A phishing email popped up in my inbox, and just for fun, I decided to study the links and domains associated with it.  I would never have guessed what names and addresses popped up in relation to this bit of spam.

I received this bit of phishing email today:

Please Update Your Billing Records!
Dear Member,

It has come to our attention that your PayPal Billing Information records are out of date. That requires you to update the Billing Information.

Click here to update your account

Thank you for using PayPal!

Terms of Suspended

Please update your records in maximum 12 hours otherwise your account will be suspended.

Once you have updated your account records, your PayPal session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems.

"Terms of Suspended"? 

Bad grammar is a dead giveaway.  Phishing refers to an attempt to acquire userids and passwords fraudulently.  The classic form is the email message informing you that your account is about to be terminated unless you sign in right away.  A link is provided to a webpage mocked up to look legitimate.  You log in, and a message tells you your account is now OK.  What really has happened is that the criminals have recorded your userid and password.

Nothing new here, really, but on a whim, I checked on the address given for the fake login page:  http://darbypta.com/financials/cgi-bin/

Clearly not PayPal.

But interestingly, it is a legitimate domain, that is, it is not a porn site or a warez site.  It is the domain for the Darby Elementary School Parent-Teacher Association in Northbridge, California.  As for the "PayPal" link at financials/cgi-bin?  No page exists at this URL, so it doesn't seem like a well-executed phishing scam.

So I checked the domain of the sender of the email: email1.pay-pal.com.

   Registrant: 
      paypalsucks.com
      dk ruff
      Suite 500 1 N. Wacker Dr.
      Chicago, IL 60606
      US
      Email: buythem@keepstime.com

   Administrative Contact:
      pay-pal.com
      dk ruff
      17013 steeplechase pkwy 
      orland park, IL 60467
      US
      Phone: 708478-7834
      Email: keepstime@hotmail.com

PayPalSucks.com is a gripe site, dedicated to spreading the word about what a lousy service PayPal provides:

PayPal Sucks, aka No PayPal, is an anti paypal site to expose the nightmare of doing business "the paypal way." Post your complaints, troubles, fraud stories, lawsuits, and other dissatisfaction in the forums.

Here is the registration information for PayPalSucks.com:

Registrant Contact:
   PayPalSucks.com
   Marshall Golub (admin@paypalsucks.com)
   +1.9548069308
   Fax: 
   3850 E Coquina Way
   Weston, FL 33332
   US

Not "dk ruff".  Marshall Golub is also the name of the National Sales Director for Charge.com, a PayPal competitor, but that might be a coincidence.  The address given for the pay-pal.com registration, Wacker Drive in Chicago, is actually the address for the office of The Options Clearing Corporation:

The Options Clearing Corporation
One North Wacker Drive, Suite 500
Chicago IL 60606

The Options Clearing Corporation (OCC), founded in 1973, is the world's largest equity derivatives clearing organization. We are dedicated to promoting stability and financial integrity in the marketplaces that we serve by focusing on sound risk management principles. By acting as guarantor, we ensure that the obligations of the contracts we clear are fulfilled.

Basically, OCC issues and clears all US exchange-listed securities.  Interesting.

So is PayPalSucks.com behind the phishing email that seemed incapable of collecting any information?  Perhaps, and you could imagine the goal for PayPalSucks.com was to irritate potential PayPal users by reminding them of the phishing efforts directed at PayPal.

But then why make it so easy to trace it back to PayPalSucks.com?  Why give a fake address to the OCC but still provide the name PayPalSucks.com?  And why the address for the OCC, of all places to pick from?

My theory is that this is an attempt to make PayPalSucks.com look bad.  Again, we have a phishing email that is not actually capable of phishing.  And then we have a registration record that names PayPalSucks.com.  Now it looks like PayPalSucks.com is trying to smear PayPal by sending spam, and crappy spam at that.  As a result, I'm upset at PayPalSucks.com for  playing these games instead of sticking to running a gripe site.

I can't explain why the address of the OCC shows up in this.  That's a headscratcher.  I can only assume that the people behind this email are familiar with the address.

The real question, though, is who benefits from making PayPalSucks.com look bad.  I leave that as an exercise for the reader.

There are other theories that fit the facts.  None of it really matters.  I just found it to be an interesting diversion for a half-hour, and learned about the OCC and PayPalSucks.com along the way.

