Posted on Wednesday, 23rd September 2009 by Michael

I am not your Pal. How to detect PayPal-based phishing scams.

The term phishing originated by taking the term fishing, meaning to bait and catch, and using a language of the computer underground where they commonly replace the letter F with PH. Digital criminals use cunning techniques to trick their victims into taking the bait … hook, line and sinker! The victim usually ends up exposing themselves to identity theft, loss of funds and other unpleasant consequences.

Though many companies like PayPal and eBay take many security measures to protect you it’s the human factor, known as Social Engineering, which these predators are counting on. They’re hoping to trick you mentally into believing that they are who they say they are or if you don’t reply bad things will happen.

PayPal has published a list of common email phishing tactics and a list of ways to detect fake emails that can be viewed here:  https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Help/popup/RecognizeSpoof-outside . We strongly suggest that you read this information on PayPal’s website in its entirety, as it is only 3 pages long, but could save you time and money down the road.

Let’s take a look at the following email and see if you can point out the tell-tale signs that it’s a fake. The most important thing to remember, no matter how the email looks, is if you’re unsure of the email’s authenticity manually type in the company’s website and contact them via the phone number found on their site. This assures that you aren’t tricked into a fake site that may contain a fake number.

Another thing to remember is that if you do not have a PayPal account then just delete the email as it‘s definitely a trick.

p1

Here are some tell-tale signs that will help you quickly identify a phishing attempt.

First, the From says PayPal Department but the actual email address is norelay@steelworks.orgThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it .  That’s not from the PayPal domain which should’ve been name@paypal.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it . There are ways to spoof the domain so just because the email has the real domain name don’t base its authenticity on just that.

Second, the message is addressed to Dear PayPal User. Though PayPal, eBay and many other large companies deal with millions, if not billions of people, they’ll always use the name that’s on your account. For example: John Bishop Smith or Jane Y Smith. They will never user a generic greeting.

The third tell-tale sign isn’t very noticeable to the naked eye. If you hover your mouse over the website address Outlook will either show a balloon pop up with the real website that it will take you to, if you clicked it, or it will show the real website address in the Outlook status bar at the bottom of Outlook.

p2

The website address in the pop up doesn’t look like https://www.paypal.com at all! This can also be spoofed through other means to make the pop up show a PayPal website address.

Fourth is the content of the email. The attacker is trying to persuade you with a false sense of urgency to click the link. It’s better to have your account suspended than clicking the link.

To summarize whenever you receive these types of emails it’s best to delete them and contact the company through a manual process to assure that you are not being tricked into falling for a scam. We suggest that you manually type in the PayPal address https://www.paypal.com            to verify any information or call them at 1-888-221-1161.

I provided you with a few tell-tale signs to help protect you from falling victim to these attacks. If you have any questions or concerns please feel free to contact me.

Posted in Papers | Comments (0)

Leave a Reply

*