PayPal Abuse, Fraud, Google Email with False Links showing so you can know what fraud and abuse looks like.

If you knock ..
Using our Live Help button ..

We do our best to answer you near instantly ..
Press the button for Good Works On Earth's Live Help.

You will notice this fraudulent email contains the hidden use of google in the fraud.
On the original email, you do not see that the paypal link is really a google link.
The underlying link is the fraudulent hook here.
We have emboldened that one specific line for your ease of finding the false hook.
First, here is what the email looks like without full headers on showing below it.
Please understand, this is a fraudulent email, with full proofs showing in the email paths in the full headers on section.
It looks like it is real, and from PayPal.
It is not.
~~~~~~

Subject:   Protect Your Paypal Account
              From: service@paypal.com
              Date:     Thu, November 11, 2004 4:47 am
                To:        lexigram@goodworksonearth.org
            Priority:       Normal

Dear goodworksonearth

We recently reviewed your account, and suspect that your PayPal account may
have been accessed by an unauthorized third party. Protecting the security
of your account and of the PayPal network is our primary concern.
Therefore, as a prevention measure, we have temporarely limited access to
sensitive PayPal account features.
Please click on the link below to confirm your information :

The visible link you see on the email they sent us is this :
https://www.paypal.com/cgi-bin/webscrun?USER=atgoodworksonearth
Underlying that apparently vaild looking link, is the real link, designed so it does not show on the bottom of your screen the real destination it will take you to which is this :
http://www.google.com/url?q=_%6874%7470%3261.33.179.58/.paypal/.verifiction/log1.htm
https://www.paypal.com/cgi-brun?USER=atgoodworksonearth

Both links above have been edited a bit to break the usage validity and still show you what the links look like and how you might still see
PayPal, or any other secure site's address showing on the bottom of your screen, and yet the real link is taking you elsewhere.

(spamassassin: 2.64. Clear:RC:0(67.18.187.42):SA:0(4.5/5.0):.
Processed in 1.316925 secs); 11 Nov 2004 12:44:18 -0000
X-Spam-Status: No, hits=4.5 required=5.0
X-Spam-Level: ++++
X-Antivirus-MYDOMAIN-Mail-From: nobody@alpha.ezysupport.com via clark
X-Antivirus-MYDOMAIN: 1.22-st-qms (Clear:RC:0(67.18.187.42):SA:0(4.5/5.0):. Processed in
1.316925 secs Process 30682)
Received: from 42.67-18-187.reverse.theplanet.com (HELO alpha.ezysupport.com) (67.18.187.42)
by mail.opn.org with AES256-SHA encrypted SMTP; 11 Nov 2004 04:44:16 -0800
Received: from nobody by alpha.ezysupport.com with local (Exim 4.43)
id 1CSEMh-0006qP-SN
for lexigram@goodworksonearth.org; Thu, 11 Nov 2004 12:47:51 +0000
To: lexigram@goodworksonearth.org
Subject: Protect Your Paypal Account
From: service@paypal.com
Content-Type: text/html;
charset=iso-8859-1;
Message-Id: <E1CSEMh-0006qP-SN@alpha.ezysupport.com
Date: Thu, 11 Nov 2004 12:47:51 +0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - alpha.ezysupport.com
X-AntiAbuse: Original Domain - goodworksonearth.org
X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - alpha.ezysupport.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: stimatiasx.us:/public_html/mail
X-Antivirus-MYDOMAIN-1.22-st-qms: added fake MIME-Version header
MIME-Version: 1.0

Dear lexigram@goodworksonearth.org,

We recently reviewed your account, and suspect that your PayPal account may
have been accessed by an unauthorized third party. Protecting the security
of your account and of the PayPal network is our primary concern.
Therefore, as a prevention measure, we have temporarely limited access to
sensitive PayPal account features.
Please click on the link below to confirm your information:
<a href=http://www.google.com/url?q=684%7460%361.33.179.58/.paypal/.verification/log1.htm>
         PLEASE NOTE : THE ABOVE IS THE UNDERLYING LINK
         and THE BELOW LINK IS THE ADDRESS THAT WILL SHOW ON THE SURFACE OF THE FRAUDULENT EMAIL
         BOTH LINKS HAVE BEEN ALTERED TO PREVENT USAGE
https://www.paypal.com/cgi-bin/webscr?cmd=_loginrun?USER=Lexigramatgoodworksonearth

For more information about how to protect your account, please visit
PayPal's Security Center, accessible via the "Security Center" link located
at the bottom of each page of the PayPal website.

We apologize for any inconvenience this may cause, and appreciate your
assistance in helping us maintain the integrity of the entire PayPal
system. Thank you for your prompt attention to this matter.

We posted the above PayPal fraud and Pay Pal abuse letter received into Good Works On Earth on 20041111 on our site with the page name of :
http://www.goodworksonearth.org/paypal-fraud-google-abuse020041111.html

Welcome to the
HARMONIC CONCORDANCE
The Gatherings of Souls Hearts Glowingly So

This is a Star Arts Net Site
This is a Good Works Website
This is a Good Works Web Creation
This is a Good Earth Works Web Page

This is Good Works On Earth Good Will All Site
We are a Good Earth Works Network
Meet the Board goodworksonearth.org
We are Good Works On Earth dot org
webmaster@goodworksonearth.org
lexigram@goodworksonearth.org
We are Flash Letters Empowered
Welcome to the Web of Love

Good Works On Earth is a 501(c)3 tax-exempt,
charitable and educational non-profit organization.

Blessings Be

~ Kathy Uno ~
WebMistress

Good Works On Earth
All Rights ReServed World Wise
Burnishings to the Gold Standard began on : 20051213

This page was last updated in some way on : 20080609

YA, MAY, AY !

MARCH Anagrams

Anagrams of FEBRUARY

Have you read the Star Art of AMERICANS

Note of 20100107
Our new mailing address is :
Good Works On Earth
PO Box 11682
Eugene, OR 97440
United States