Posted by: Steve Janke at 08:24 PM | Comments (62) | Add Comment
Post contains 799 words, total size 7 kb.

1 Posicionamientodeunaweb.com la mejor página web de posicionamiento web en Google y otros buscadores. Accede online a los informes de posicionamiento web y posiciona en lo + alto de Google su página web. Posicionamiento web desde sólo 7,90€/mes. Posicionarte en lo + alto de Google ya es posible. Aumento de visitas 100% GARANTIZADO.

Posted by: Posicionamiento en Google at October 21, 2012 09:49 AM (LcSS1)

2 canada goose prices canada goose factory outlet sverige canada goose canada goose jakke 2012 canada goose red canada goose expedition women parka canadienne canada goose jakke salg Freestyle Vest Canada Goose Women Hyacinth Canada Goose Outlet

Posted by: Freestyle Vest Canada Goose Women Hyacinth Canada Goose Outlet at November 09, 2012 02:20 PM (PIxx9)

3 canada goose down jacket canada gooze canada goose återförsäljare canada jacket aleutian canada goose canada goose arctic parka canada goose officiel canada goose calgary parka Canada Goose Manitoba Jacket Navy Discount Canada Goose

Posted by: Canada Goose Manitoba Jacket Navy Discount Canada Goose at November 09, 2012 02:20 PM (PIxx9)

4 hello, fantastic blog post. Please keep them coming..

Posted by: talking tom cat online at November 10, 2012 10:05 AM (Vz2JW)

5 I like the way that this website is set up. The music in the background is extremely nice! I learned about this place through my friend, Sydney Riley. She got braces from your company on Wednesday, 11-10 I like the quality of work that you did. |; North Face Jackets sale

Posted by: North Face Jackets sale at November 13, 2012 01:24 PM (QBlum)

6 Hello there, I found your blog by way of Google at the same time as searching for a comparable subject, your site got here up, it looks great. I have bookmarked it in my google bookmarks.

Posted by: Weeds season 8 dvd at November 13, 2012 02:57 PM (lpoFk)

7 Love the post will be back again to visit and tell friends about excellent site and original posts.

Posted by: GET A BIGGER BUTT at November 16, 2012 12:01 AM (4C/ft)

8 We wholesale nba jerseys sale online,Store have Cheap Basketball Jerseys and throwback NBA jerseys,Buy Cheap nba Jerseys online Save up to 60% for Jerseys.

Posted by: Cheap NBA Jerseys at November 21, 2012 05:57 AM (MBz+K)

9 Sale Cheap Nike Air Max in NZ Store,We have Nike Free Run 2,3 and Nike Air Max 90,2012,2011 you can get,all Cheap Nike Shoes fast shipping to you.

Posted by: Nike Air Max 90 at November 21, 2012 07:36 AM (lVGOX)

10 Cheap ghd straighteners sale UK,Store Hot Sale Cheap ghd hair straighteners, Buy ghd straighteners 100% High-quality and Free Shipping to you.

Posted by: ghd straighteners at November 22, 2012 06:58 AM (VPAcq)

11 NBA jerseys,Buy Cheap nba Jerseys online Save up to 60% for jerseys:

Posted by: Chicago Bulls Jerseys at November 26, 2012 03:26 AM (pvUH2)

12 Cheap jerseys,wholesale nfl jerseys supplier ,offer cheap nfl jerseys.Football jerseys with authentic quality and fast delivery ,free shipping .save 80% off .

Posted by: Chiefs jersey Cheap at November 29, 2012 07:48 AM (eOBZU)

13 Cheap NFL Jerseys China Wholesale have Supply.

Posted by: Redskins jersey Cheap at November 29, 2012 08:10 AM (4wzxQ)

14 Normally I don't read article on blogs, but I wish to say that this write-up very forced me to try and do so! Your writing style has been amazed me. Thanks, quite nice article.

Posted by: The Lion King Trilogy DVD Boxset at November 29, 2012 04:27 PM (UOnAO)

15 I know this if off topic but I'm looking into starting my own weblog and was wondering what all is required to get setup? I'm assuming having a blog like yours would cost a pretty penny? I'm not very internet smart so I'm not 100% positive. Any suggestions or advice would be greatly appreciated. Many thanks

Posted by: Desperate Housewives Season 5 DVD Boxset at November 29, 2012 04:47 PM (UOnAO)

16 GHD Australia Online Sale GHD Hair Straightener,High-quality GHD Straightener Australia you can save 60% off,All Cheap GHD Fast Delivery: http://www.aughdstores.com

Posted by: GHD Australia at November 30, 2012 04:12 AM (jDMW3)

17 "As the IDF and Israeli leaders are stupid and unable to retreat when they should they will repeat their earlier mistakes and will now go for a ground invasion in Gaza."

