“The practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords.”
Notice the email I received. It looks authentic, doesn’t it? However, when I click on any of the three links in the message, the address that displays does not match the address in the email. Instead, it links me to a very different address.
PayPal must go through incredible pains to fight off these malicious people. They have a great “protect yourself” page that offers some good advice for users.
This social engineering almost suckered me, and I would consider myself rather savvy. This type of scam is generally successful because it played on my fears that someone had broken into my account. I react with feeling before I think it through. Fortunately, once I got to the page that asked for my personal financial details, I realized that I better slow down. That’s when I looked at the web site address and noticed that it was not, in fact, PayPal.
It may not be PayPal. It might be an email from a bank, or some other seemingly reputable establishment. Or it might be the great African money laundering too-good-to-be-true scenario I’m sure you’ve seen. If you haven’t yet been the fortunate recipient of these emails, here’s the scenario as described by my buddy here and here.
Be vigilant, my friends, and sorry to say, but we must be skeptical and distrustful in this Internet age.
Notice the address line. Also, notice under “what’s new” that these malicious persons have a link for “PayPal introduces new homepage” to cover their tails in case the real PayPal site were to change their look and feel. You can type any made up username and password to move to the next “verification” screen…
A worthwhile video shows the scam in action.