Warning: Would You Spot this Phish???
October 31st, 2007 by Liz Fuller
Trick or Treat???
Can you tell the difference??
As a followup to my article on phishing, I thought I’d share this recent example I encountered.
I received this email this week supposedly from services (at) paypal (dot) com which certainly looked like a legitimate email address and in fact got through my junk filter.
I was amazed at how brazen the email was in trying to intimidate the reader into providing debit/credit card information. Their reasoning makes no sense and their facts are incorrect - but they say it so authoritatively that you are tempted to comply!
I’ve copied the entire email below so you can see an example of how convincing some of these phishing emails can be. I have removed the links that were included in the email but as you can see there were two of them - both looking like they were pointing to PayPal but were in reality pointing to a Portuguese site!!
I sent this email to spoof (at) Paypal (dot) com and received confirmation that it was Phish and assurance that they would work to disable it.
If you want more info on how to spot a fish, you can take Paypal’s Fight Phishing Challenge at https://www.paypal.com/fightphishing to learn 5 things you should know about phishing. You’ll also see what Paypal is doing to help fight fraud every day.
Fraudulent email: (if you receive this - don’t respond!!)
Dear valued PayPal Customer,
Due to recent fraudulent transactions, we have issued the following security requirements.
It has come to our attention that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell non existant items. Thus we require our members to add a Debit/Check card to their billing records as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. Your Debit/Check card will only be used to identify you. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the PayPal service. However, failure to confirm your records will result in your account suspension.
We are requesting this information to verify and protect your identity. Federal regulations require all financial institutions to obtain, verify, and record identification from all persons opening new accounts or obtaining ongoing payment services. This is in order to prevent the use of the U.S. banking system in terrorist and other illegal activity. For these reasons, PayPal will utilize services provided by various credit reporting agencies to verify the information you submit to us.
Once you have updated your account records your pending PayPal account transactions will not be interrupted and will continue as normal.
To update your billing records please proceed to our secure webform by clicking here.
Thank you for your time,
PayPal Billing Department.
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and choose the Help link located in the top right corner of any PayPal page.
To receive email notifications in plain text instead of HTML, update your preferences here
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
This entry was posted on Wednesday, October 31st, 2007 at 6:00 am and is filed under identity theft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
