Suspicious Phishing Email Investigation

By Sajid Kiani | TN Media News:  Over the past few days, I received several suspicious emails claiming to be from PayPal. These emails raised security concerns and appeared to be phishing attempts—fraudulent messages designed to steal personal information. In this article, I explain how to identify such emails and verify their authenticity using free tools and simple checks.

What Is Phishing?
Phishing emails are crafted to deceive recipients into revealing sensitive data such as usernames, passwords, and financial details. Although this case focuses on PayPal, the same methods apply to any online service.

Step-by-Step Investigation
1. Alarming Subject Line; The subject line claimed urgent action was required, a common tactic used by scammers to provoke a quick response. It included unnecessary special characters, which legitimate companies usually avoid. These characters are often used to bypass email filters.

2. Google Search Verification: A quick Google search of the email subject revealed that similar messages had already been reported by users from different platforms.

3. Suspicious Sender Address: The sender’s email appeared to be “secure[@]int-limited[.]com.” At first glance, it mimicked a legitimate security address. However, a deeper look revealed email masking—an attempt to disguise the true origin of the message. PayPal typically uses formats like “PayPal paypal@mail.paypal.co.uk.”

4. Untrustworthy Domain: Searching for the domain “int-limited” showed no association with PayPal. A Whois lookup also confirmed the domain lacked ownership records. Another domain, “spainjanjuk.com,” was found in the email headers. A reputation check using BrightCloud gave it a low trust score of 40/100, further confirming the email’s suspicious nature.

5. Fake Branding and Links: The scam email included a PayPal logo, but it was only an image—without an embedded PayPal URL. In genuine emails, PayPal embeds official links behind its logos. Additionally, the “Log in to PayPal” button redirected to a domain that did not belong to PayPal. URLScan and Google Safe Browsing confirmed the embedded link was malicious.

Key Observations:
Email masking was used to mislead the recipient. No valid domain association was found with PayPal. The embedded link was malicious and redirected users to unknown websites. Logo impersonation aimed to give a false sense of legitimacy.

Conclusion: This investigation confirms the email was a phishing attempt. No special tools were needed—just publicly available resources like Google Search, Whois, BrightCloud, and URLScan. The email has since been reported to spoof@paypal.com and marked as junk using Microsoft’s built-in feature.

Final Reminder: Always verify suspicious emails before clicking any links. Report phishing attempts to the relevant service provider to help prevent future attacks.

📍 More stories at: tnmn.tv
📱 Follow us: Facebook | Twitter