eBay

I also received it.

It is a phishing email, but there is no malicious payload in it, just some gibberish strings (hidden by using white text on white background), and a very cluttered link (to visually obfuscate) to what looks like a server in Brazil where they would do their phishy businees (and possible drop a malicious payload - so DO NOT CLICK the link.)

I'm not going to try to go down the rabbithole and follow the link because there is no way to do so without leaving it intact and validating my email address/name combo to them.

What IS interesting about it is that my correct name was on it. If this was targeted and sent only to eBay or PayPal email addresses, it's maybe a strong indicator that they are using data from the eBay breach directly,  or have taken it to the next level with data mining of data combined and filtered from other breaches.

If blasted out in general, it could also be either of the above.

Forward it to spoof@paypal.com, and other wise ignore it (and don't click the link*)

*clicking the link in the email is bad, m'kay,  because

• validates you to them as a link clicker and validates that email address+name (there is, I'm sure, info embedded in that long link that specifically identifies you (encoded email address, an index number to you in their database, etc)
• exposes you to potential drive by malware when you hit the phishing site

For those curious, here is the base64 decoded body of the email I received (all strings were randomized, formatted with line breaks to display here better, and obfuscating whitespace stripped out)

<div style="font-size: 17px; color: #ffffff;">
JpftZZe8JG8jmzI9nodRgfcgniq</div>
<div style="font-size: 17px; color: #ffffff;">
AzMaVlZ5iOsMjSRvUTdMMDyGo2s</div>
<div style="font-size: 17px; color: #000000; text-align: center;">
We sorry,message content could not be displayed.<br><br>
<a style="display: block; text-decoration: none; color: #666666; font-weight: bold;"
href="http://537-222-833.EqgnMByFJl.JXbjExngQsH2dfLg.tk/cgi-bin/_JvsCoktws65ZRP2xwkpY/
W7TOvkcrVs7OXk7uxyHhznBsxHNRvLz7u4SpkOln/tYlNAA0lBOO7bU96I9bFLvy8HVoVSqyqd6oAJNUK.
OJocOBopEF06mmHNtkvJ-Vq8ht2beiy8eV3Tkh2Rv-b22MZmYcL2yU=/57xyz/" target="_blank">
Show original message</a></div>
<div style="font-size: 17px; color: #ffffff;">
LT
ciXDGe9tligPXENl0M0B
bfrh4
wCKxYfs4WpDqfe
Za5i5nnXGfgMq5E
UTPS8GZpk4hXY
hDWGPlc4rs0zwN8
</div>

Nothing there but the white on white gibberish strings and the long link (to the presumed phishing site). No scripts, no hidden payloads. Simplicity - helps get their phishing email past ISP and AV email filters.

Thanks, I didn't have any links to click in mine & it didn't have my name.
Plus I never ever click links 
Here is mine

Mine showed  "Show Original Message" instead of "Display Message Content" as yours does.

The "Show original message" is the link. What happens when you hover over (don't click) "Display Message Content" in yours? Should show the target link (unless whatever you are viewing it in doesn't provide that functionality or your version of the phishing email is more complex and has scripting to prevent mouseover reveal).

Now I'm curious. Apparently there were at least two slightly different versions in the campaign.

No good on hover over , doesn't do anything execpt let me click which I won't do.

Are you using a webmail browser view? (I use old Outlook Express Mail client that let's me do things 🙂

Can whatever you are using let you view the raw source of the email somewhere on the menus?