partial recall

a blog of ideas, links, and musings.

Phishing for a Sucker

26.08.2005.

This is the second phishing attack I’ve received in the last 2 months. For those of you unfamiliar with the term, Webster defines phishing as

“The practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords.”

Notice the email I received. It looks authentic, doesn’t it? However, when I click on any of the three links in the message, the address that displays does not match the address in the email. Instead, it links me to a very different address.

PayPal Scam

PayPal must go through incredible pains to fight off these malicious people. They have a great “protect yourself” page that offers some good advice for users.

This social engineering almost suckered me, and I would consider myself rather savvy. This type of scam is generally successful because it played on my fears that someone had broken into my account. I react with feeling before I think it through. Fortunately, once I got to the page that asked for my personal financial details, I realized that I better slow down. That’s when I looked at the web site address and noticed that it was not, in fact, PayPal.

It may not be PayPal. It might be an email from a bank, or some other seemingly reputable establishment. Or it might be the great African money laundering too-good-to-be-true scenario I’m sure you’ve seen. If you haven’t yet been the fortunate recipient of these emails, here’s the scenario as described by my buddy here and here.

Be vigilant, my friends, and sorry to say, but we must be skeptical and distrustful in this Internet age.

PayPal Scam

Scam Home Page

Notice the address line. Also, notice under “what’s new” that these malicious persons have a link for “PayPal introduces new homepage” to cover their tails in case the real PayPal site were to change their look and feel. You can type any made up username and password to move to the next “verification” screen…

PayPal Scam

They Want Your Credit Card and Bank Information!

Update

A worthwhile video shows the scam in action.

Tags: [, , , , ]

Author:

Karen on November 14, 2005 AT 06 pm

I get no fewer than 5 of those a day. For PayPal and eBay spoofs or phishing attacks, forward the emails to [email protected] or [email protected]. They claim to look into the occurance.

Comments are closed.

Categories