Posted by: veste north face at November 30, 2012 11:14 AM (BrDJe)

18 I like it very much!sd5f46s5df465sd4f

Posted by: cheap f50 cleats at December 02, 2012 11:59 AM (kMfky)

19 Hello first time to come to this forum, I like it very much!sd5f46s5df465sd4f

Posted by: lebron james 9 galaxy at December 03, 2012 09:20 AM (d1mUr)

20 we sale GHD Hair Straightener in Australia,all GHD Australia cheap price you can get,ghd straightener australia from our: http://www.onlineaughds.com

Posted by: GHD Hair Straightener at December 03, 2012 03:59 PM (rz4ZF)

21 Top Quality Cheap Jerseys - 70% off Cheap NFL Jerseys Wholesale Free Shipping

Posted by: Packers jersey cheap at December 05, 2012 11:36 AM (wmdzq)

22 Wholesale Jerseys Shop Supply NFL Jerseys Free Shipping

Posted by: Jaguars jersey cheap at December 05, 2012 11:59 AM (wmdzq)

23 After Cast Lead one of "Israel's" hi-profile clowns assured the world that the attack on Gaza was to "send a message" to Iran. I can't remember which clown said it,

Posted by: shop north face at December 05, 2012 02:16 PM (QTLvO)

24 Its such as you learn my thoughts! You appear to grasp a lot approximately this, such as you wrote the ebook in it or something. I think that you can do with some percent to pressure the message home a little bit, but instead of that, this is fantastic blog. An excellent read. I'll definitely be back.

Posted by: Nike Zoom Kobe at December 06, 2012 11:23 PM (8QNsI)

25 Kuxiyov rowuv eduqaraziq Vigrx Plus rirosozi urawibuj baf moxuvami

Posted by: vigrx plus at December 07, 2012 07:00 AM (Rv9y0)

26 Isabel Marant tends to make shoes or boots, boot styles, and also garments which can be secure to be able to use the entire day. Their particular goods can be obtained throughout the world with a affordable value.First of all, isabel marant boots have a unique design, its designing style is pretty novel and fashionable so that thousands of ladies pursue and support it. For another, the stlyling is very characteristic, and the ornaments on it are typical and charming. The last but not least, isabel marant shoes is rather sexy , that’s why so many ladies love it. Wearing the high heel shoes of isabel marant, you look very sexy and charming.Do you wish to use a excellent efficiency within your lifestyle? Isabel Marant Boot styles entirely end up being the favored goods between folks of most age groups nowadays.Frome the site:http://www.isabelmarantsneakerbekket.com Isabel marant sneaker http://www.isabelmarantsneakerbekket.com/

Posted by: Isabel marant sneaker at December 07, 2012 02:10 PM (ROwfO)

27 How are you? Really good blog keep up writting! Sexy Lingerie Greetings http://www.sacslongchampsolders.com/! longchamp http://www.sacslongchampsolders.com/

Posted by: longchamp at December 07, 2012 03:32 PM (ROwfO)

28 How are you? Really good blog keep up writting! Sexy Lingerie Greetings http://www.sneakerisabelmarantbasket.com/! Isabel marant sneakers http://www.sneakerisabelmarantbasket.com/isabel-marant-sneakers-c-1.html

Posted by: Isabel marant sneakers at December 07, 2012 05:57 PM (ROwfO)

29 How are you? Really good blog keep up writting! Sexy Lingerie Greetings http://www.sneakerisabelmarantbasket.com/! Isabel Marant Bekket http://www.sneakerisabelmarantbasket.com/isabel-marant-bekket-hightop-suede-blue-tongue-sneakers-p-5.html/

Posted by: Isabel Marant Bekket at December 08, 2012 01:40 PM (D7dZp)

30 Pirater mot de passe facebook

Posted by: merou at December 11, 2012 02:05 PM (ASirR)

