Blogging about life and raising our five kids with Down syndrome.

Be the kind of woman that when your feet hit the floor in the morning the devil says, "Oh shit! She's up!"

Monday, November 30, 2009

Beware!

If you use Paypal, beware of the latest attempt at Phishing! This morning I received an email, supposedly from Paypal, saying someone had attempted to access my account, but had 3 failed attempts at the password. (most secure websites will lock your account if this happens.) and that my account was now suspended until I contacted paypal. I'm very familiar with phishing, and was immediately suspicious. I followed the link which brought me to what appeared to be Paypal's login page. It had the same type of ad, and really was identical. There was something *ever so slightly* different about the font though.

I opened a new window and put in paypal.com and pulled up a nearly identical page. All the links were there, everything, but the font was...again...just a tiny bit different. Then, at the very bottom where the "fine print" links were, there was one tiny link missing.

So, what's the point? How does this help someone? Well, if I had logged into the fake page, I would have been giving them my username and password, which would have then given them access to my paypal account and all my money.

Had I been someone unfamiliar with phishing, and paypal's security system, I would have logged onto the fake page. Had I not been suspicious in the first place, there is no way I would have noticed anything different between the pages. It was just one, tiny, four letter link in about 6 pt font that was missing.

I think about Dean's parents. They would have gone to the link right away, and logged into it. I remember a couple of years ago his dad called and said something to the effect of, "Yeah, I had to change our bank information. They sent me an email and they had everything wrong." NOOOOOOOOOO!!! We said, "Please tell us you didn't do it!" He said he hadn't yet, he was going to do it later that day. THANK GOD they hadn't done anything yet.

Anyway, beware. Paypal (or any other secure site) will never ask you to do something like send you an email asking you to change your password. The email I received looked legit. They weren't asking me for information, it was asking me to check my account activity.

4 comments:

Mommy to those Special Ks said...

You should always forward those emails to spoof@paypal.com . They are working to track down the people sending them. They'll even send you a nice email back confirming that it WAS a phishing attempt and that you are helping them catch the bad guys! :)

Leah said...

Thanks Renee! Yep, I reported it right away, and heard back from paypal within 15 minutes confirming that it was a spoof site, and that they appreciate my help in catching those guys! ;-)

Molly said...

whoa, thank you for posting this! I like to think I'm suspicious of phishing stuff, but I don't know if I would have caught this one!

Good Eye Leah!

Hevel said...

Actually, for security reasons, banks and possibly PayPal might prompt you for a PW reset. The key is, never to follow links from emails (also check the actual sender behind the name and if you must follow the link, the URL it actually takes you to), but go to the service's main page and do your stuff from there. Checking an email's header info can give a hint whether the email is legit.

Wonderfully written up post!