Never Go Phishing Again!
There’s an old saying that you can feed a person once, or you can teach them to feed themself for a lifetime. Well I’m going to teach you how NOT to go Phishing ever again!
Today the Bloke received a notice from PayPal. Here is an exact quote of the email:
Dear valued PayPal® member:
It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension. Please update your records on or before September 02, 2006.
Once you have updated your account records, your PayPal® session will not be interrupted and will continue as normal.
To update your PayPal® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Looks official doesn’t it? And it has just enough oomph to get your immediate attention don’t you think. Especially this part:
However, failure to update your records will result in account suspension. Please update your records on or before September 02, 2006.
The first thought that enters your mind when you read this is OMG, I’d better do this right away. There is a sense of urgency which encourages you to throw all caution out the window. Especially considering that I had only received it on September 1st. It is also worded in official sounding language that you would think they might send.
What made this even worse is I’ve known for some time that my PayPal account is wonky. Somebody had changed the password and I haven’t been able to use the account. Nevertheless, common sense prevailed and I decided to do a little investigating of my own.
If you ever get an email like this too, this is what you should do.
I’m using Outlook Express for this example. Scroll down to where you can see the “From” heading (just underneath —– Original Message —–). To the right you will see a link with the name of the sender. In this case it says PayPal. So far so good, right? WRONG!
Using your mouse, highlight the link by clicking your left mouse button, holding and dragging it. When you have highlighted the link, look at the top menu again and you will see a menu title “Insert“. Click on it and then click “Hyperlink“. When you do that you will be able to see the actual email address of the sender.
In this case it said ” mailto:service@wachovia.com “. Hmm. Now does that sound like a PayPal email address to you? Me neither. A quick search of that email address on Google came up with this phishing scam report.
Cool eh? Now you know what to do the next time your alleged bank comes a-calling. So don’t get phished again.
Related links: instabloke, webtech, computing, computers and internet, technology, tech, security, phishing, scam, privacy, paypal
Subscribe to the Newsfeed for even More Great Blog Tips!
Leave a Comment...
Leave a Comment and Join the Conversation...
Be COOL! Grab a Button
Vote for Blog Bloke!.gif){kind=small}
7.jpg "The guy behind Blog Bloke")
Great. I write a post about phishing and I get spammed instead.
did you forward it to spoof@paypal.com ? You should.
If in doubt about emails like this, the simple solution is to go directly to the company website - NOT through the link provided and perform the actions asked.
Thanks Tom and all good points. Definitely do NOT click the link that they provide. The method that I’ve shown is a risk free method to investigate any suspicious account, and a quick Google search will usually find more info about the suspicious item. Cheers!
Email from paypal is basically by definition a phishing scam, as you will never get email from them unless you initiated something at your end on the proper website.
Thanks digitalramble. Which brings up another good point. You could always go the authorized website of the alleged sender and contact them there to verify if the email is legit. For something important like banking information a telephone call is probably the safest bet.
All good ideas everyone!
Both PayPal and its owner eBay have given the best advice on how to tell a phisher from the real thing. Along with the suggestion of typing in the URL for the site yourself, they make it clear they will use your actual, real name, the one you signed up with for the service, in the email. They do not address you just by your email addy or with “Dear Valued —- Customer.” Other official businesses also use this practice. I think my bank does for online banking.
Used to be, you could tell a phisher by the atrocious speller, provided you can spell well, but no more, it seems. They’re getting better.
Sorry to be anonymous, but beta Blogger only allows me to post on beta Blogger blogs right now, not those not moved over to beta.
–Shelly
Thanks for the good info. Is it OK if I call you Beta Shelly?
Mar 23rd, 2008 at 4:33 pm
[…] Disaster” for great tips on using robots.txt files, strong passwords, making regular backups, phishing and much […]