One of the dreaded tasks on a Monday morning is going through the massive amounts of emails that accumulate over the weekend. Deep inside this mass mess of mails there are work to related mails that are buried in between offers of penis pills and the $54 million in inheritance money that great aunty whats-her-face from Great Brittan left you.
Grab a cup coffee and start with the usual routine of delete, delete, delete, file, quick reply, delete, delete…
There is no one better knowing about this Monday morning routine than those not-so-wonderful people – the phisherman. These are the people who try to steal your sensitive username and password to your banking site and other services. They know that you are busy and just want to get on with your real work, so they slip into your mail stream a cleverly crafted email in the hope that you will not pay attention and simply click on their links.
They are also getting better and better and trying to lure you in and this one nearly got me in my mad morning rush to get through my mails.
We’re constantly working to make PayPal safer, simpler and more convenient for our customers.
This means that from time to time we have to make changes to the terms of our User Agreement.
To make sure you are always informed we have posted recent updates on our website.
What do I need to do?
- Click here ,and sing in to your paypal account , update your account info
- Please read the Policy Update carefully. It contains important legal information about when and how the changes to our User Agreement will become effective.
- If you agree to the changes, you need to do anything as any updates will automatically come into effect. If you do not wish to accept the changes, we have also provided you with the steps you can take on the Policy Update page.
Please note that the current User Agreement will apply until these changes take effect.
Why it almost worked ?
This almost worked as I seem to recall that there was indeed an update to PayPal recently, but I couldn’t recall the details. When I checked my mail, I realised that on the 18th of November PayPal updated its User Agreements.
So this phishing email almost managed to trick me as it played on the User Agreement update and now it claimed I needed to action something.
They piggy backed off a real event to try to force their targets into revealing their info so that they are not locked out of the PayPal account.
What made me suspicious ?
A couple of items stood out to alert me that something is not right here:
1. “Hello Dear” – PayPal never address their users in this way but always by their first and last name (or business name)
2. The URL – when I hover my mouse over the “click here” I see the the website address it is taking me to is not PayPal.com but another website (http://explainer.co.za/ )
3. The From Address – PayPal uses @PayPal.com or @intl.paypal.com email domains not @support.com
4. The wording – we usually don’t SING into our account, paypal should be spelt PayPal and the last sentence should have said you DO NOT need to do anything.
What I did ?
I opened a new web browser and typed in the address PayPal.com. I never click on links to get to my sensitive sites such as banks, online storage etc. I always enter the url manually. I then entered my username and password on the real PayPal system. If indeed PayPal wanted it users to action anything, it would have been done via this interface. There was nothing.
As I use Kaspersky Internet Security, I wanted to run a test and see how quickly a site is blocked. So I clicked on the URL and this is what I saw:
I then forwarded the now obviously suspicious email to [email protected] so that PayPal could add it to its list of emails to look out for.
They work fast too. Within minutes of sending that mail, PayPal sent me a mail saying that it is indeed a spoof email.
I then reloaded up the same web page I and this is what came up:
What do we learn ?
1. Never just click on items in your mailbox “to get them out of the way”. These guys count on you being busy.
2. Look out for mails that that indicate the UNLESS you click on the link THEN you will be locked out/ delete/ fined etc. This hardly happens and those services that do, will always have a way to unlock your account.
3. Phishing attempt happen all the time to all people. If your bank/ service provider wants you to change something on your account, an email is not the way they will ask you to do it.
4. Reporting a phishing email is important to help combat this. Don’t assume that “they must know” and delete it. Make contact with whoever the phishing email was impersonating and inform them. There is usually a dedicated email address for this too.