Phishing: An Example

Friday, September 1st, 2006 | Tech Help

Email scams have been around for almost as long as email has been widely used and the tricks these con artists use get more complex every day.  Recently I had heard of a PayPal scam going around that is quite nasty. An email shows up in your inbox and asks you to confirm your account details to secure your account and eliminate fraud on your account for good.  To good to be true?  I think so too.  The scammer encourages you to click on a link within the email message that will take you to a website they have setup, that looks exactly like the PayPal login screen, where you enter your account user-name and password.  Behind the scenes it copies your account info and logs you into PayPal so you think nothing is wrong.  This is called a man-in-the-middle attack.

Lets analyze an example of a phishing scam. The screen capture below shows the message in my inbox.

Phishing01

At first glance it looks like this could be a legit email, but look at the poor grammar (Account Informations !!!). This is hint #1 that this is a scam.

Phishing04

Next I hovered my mouse over the email address and it is not coming from PayPal but another, probable faked, email account.  Hint #2.

I then opened the email and found a number of hints that this is a scam.  I have highlighted them in red.

Phishing02

Again you see that it is not from a PayPal address, the poor grammar, the extraordinary claims, a threat to cancel your account, another hint to a man-in-the-middle-attack, a helpful link to the account check page, and finally an errant bit of code ( ).

The final bit of evidence is the helpful link the scammer has provided.  If you hover over it and look on the bottom Status bar (lower left of your browser) it will show the page that the link will take you.

Phishing03

It not even a page at PayPal. (Note: scammers will sometimes mask the location of their links, so beware)

As you can see this is one sneaky scam that could catch someone who does not take the time to scrutinize what they are reading.

My advice?  Never, ever, under any circumstance click on a link from PayPal, eBay, banks, and any other financial institutions.  Always type in the address into your browser or use a shortcut you have made and know is legit.  It may take you a few extra seconds but it could save you thousands of dollars and hours of time in the future.

Tags: , ,

No comments yet.

Leave a comment

To comment please enter the code you see below



Catagories

Recent Photos

Jumper Fun 062008 06.jpgJumper Fun 062008 09.jpgKeely & Her Jumper 08.jpgJumper Fun 062008 10.jpg
Keely & Her Jumper 17.jpgJumper Fun 062008 05.jpgKeely & Her Jumper 10.jpgKeely & Her Jumper 01.jpg
Keely & Her Jumper 04.jpgJumper Fun 062008 04.jpgJumper Fun 062008 08.jpgKeely & Her Jumper 06.jpg
Keely & Her Jumper 23.jpgJumper Fun 062008 03.jpgJumper Fun 062008 02.jpgKeely & Her Jumper 05.jpg