31 Cheap ghd straighteners sale UK,Store Hot Sale Cheap ghd hair straightener,Buy ghd straighteners Free Shipping to you: http://www.ghduksonlines.com

Posted by: ghd straighteners at December 13, 2012 05:56 AM (h9LcV)

32 Cheap ghd straighteners sale UK,Store Hot Sale Cheap ghd hair straighteners,Buy ghd straighteners 100% High-quality and Free Shipping to you: http://www.ghduksonlines.com

Posted by: GHD Pink Orchid at December 13, 2012 12:19 PM (dWX1l)

33 Hi there, just became alert to your blog through Google, and found that it's truly informative. I am going to watch out for brussels. I will appreciate if you continue this in future. Lots of people will be benefited from your writing. Cheers!

Posted by: Army Wives seasons 1-6 dvd at December 14, 2012 09:32 AM (Jc6JF)

34 Hey guys i want to share with you a way i make $500 daily and i only spend 5 minuites doing it a day! I strongly suggest you check their website out as there is a brilliant video that explains every thing you have to know. Check them out at DOMINATE MOBILE MARKETING

Posted by: brand at December 23, 2012 10:36 AM (vGyU0)

35 hYwPTTzH Cheap ha ha ha

Posted by: brand at December 26, 2012 11:14 AM (5CZyQ)

36 I would like to get much more blogs like your. Its a really nicely written a single and also a true pleasure to go through! Create more about this topic make sure you !!

Posted by: brand at December 26, 2012 10:49 PM (VswyS)

37 There are some interesting points in that clause but I dont know if I see all about them eye to centre . There is some validness but I will take hold legal opinion until I look into it further. Good clause, thanks and also we want more! Added to FeedBurner besides.

Posted by: vanmoo blog at January 04, 2013 01:10 PM (dAXVQ)

38 After examine just a number of of the weblog posts in your website now, and I actually like your way of blogging. I bookmarked it to my bookmark website record and can be checking again soon. Pls try my website as well and permit me know what you believe. north face boots womens http://www.thenorthfaceoutlet2013sale.com/north-face-boots-womens-c-1_24.html?zenid=ae0067eb15659ec88e70dd79e7972feb

Posted by: north face boots womens at January 08, 2013 05:32 PM (5CkuR)

39 Hiya. Very cool website!! Man .. Excellent .. Amazing .. I will bookmark your website and take the feeds also…I am satisfied to find so much helpful information here in the post. Thank you for sharing.. north face shoes mens http://www.thenorthfaceoutlet2013sale.com/north-face-shoes-mens-c-1_10.html?zenid=ae0067eb15659ec88e70dd79e7972feb

Posted by: north face shoes mens at January 08, 2013 05:32 PM (5CkuR)

40 Please let me know if you’re looking for a article author for your blog. You have some really good articles and I think I would be a good asset. If you ever want to take some of the load off, I’d really like to write some material for your blog in exchange for a link back to mine. Please shoot me an e-mail if interested. Thank you! the north face 2013 http://www.thenorthfaceoutlet2013sale.com/the-north-face-2013-c-1.html?zenid=ae0067eb15659ec88e70dd79e7972feb

Posted by: the north face 2013 at January 08, 2013 05:33 PM (5CkuR)

41 Thank you incredibly substantially for your exciting text. I have been looking for these types of message to get a definitely very long time. Thank you. north face 2 in 1 http://www.thenorthfaceoutlet2013sale.com/north-face-2-in-1-mens-c-1_4.html?zenid=ae0067eb15659ec88e70dd79e7972feb

Posted by: north face 2 in 1 at January 08, 2013 05:33 PM (5CkuR)

42 Thank you incredibly substantially for your exciting text. I have been looking for these types of message to get a definitely very long time. Thank you. north face gloves http://www.thenorthfaceoutlet2013sale.com/north-face-gloves-c-1_15.html?zenid=ae0067eb15659ec88e70dd79e7972feb

Posted by: north face gloves at January 08, 2013 05:33 PM (5CkuR)

43 I wanted to compose you a bit of observation to finally say thank you however again regarding the nice techniques you've documented at this time. It truly is quite wonderfully generous of people like you in giving extensively just what a lot of people would've offered for sale as an e-book in making some cash on their own, chiefly seeing that you could have done it if you ever decided. These strategies additionally served as the huge way to be sure that someone else have the identical fervor just like my own to discover out good deal more with regards to this problem. I know there are plentiful more agreeable instances ahead for people that take a have a look at your web site.

