I just got it today. Its pretty clever. Looks real official and everything. They used some nice scripting in the e-mail so you think you are clicking on a paypal link, but it really sends you here.
Beware, this is very fake
http://999412483/icons/small/paypal/www.paypal.com/SecureInfo/paypal/
It comes from
account@paypal.com
:smack:
With over 520 different scams, Paypal might be the winner.
Here’s a phishing test to check your ability to spot a fake.
A simple rule that I (and anyone else should) follow:
If you get an email from any business that you deal with asking for your personal information, or asking you to click a link in the email to do anything with your account, open a new tab/window and type in the business site address yourself.
I got an email of this type, purportedly from PayPal. The abundant use of exclamation marks, and a few spelling mistakes were clues enough to make me forward it to PayPal’s scam address. That, and it came to an email address I don’t use for PayPal.
Thanks for that last clue, Spongemom. I’ve become paranoid about any email asking for account information, or asking that one change details, or asking that one log-in. In case it’s legitimate, I call the company directly and find out what’s what. Annoying, I know… just better safe.
Yeah, I got this one today. I’m so paranoid, though, that I didn’t think for a second it might be real.
Paypal says on their site, by the way, that all such e-mails should be forwarded to spoof@paypal.com.
Another way to practice safe surfing – of course, type the link in another browser window to go to the site. After logging in - check that site’s message center. If they sent you a legitimate email, there should also be a copy of the message in the site’s message center.
Yeah, I think I got it through to my net-naive dad that he shouldn’t take these emails at face value. He called me to ask how he could have an email from ebay about how his account had a problem, but he couldn’t find a problem on the real site. Thank God he had (I think) gone to the site himself instead of using the email link.
I had one that I knew was a fake because it said someone had abused my credit card, and I hadn’t had any problems with it. Just for fun, I clicked the link, logged in with the wrong name and password, and found out how clever they were. They then put me through to the real ebay, which read my cookie and displayed my real user name. If you used your real login, you’d think it was the real ebay that you’d just sent your info to.
Thanks for the warning, but this isn’t really Cafe material. Off to MPSIMS.
I was 100% correct at identifying phishers, but I misidentified legit emails as coming from phishers if the URL didn’t look right (ie: didn’t contain the exact string .realnameofcompany.com/). Not every company uses their chief domain for every offer.
Still, better safe than sorry.
How lame do you have to be to phish using the name “Llyods Bank”?
I got a phishing email the other day purporting to be from my credit union. Except they just came up with a name of the credit union based on its initials, and they got the name wrong! What kind of a doofus do they think I am, anyway?
I was excessively paranoid on that test, too; I got all the fakes right, but marked several legitimate emails as phishing simply because I would never, EVER, for example, click on a link in an email to transfer my balances. That just stank to me, and I can’t believe people are dumb enough to do it even if it’s legitimate.
Good point: I got one a few years ago, purporting to be from BellSouth and containing a lot of links. Most of the linked domains, though, were things like bellsouth_web_offer.com and bellsouth_email_help.com. (I’m just making up those examples.)
I’m not falling for this! I thought, and forwarded it to BellSouth along with a note that they might want to look into it.
A day or two later I got a response. It WAS a legit e-mail from BellSouth; the company keeps those domains for things like this. Seems like asking for trouble to me, not to mention it’s likely to further confuse the net-naive, who may think that as long as the link says “paypal” somewhere, it must be legit.
My wife bit on the ebay one. Caused a lot of trouble changing accounts and ebay start over.
I got that Paypal email today. Deleted it automatically, of course.
I only open email that I expect to get, or from email addresses that I know. I delete everything else, unopened. I never go to paypal without typing in the URL, and my bank is not well know enough to attract phishing and I go there from my favorites link, although it doesn’t say anything about bank on that list.
I do get phished now and then, but mostly transparently from people who expect me to click on their link. I never do that. And of course, I practically never believe in really great deals on the internet.
Tris
Hell, it’s gotten so bad I call the wife to make sure it was her that sent me the email about going fishing…