Phishing With Dynamite
Posted on June 13th, 2006 by JoshI received an email today from someone who appeared to be PayPal. I periodically receive emails from PayPal and other financial institutions that I have dealings with. Most of them are either trying to get you to sign up for a new service they are offering or else they are just reminding you that you signed up for a free beach towel once and now they want to send you “convenience” checks… Below is the email I got today.
This particular email was not striking in the fact that it looked very professional and legit. It was really no different than the rest of the PayPal emails I have received except for a section that was highlighted in red.
Hmmm. Now automatically my radar went up. Anytime you get an email that promises drastic action on some sort of financial account if you don’t do something very quickly is most likely fraud. For somebody that has not had experience with this it could be very hard to spot. The people who sent this email were very clever. Notice the section that deals with privacy and how to protect yourself against fraud.
If you were really trying to scam someone would you put in a section about how not to get scammed? You would if you were trying to look legit. In any normal email newsletter you would be able to click on the links for the different articles and then read what they had to say. Not this one. The only link you can click on is one to “get verified.” Big red flag. Then to further confuse you they place the logos of reputable companies in their very nicely formatted email.
And lastly at the bottom of the email they put PayPal’s actual privacy policy and some terms of service. Subconsciously you think who would go to the trouble to fake that? But they do.
Be extremely careful when you are solicited for any information.
I’ll show you what happens when you try and “get verified” in the next post.
When I worked for an Ebay drop off store we recieved about 10-50 of these a day. It was very time consuming to check each one to see if they were actually Ebay or Spam.
My radar goes on when I see poor grammar such as “According the new changes in Service Agreement” since legitimate sites usually have people who are proficient enough to write “According to the new changes in the Service Agreement”. However, I have known some web designers whose grammar and spelling skills weren’t impeccable so I suppose it is possible to have a legitimate site and still have poor grammar and spelling.