Saturday, October 29, 2005

Beware! Spoof emails are getting trickier!

It is more important than ever for Internet consumers to make sure they are on secure (https://), verified connections before doing any kind of business online.

I received a spoof email yesterday from “PayPal” that was so convincing that I almost fell for it. I am concerned that many other people will fall for this particular scam because it is so similar to a genuine PayPal email. Here is what is makes this spoof trickier:


  • It didn’t ask for personal information in the email itself. These kinds of emails are a more obvious form of what is called “phishing.”

  • The email, which didn’t have my name on it (another clue I missed), told me that my PayPal account been accessed from a foreign IP address and that I needed to verify my account.

  • The site it took me to when I clicked the link looked EXACTLY like www.paypal.com’s log in screen. Most of the links on the page still linked to PayPal to make it even more convincing.

  • Everything it the website asked me for seemed legitimate EXCEPT it also asked for my credit card’s ATM PIN. This was very suspicious, and I stopped filling out the form. I don’t know for sure if my PayPal account info or credit card number were compromised, but I decided to play it safe and close both accounts.

  • After looking more closely, I also noticed that I was not on a secure connection (https://), even though the spoofers had cleverly inserted the same yellow lock graphic that is on PayPal's secure site. Although the web address contained the name paypal.com, it was preceded by this combination of numbers: 61.109.176.5 (an alternate IP address).

  • I looked up the spoofer’s IP address (61.109.176.5) using WhoIs, and it belongs to Asia Pacific Network Information Centre, located in Australia! Sound “phishy” enough?

In the past I have received legitimate emails from PayPal asking me to go through a similar verification process, so I was fooled by this copy-cat spoof email and website. Beware that spoofers are getting trickier!



Above is a screenshot of the fake PayPal log in. It looks and works just like the real one, except you are not on a secure connection. (It's hard to see in the screenshot, but the address starts with "http://" and not "https://")



Once you "log in" (and they get your PayPal password), you are prompted to update your credit card. The only thing that has been added here is a space at the bottom for you to enter your ATM PIN number. Once they have this information, they can go to town on your credit card!

1 comment:

Sean Hamilton said...

Thanks for the good information.

I had no clue you had a blog! I really should keep up with things more.

I returned to RHS the last 2 weeks, visiting, working, etc. Alot has changed, alot has gone wrong. nothing has gone right, other than the new concrete drying properly.

We all miss our best teacher friend. Take care of yourself and the family. Have a wonderful halloween, and stay safe. i will be sending out a mass spam email of how im doing in a few days, when i get around to it.

Take Care,
Sean Hamilton