the first time I received such an attack. Please pass on this information to whom it may concern.
We will send you an email with the outcome of the review.
If, after reviewing your account information, you seek further clarification regarding your account access,
please contact PayPal by visiting the Help Center and clicking "Contact Us".
PayPal Account Review Department
PayPal Email ID PP522
The header of the email contains this:
Subject: PayPal Account Compromised.Unconfirmed change of email address.
Date: 15. November 2005 16:59:27 GMT+01:00
X-Apparently-To: email@example.com via 18.104.22.168; Tue, 15 Nov 2005 10:12:59 -0800
Authentication-Results: mta143.mail.re2.yahoo.com from=paypal.com; domainkeys=neutral (no sig)
Received: from 22.214.171.124 (EHLO search.stoo.com) (126.96.36.199) by mta143.mail.re2.yahoo.com with SMTP; Tue, 15 Nov 2005 10:12:58 -0800
Received: (from root@localhost) by search.stoo.com (8.11.6/8.11.6) id jAFFxRT06410 for firstname.lastname@example.org; Wed, 16 Nov 2005 00:59:27 +0900
The mail originated Korea, DNS lookup shows me.