I opened a new window and put in paypal.com and pulled up a nearly identical page. All the links were there, everything, but the font was...again...just a tiny bit different. Then, at the very bottom where the "fine print" links were, there was one tiny link missing.
So, what's the point? How does this help someone? Well, if I had logged into the fake page, I would have been giving them my username and password, which would have then given them access to my paypal account and all my money.
Had I been someone unfamiliar with phishing, and paypal's security system, I would have logged onto the fake page. Had I not been suspicious in the first place, there is no way I would have noticed anything different between the pages. It was just one, tiny, four letter link in about 6 pt font that was missing.
I think about Dean's parents. They would have gone to the link right away, and logged into it. I remember a couple of years ago his dad called and said something to the effect of, "Yeah, I had to change our bank information. They sent me an email and they had everything wrong." NOOOOOOOOOO!!! We said, "Please tell us you didn't do it!" He said he hadn't yet, he was going to do it later that day. THANK GOD they hadn't done anything yet.
Anyway, beware. Paypal (or any other secure site) will never ask you to do something like send you an email asking you to change your password. The email I received looked legit. They weren't asking me for information, it was asking me to check my account activity.
4 comments:
You should always forward those emails to spoof@paypal.com . They are working to track down the people sending them. They'll even send you a nice email back confirming that it WAS a phishing attempt and that you are helping them catch the bad guys! :)
Thanks Renee! Yep, I reported it right away, and heard back from paypal within 15 minutes confirming that it was a spoof site, and that they appreciate my help in catching those guys! ;-)
whoa, thank you for posting this! I like to think I'm suspicious of phishing stuff, but I don't know if I would have caught this one!
Good Eye Leah!
Actually, for security reasons, banks and possibly PayPal might prompt you for a PW reset. The key is, never to follow links from emails (also check the actual sender behind the name and if you must follow the link, the URL it actually takes you to), but go to the service's main page and do your stuff from there. Checking an email's header info can give a hint whether the email is legit.
Wonderfully written up post!
Post a Comment