How to catch a Phish: Case Study of an attempt from China on Paypal accounts
I received this email today in my Outlook inbox. Have a look and see how cleverly it is crafted to compel recipients to click on the url.
========================================
From: PayPal [mailto:paypal@email.paypal.com]
Sent: Thursday, May 19, 2005 5:20 AM
To: Tan Soo Kiat, Harry (Assoc Prof)
Subject: You've Added an Additional Email Address !
You have added DTT_Data@earth-online.com as a new email address for your PayPal account.
If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:https://www.paypal.com/row/wf/f=ap_login
Thank you for using PayPal!
The PayPal Team
------------------------
PROTECT YOUR PASSWORD
NEVER give your password to anyone and ONLY log in athttps://www.paypal.com/ Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typingin the PayPal URL every time you log in to your account.
------------------------
Please do not reply to this e-mail. Mail sent to this address cannot beanswered. For assistance, log in to your PayPal account and choose the"Help" link in the header of any page. PayPal Email ID PP107
========================================
The Phishers here managed to spoof the sender's address and in this case, Paypal - and hide the real URL link which actually links to a identical Paypal page located in China. The actual address under the Paypal link is http://mail.postmail.com.cn/dmcfg/login-data/update/secure-server/SSL/encrypted/1/index.htm
[I suggest that viewers NOT to visit the link as there may be spyware downloaded on visiting that link. I hope to screen capture the phish page for viewers to see how it looks like later]
Note how they even assuringly included a paragraph on "Protect your password"!
I strongly advise that when ever one receives email that pertains to financial accounts they should ALWAYS:
(1) Download the email as html file; and
(2) Open the file with NOTEPAD to determine the veracity of the URLs in the email as being bona fide.
(3) IF in doubt - always login directly into your account via your brower to check any changes AND email the contact to confirm the communication. It will always be helpful for you to notify the organisation of the attempted phish.
Lets all work to keep the phishes out of our cyberstream. ;-)
========================================
From: PayPal [mailto:paypal@email.paypal.com]
Sent: Thursday, May 19, 2005 5:20 AM
To: Tan Soo Kiat, Harry (Assoc Prof)
Subject: You've Added an Additional Email Address !
You have added DTT_Data@earth-online.com as a new email address for your PayPal account.
If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:https://www.paypal.com/row/wf/f=ap_login
Thank you for using PayPal!
The PayPal Team
------------------------
PROTECT YOUR PASSWORD
NEVER give your password to anyone and ONLY log in athttps://www.paypal.com/ Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typingin the PayPal URL every time you log in to your account.
------------------------
Please do not reply to this e-mail. Mail sent to this address cannot beanswered. For assistance, log in to your PayPal account and choose the"Help" link in the header of any page. PayPal Email ID PP107
========================================
The Phishers here managed to spoof the sender's address and in this case, Paypal - and hide the real URL link which actually links to a identical Paypal page located in China. The actual address under the Paypal link is http://mail.postmail.com.cn/dmcfg/login-data/update/secure-server/SSL/encrypted/1/index.htm
[I suggest that viewers NOT to visit the link as there may be spyware downloaded on visiting that link. I hope to screen capture the phish page for viewers to see how it looks like later]
Note how they even assuringly included a paragraph on "Protect your password"!
I strongly advise that when ever one receives email that pertains to financial accounts they should ALWAYS:
(1) Download the email as html file; and
(2) Open the file with NOTEPAD to determine the veracity of the URLs in the email as being bona fide.
(3) IF in doubt - always login directly into your account via your brower to check any changes AND email the contact to confirm the communication. It will always be helpful for you to notify the organisation of the attempted phish.
Lets all work to keep the phishes out of our cyberstream. ;-)
0 Comments:
Post a Comment
<< Home