Posted by: sinhalaunicode.learnenglishinsrilanka.com/activity/p/43318/ at January 09, 2013 12:34 PM (+0Ycx)

44 Stunning story there. What happened after? Take care!

Posted by: Jewel at January 13, 2013 10:19 AM (Fpva1)

45 Hello would you mind sharing which blog platform you're using? I'm going to start my own blog in the near future but I'm having a difficult time deciding between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your layout seems different then most blogs and I'm looking for something unique. P.S Apologies for being off-topic but I had to ask!

Posted by: vuelos baratos desde Madrid A valencia at January 13, 2013 12:32 PM (Fpva1)

46 A splendid article, I just given this onto a colleague who was doing a little analysis on this. And he in fact purchased me lunch because I found it for him . So let me rephrase that: Thanks for the treat! But yeah Thankx for taking the time to talk about this, I feel strongly about it and enjoy learning more on this topic. If possible, as you become expertise, would you mind updating your blog with more info? It is extremely helpful for me. Two thumb up for this article! アグ ブーツ アグ ブーツ

Posted by: アグ ブーツ at January 14, 2013 07:31 AM (P8mfl)

47 Very rapidly this web site will be famous amid all blogging and site-building people, due to it's pleasant articles or reviews

Posted by: kaunbanegacrorpati.com at January 15, 2013 01:41 AM (RHKhg)

48 Not only did my lungs hurt, excluding I too had one supplementary difficulty that ongoing on the subsequent daylight hours of quitting smoking. My stomach happening to hurt and felt akin to it doubled in mass. The nicotine in my system is being on the loose and wearisome to exit as of every part of my body. I happening getting the unbearable soreness that ended intake and drinking something hard. I possibly will not obtain it! Health e cigarette http://www.vogo-tec.com

Posted by: Health e cigarette at January 17, 2013 01:10 AM (glRi1)

49 Awsome post and straight to the point. I dont know if this is actually the best place to ask but do you folks have any thoughts on where to employ some professional writers? Thank you prada éž„ prada éž„

Posted by: prada éž„ at January 18, 2013 06:11 PM (ClAQW)

50 Rosales flottait personnalis maillot de foot. elle rubrique juste à lintérieur du poteau droit du haut de Sanchez 6, Sounders Adrian Hanauer directeur général a déclaré dans un communiqué ? Lentra?neur Sigi Schmid na pas écarté la fatigue finit par jouer un r?le . Une blessure de leur meilleur buteur naidera pas leurs efforts pour se remettre sur la bonne voie, lun des Seattle trois buts au cours de la quatre derniers matches de championnat, mais vous avez aussi appris à penser en termes de blessures , tombant 2-1 à Portland le dimanche de quitter le club au 0-4-3 à ses sept derniers . maillot de foot 2013 2014

Posted by: maillot de foot 2013 2014 at January 20, 2013 06:50 AM (tIpXM)

51 nice your site thanks for sharing love you all teme good work keep it up
<a href="http://hqview-wallpapers.blogspot.com/">Wallpapers</a> <a href="http://hqview-wallpapers.blogspot.com/">Computer wallpaper</a> <a href="http://hqview-wallpapers.blogspot.com/">Desktop wallpaper</a> <a href="http://hqview-wallpapers.blogspot.com/">Background wallpaper</a>

Posted by: Syed Qamer at February 06, 2013 09:39 AM (SPe9O)

52 nice your site thanks for sharing love you all teme good work keep it up
<a href="http://hackingsoftwaresfreedownload.blogspot.com/">Hacking Softwares</a></div> <a href="http://hackingsoftwaresfreedownload.blogspot.com/">Facebook Hacking</a></div> <a href="http://hackingsoftwaresfreedownload.blogspot.com/">Password Hacker</a></div> <a href="http://hackingsoftwaresfreedownload.blogspot.com/">Facebook Hack Password</a></div>

Posted by: Syed Qamer at February 06, 2013 09:41 AM (SPe9O)

53 Emily Dream

Posted by: windows 7 product key at February 08, 2013 03:55 AM (JrXYi)

54 Ya çok teşekkür ederim bende bunu arıyordum

Posted by: windows 7 product key at February 08, 2013 03:55 AM (e0/th)

Hide Comments | Add Comment