Spoofing and Phishing: gentle reminder with PayPal example

I meant to write about this when it first arrived in my inbox a few years ago (ahem, sorry!) It has re-surfaced after a major inbox cleaning operation, so here it is now.

With the economy taking a downturn, spoofing and phishing are on the increase again. Spoofing – web-sites are setup to look as identical to reputable web-sites thus inticing you to part with your financial details or login information for the site that is be emulated. Phishing – you might receive e-mails that attempt to convince you to part with login details, personal data, etc. Plenty has been written about spoofing and phishing, I won’t try to re-invent the wheel here.

Anyway, here’s an example of a phishing e-mail that looks remarking like a real PayPal e-mail, including layout and graphics. Whilst the hyperlinks in this e-mail look genuine enough, hovering the mouse over the links reveals that they don’t lead to the real PayPal web-site, but to the site of a scammer. If you clicked on one of these links, you might not notice anything untoward as the scammer may well have done a good job spoofing the PayPal site look’n’feel.

Don’t be fooled – always check the ultimate destinations of links from e-mails. Better still, open up a browser window and physically type in the URL of the web-site that the e-mail claims to be from – in this case PayPal’s web-site. If the site in question really want to communicate with you, there will, more often than not, be a message waiting for you when you login using the correct channels.

I realise that I’m probably teaching a lot of readers to suck eggs. Sometimes these scams need concrete examples like this for demonstration purposes. I’ve certainly used this screenshot to help folks understand the “how do you know?” process, as noted here and here.

Technorati Tags: , , , , ,