The website, waltkoeh.com, is a fake PayPal website created by cybercriminals to steal visitors' PayPal credentials. The fake website claims unusual activity has been detected on the visitors' PayPal account, therefore, their accounts have been locked to protect against unauthorised transactions. The website then asks visitors to verify their accounts by entering their credentials. But, if the visitors attempt to sign-in with their credentials, it will be sent to the cybercriminals.
Once the cybercriminals have received the stolen credentials, they will use it to gain unauthorised access to their potential victims' PayPal accounts.
Cybercriminals use the fake PayPal email below to trick their potential victims into visiting waltkoeh.com. If recipients of the fake email go to www.Msg8019Sent.com, they will be sent or redirected to waltkoeh.com.
A Fake PayPal Email used by CyberThieves
From: JeffreyLLandwehr@Safe-mail.net
To: spoof@paypal.com
Subject: PayPaI:We've detected unusual activity
Date: Sat, 18 May 2019 11:53:04 -0400
From : 1-410-200-505
FRM:Service
SUBJ:PayPaI:We've detected unusual activity.
MSG:hxxp://www.Msg8019Sent.com
Date : 05/018/2019 11:19 am
Paypal We've Detected Unusual Activity
Date: Sat, 18 May 2019 11:53:04 -0400