A Phishing Scam
I'm sure that all of us that use email would agree, that we get way too much spam. I waste too much time just cleaning it out, and a few hours later it's back in the hundreds. While most of it is annoying, it's not truly dangerous.
This week, I received the email I've pasted an image of below:
Delete my account?*?! Huh?
As you can see, the phishers have gotten quite good at this with spot on layout, and logos. There were a few tip offs to me. First, in the upper right hand corner, the character over the n looks like it belongs in the Cyrillic alphabet. Next, PayPal will not ask for your personal information. Not seen in the image, but the sending email address is a clever "paypal@service.com" which is a reversal of what it should be, but might pass a quick glance. And lastly, I don't have a PayPal account attached to this email address! Clearly, they were on a phishing expedition, and I wonder how many folks got tricked into giving their personal info.
A few years ago, I got a bunch of these messages, and I wasn't sure what to do about it. While just deleting it solved the problem for me, I wanted to take action against these phishing schemes. What I figured out is to forward the email to Paypal. This way their team can work on eliminating the threat, and it's in their best interest to have safe e-commerce so they have an incentive to stay on top of this. After I forwarded the message, this is what I received back from PayPal:
I don't know about you, but I feel a lot better about doing more than just deleting the email. While I doubt they will ever stop, it should at least slow them down. Forward the emails to spoof@paypal.com
--Jonas
This week, I received the email I've pasted an image of below:
Delete my account?*?! Huh?
As you can see, the phishers have gotten quite good at this with spot on layout, and logos. There were a few tip offs to me. First, in the upper right hand corner, the character over the n looks like it belongs in the Cyrillic alphabet. Next, PayPal will not ask for your personal information. Not seen in the image, but the sending email address is a clever "paypal@service.com" which is a reversal of what it should be, but might pass a quick glance. And lastly, I don't have a PayPal account attached to this email address! Clearly, they were on a phishing expedition, and I wonder how many folks got tricked into giving their personal info.
A few years ago, I got a bunch of these messages, and I wasn't sure what to do about it. While just deleting it solved the problem for me, I wanted to take action against these phishing schemes. What I figured out is to forward the email to Paypal. This way their team can work on eliminating the threat, and it's in their best interest to have safe e-commerce so they have an incentive to stay on top of this. After I forwarded the message, this is what I received back from PayPal:
Thanks for taking an active role by reporting suspicious-looking emails.
The email you forwarded to us is a phishing email, and our security team
is working to disable it.
-------------------------
What is a phishing email?
-------------------------
Phishing emails attempt to steal your identity and will often ask you to
reveal your password or other personal or financial information. PayPal
will never ask for your password over the phone or in an email and will
always address you by your first and last name.
Take our Fight Phishing Challenge at
https://www.paypal.com/fightphishing to learn 5 things you should know
about phishing. You'll also see what we're doing to help fight fraud
every day.
-------------------------
You've made a difference.
-------------------------
Every email counts. By forwarding a suspicious-looking email to
spoof@paypal.com, you've helped keep yourself and others safe from
identity theft.
Thanks,
The PayPal Team
I don't know about you, but I feel a lot better about doing more than just deleting the email. While I doubt they will ever stop, it should at least slow them down. Forward the emails to spoof@paypal.com
--Jonas
Labels: email, internet commerce, paypal, phishing
posted by digitaldoc at 7:22 AM
0 Comments:
Post a Comment
<< Home