Phishing II

I knew I wouldn’t have to wait long to get another “phishing” email. This time it looked as though it came from Paypal. It was very clever too. Notice, though, the words misspelled.

Here it is:

Dear valued member of PayPal.
We recently reviewed your account, and suspect that your PayPal account may have been accessed by an unauthorized third party. Protecting the security of your account and of the PayPal network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive PayPal account features. To restore your account access, please take the following steps to ensure that your account has not been compromised:

1. Loghin follow our secure site and update all necesary information to your acount

2. Review your recent account history for any unauthorized payments sent or received, and check your account profile to make sure not changes have been made.

To get started, please go directly to https://www.paypal.com and log in to your PayPal account.

We apologize for any inconvenience this may cause, and ppreciate your assistance in helping us maintain the integrity of the entire PayPal system. Thank you for your prompt attention to this matter.

Sincerely,

The PayPal Team,

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the “Help” link in the header of any page.

However, if you click on the link, that says its from PayPal, it will take you elsewhere, to a page that looks like this:

evil_ebay

This is what the real ebay sign up page looks like:

good_ebay

This one was especially tricky because unlike the CitiBank example I showed earlier, this one’s links actually all did go to PayPal. Very clever.

PayPal is well aware of these sisters though, and notes on the fraud page, how to recognize these types of phishing emails.

Why are there so many phishy emails out there? Because it works. According to an article in the InternetNews, the amount of people taking the bait is skyrocketing. It has jumped 1200% in six months.

I have almost fallen for this trick, on NeoPets, of all places.

Neopets is a site for virtual pets. You can’t make money there. All you can do is feet and buy things for your virtual pets. Even if you have a million neopoints, you can’t spend it anywhere, except on the site. And yet, there has been phishing there as well.

For those without children, or second childhoods, even if you took over someone’s neopets account, all you could do with it is buy things on the site. It is all virtual. You can’t take it to the bank, any bank, except the one on the site. And yet, the site has had to keep coming up with ways so that your account can’t be tricked into giving away your password. I have almost fallen for it twice, until the new security system went in. It looks like this:

good_neopet

Sorry I can’t show you a bad page, but NeoPets is very quick to take those down. Good for them.

:)


Leave a Reply