slick phishing

Sep. 21st, 2004 11:37 pm
cellio: (B5)
[personal profile] cellio
I just received phishing email that's a little more sophisticated than the norm. It didn't fool me, but I know people (who are not dumb) who might have fallen for it.

It claimed to be from PayPal, and "all" it asked me to do was to go to their web site to verify my billing information -- new verification regulations from the PATRIOT act, don't'cha know.

It used PayPal boilerplate text about being careful about phishing, complete with a PayPal email address to report problems to. Too bad fraud@paypal.com isn't the address PayPal publishes. (That would be spoof@paypal.com.)

The URL it provided looks perfectly reasonable, because instead of saying "click here" they actually put a real PayPal URL in the text, complete with "https". Pity that that's not where the anchor really goes. Never trust HTML-formatted mail; read the source.

There weren't a lot of bogus headers like there often are; it would be easy to miss the originating site, which isn't PayPal, amidst all the legitimate headers.

Actually, the first suspicious thing I noticed was a simple grammar error (in an otherwise-well-written message). The second thing I noticed was the absence of my name in the greeting, which PayPal always uses. I had to go to the (real) PayPal site to spot the bogus fraud address.

PayPal's tips for detecting fraudulent email are here.

Tags:
Flat | Top-Level Comments Only

(no subject)

Date: 2004-09-22 06:44 am (UTC)
cellio: (B5)
From: [personal profile] cellio
I guess a lot of people casually check for the presence of that reassuring boilerplate but don't really process what it says. :-)
Flat | Top-Level Comments Only

Expand Cut Tags

No cut tags
Top of page