Dang Phisherman!
I have to hand it to some folks - they can get pretty dang creative about getting things out of you. Most of you have already heard of "phishing." In case you haven't, here's the rundown.
You get an e-mail message that comes from what appears to be a legitimate source (your bank, amazon.com, in this case, service@paypal.com). The e-mail tells you that, for one reason or another, they need some information from you regarding your account. You then follow the link in the e-mail, enter your account information, and they've got ya. Now, you've just freely handed your vital information to someone else.
Sadly, I almost fell for one today. In my defense, it was done remarkably well. The e-mail was made to look as if it came from PayPal (an online service to pay for items bought through ebay) and they did an excellent job, at that. Sure, it's easy to spoof an e-mail address to make an e-mail look like it came from support@paypal.com, but it's a bit more involved to actually have the e-mail contain the "look and feel" of a real e-mail from PayPal support. Additionally, it was so much like a legitimate e-mail that it made it past my spam filter and into my Inbox. This one claimed that they had detected some irregular behavior in my account and required me to log in to my account by following a link.
So, at this point, I thought to myself...irregular activity? Well, for as long as I've had my PayPal account, I've never bought anything more pricey than a $40 video game. Maybe a couple CD's here or there - you get the idea. Well, a couple months ago, I bought a new projector for $1000+. I suppose that might be seen as irregular activity. Sure, their e-mail is a little late regarding it, but it's still plausible.
Well, their scheme's downfall was 3-fold - some of it my doing, some of it someone else's. When I opened the e-mail in G-Mail (Google's e-mail service), there was a big note across the top that read, "Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information." Apparently, having someone read your e-mail can be a good thing. :) In case you don't know about G-Mail, it's an e-mail service that has a catch - the service reads all of your e-mail and looks for keywords. Based on those keywords, ads are displayed to you that go along with what your e-mail is about. So, supposedly, if someone sent you an e-mail about a camping trip, you'd see ads for Coleman lanterns or some such thing. It sounds annoying, but I've found the ads in G-Mail to be much less obtrusive than the ones on other e-mail web applications. Apparently, they're putting that e-mail reading capability to good use. G-Mail noticed that this e-mail was asking for personal data and threw up that warning just to get me on my guard.
Based on the fact that G-Mail has already alerted me to the danger, I looked very closely at the e-mail. Rather than simply following a link in the e-mail, I opened a brand new browser window and logged in to PayPal.com. Everything looked ok - no notes about account problems anywhere. Then it hit me. I logged into PayPal with my old e-mail address (myrealbox.com) and this e-mail had been sent to my new e-mail address (gmail.com). Sure enough, PayPal doesn't even know about my new G-Mail account. Mystery solved - this e-mail was a phraud. Bastards!
I don't know why I felt the need to share, but I did, and you bothered to read it all. I'm very sorry for you. All of you. So what's the moral of the story? G-Mail good. Spammers bad. Keep that in mind. :)
Peace.
Corey
You get an e-mail message that comes from what appears to be a legitimate source (your bank, amazon.com, in this case, service@paypal.com). The e-mail tells you that, for one reason or another, they need some information from you regarding your account. You then follow the link in the e-mail, enter your account information, and they've got ya. Now, you've just freely handed your vital information to someone else.
Sadly, I almost fell for one today. In my defense, it was done remarkably well. The e-mail was made to look as if it came from PayPal (an online service to pay for items bought through ebay) and they did an excellent job, at that. Sure, it's easy to spoof an e-mail address to make an e-mail look like it came from support@paypal.com, but it's a bit more involved to actually have the e-mail contain the "look and feel" of a real e-mail from PayPal support. Additionally, it was so much like a legitimate e-mail that it made it past my spam filter and into my Inbox. This one claimed that they had detected some irregular behavior in my account and required me to log in to my account by following a link.
So, at this point, I thought to myself...irregular activity? Well, for as long as I've had my PayPal account, I've never bought anything more pricey than a $40 video game. Maybe a couple CD's here or there - you get the idea. Well, a couple months ago, I bought a new projector for $1000+. I suppose that might be seen as irregular activity. Sure, their e-mail is a little late regarding it, but it's still plausible.
Well, their scheme's downfall was 3-fold - some of it my doing, some of it someone else's. When I opened the e-mail in G-Mail (Google's e-mail service), there was a big note across the top that read, "Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information." Apparently, having someone read your e-mail can be a good thing. :) In case you don't know about G-Mail, it's an e-mail service that has a catch - the service reads all of your e-mail and looks for keywords. Based on those keywords, ads are displayed to you that go along with what your e-mail is about. So, supposedly, if someone sent you an e-mail about a camping trip, you'd see ads for Coleman lanterns or some such thing. It sounds annoying, but I've found the ads in G-Mail to be much less obtrusive than the ones on other e-mail web applications. Apparently, they're putting that e-mail reading capability to good use. G-Mail noticed that this e-mail was asking for personal data and threw up that warning just to get me on my guard.
Based on the fact that G-Mail has already alerted me to the danger, I looked very closely at the e-mail. Rather than simply following a link in the e-mail, I opened a brand new browser window and logged in to PayPal.com. Everything looked ok - no notes about account problems anywhere. Then it hit me. I logged into PayPal with my old e-mail address (myrealbox.com) and this e-mail had been sent to my new e-mail address (gmail.com). Sure enough, PayPal doesn't even know about my new G-Mail account. Mystery solved - this e-mail was a phraud. Bastards!
I don't know why I felt the need to share, but I did, and you bothered to read it all. I'm very sorry for you. All of you. So what's the moral of the story? G-Mail good. Spammers bad. Keep that in mind. :)
Peace.
Corey
posted by MC at
Friday, November 05, 2004
3 Comments:
I get these all the time from look a like pay pal addresses. Did you know that you can send the e-mail to spoof@paypal.com and they'll look into it?
By
Anonymous, At
6:00 PM
Yup, I did that. I also reported it to G-Mail as a phishing attack. I don't know what they can do about it, but maybe they'll filter it from some other folks' mailboxes.
By
MC, At
6:14 PM
also watch out for ebay spoof emails, my dad got one a while ago and spent half a day emailing ebay only to have them tell him (2 hours later) it was a phony
By
Anonymous, At
2:51 AM
Post a Comment
Subscribe to Post Comments [Atom]
<< Home