Tuesday, June 03, 2008

Pretty Good Phishing E-mail

Got a pretty good phishing e-mail a few days ago that purported to be from PayPal. Copying and pasting it here doesn't seem to do it justice, but the original e-mail looked pretty authentic with the PayPal logo and all.

I was suspicious as always but actually had to look twice at this one. The links they wanted you to click on even had PayPal in them but the url was so long I doubted they were legitimate. So, I sent it to spoof@paypal.com and a day later go a reply. Sure enough, they didn't send it and said it was a phishing e-mail.

One thing I think PayPal should do to help guard against such things is to have a mailbox on each person's account page where they send a copy of anything e-mailed to their account holders. That way, you could easily just go check your inbox to see if the mail you received was something they actually did send you.

Anyway, be careful out there.
[]Dear PayPal valued account holder,

We recently noticed one or more attempts to log in your PayPal account from a foreign IP address and we have reasons to believe that your account was hijacked by a third party without your authorization.
If you recently accessed your account while traveling, the log in attempts may have initiated by you.

However if you are the rightful holder of the account, click on the link below and submit, as we try to verify your account.

Please click here to login into your PayPal account and then fill in the required informations. This is required for us to continue to offer you a safe and risk free environment.

The log in attempt was made from:

IP address:
ISP host: root.minifile.us

If you choose to ignore our request, you leave us no choice but to temporally suspend your account.
We ask that you allow at least 48hrs for the case to be investigated and we strongly recommend not making any changes to your account in that time.

* Please do not respond to this email as your reply will not be received.

Thank you for your patience as we work together to protect your account.

Copyright &copy 1999 - 2008 PayPal. All rights reserved.


At 2:38 PM, Blogger ΛΕΟΝΙΔΑΣ said...

I got one of those emails a few weeks ago. I have never had a PayPal account so I knew it was phishbait.

At 4:43 PM, Anonymous Anonymous said...

You only got somone trying to log into your account. I got someone that charged a lot of money on my account. If you read that someone has charged lots of things on your account you might respond, but most of these emails are just looking for you to respond so they can charge a lot of money on your account.

I forwarded the "charge" email to spoof@paypal.com and they responded to not respond to this as this was one of those emails.

I don't know how many people in Humboldt are being duped by these emails, but I wish a responsible reporter would do a story on this as I think there could be some people that do a little business on eBay that would believe these emails and might respond.

At 6:40 PM, Anonymous Anonymous said...

One of the easiest ways to tell that these are fake is the Dear PayPal valued account holder line. PayPal will always use the account holders name when they send emails. The phishing one use the generic lines.


Post a Comment

<< Home