Looks can be deceiving
Identity theft has gotten a lot of play in the press recently. I hadn't paid too much attention as I consider myself fairly web savvy and guarded. Still, an attempted identity theft e-mail which landed in my inbox yesterday really opened my eyes as to how crafty the enemy can be.
The e-mail came from service@paypal.com and looked like a PayPal e-mail in its graphics. Its body contained the following text:
Please verify your information today!
Dear Paypal Member.
Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your paypal account and to ensure a safe Paypal experience.
We require all flagged accounts to verify their information on file with us.
To verify your information, click here and enter the details requested.
After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account.
Thank you for using PayPal!
Please do not reply to this e-mail. Mail sent to this address cannot be answered.
A couple things looked suspicious right from the start. The line formatting, as shown above, was strange looking. Some of the wording looked strange for a professional correspondence..."This is a must to..." And the fact that I couldn't reply to the e-mail, given the gravity of its message, was also odd. But all in all, I could completely understand if a trusting novice web surfer might find this believable.
The link in the e-mail sent me to this website. The URL in the browser address bar immediately looked fishy. Instead of starting with http://www.paypal.com/, it had some random DNS address. And the page was not secure and didn't require any authentication before requesting all this extremely private info. Yeah, riiiiiight.
However, the page itself was well designed to mimic the PayPal.com look and feel though, complete with the same navigation and links to actual PayPal.com addresses. It even had the "Processing Login" animation that ran for about five seconds, though the ellipsis was cycling a bit too quickly. But all in all, a well-designed trap for the naive and unaware.
Of course, I didn't provide any info, and I logged in to PayPal.com directly and noted that nothing seemed amiss with my actual account. I then reported the site to PayPal which responded that this was indeed a fraudulent site.
PayPal users beware.
The e-mail came from service@paypal.com and looked like a PayPal e-mail in its graphics. Its body contained the following text:
Please verify your information today!
Dear Paypal Member.
Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your paypal account and to ensure a safe Paypal experience.
We require all flagged accounts to verify their information on file with us.
To verify your information, click here and enter the details requested.
After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account.
Thank you for using PayPal!
Please do not reply to this e-mail. Mail sent to this address cannot be answered.
A couple things looked suspicious right from the start. The line formatting, as shown above, was strange looking. Some of the wording looked strange for a professional correspondence..."This is a must to..." And the fact that I couldn't reply to the e-mail, given the gravity of its message, was also odd. But all in all, I could completely understand if a trusting novice web surfer might find this believable.
The link in the e-mail sent me to this website. The URL in the browser address bar immediately looked fishy. Instead of starting with http://www.paypal.com/, it had some random DNS address. And the page was not secure and didn't require any authentication before requesting all this extremely private info. Yeah, riiiiiight.
However, the page itself was well designed to mimic the PayPal.com look and feel though, complete with the same navigation and links to actual PayPal.com addresses. It even had the "Processing Login" animation that ran for about five seconds, though the ellipsis was cycling a bit too quickly. But all in all, a well-designed trap for the naive and unaware.
Of course, I didn't provide any info, and I logged in to PayPal.com directly and noted that nothing seemed amiss with my actual account. I then reported the site to PayPal which responded that this was indeed a fraudulent site.
PayPal users beware.