Comments on: How to Spot a Fake PayPal Email - Part Deux

By: Andy@Send Fake Mail

Andy@Send Fake Mail — Tue, 26 Aug 2008 18:02:13 +0000

Its really easy to send fake emails from websites such as http://fakesend.com

Always make sure you look at the header of every email when opening emails you think are potentially spoofed, and when in doubt, just go straight to ebay.com or paypal.com

By: Robin

Robin — Thu, 21 Aug 2008 18:00:41 +0000

Yup- as a general rule, be suspicious of every email that asks your for your personal information.

By: Raj Krishnaswamy @ thermal spray

Raj Krishnaswamy @ thermal spray — Mon, 04 Aug 2008 19:08:10 +0000

Good post. Many times the problem people have is they are in such a rush to read through their e-mails that they do not pay attention to the details as you have pointed out to be watched out for. I take plenty of time to scan through and if something looks suspicious, I put off reading it until later when I get a second chance at evaluating the source. Thank you for all the notes.

Raj Krishnaswamys last blog post..Thermal Spray Jobs

By: Abhinav Singh

Abhinav Singh — Wed, 09 Jul 2008 15:01:52 +0000

Nice post, well I recieved an email yesterday itself asking me to update my card information as it has been deactivated and finally realized its a phishing site.

Read more and see the screen shots of the same here:

http://abhinavsingh.com/blog/2008/07/fake-email-from-paypal-cloned-sites/

Abhinav Singhs last blog post..Fake Email from PayPal Cloned Sites

By: K

Thu, 03 Jul 2008 13:55:10 +0000

technoob, you are very welcome! It’s good to see the security features being added in all modern browsers not just Firefox. But, there will always be new threats so it’s best to stay informed and how to protect ourselves.

By: technoob

technoob — Thu, 03 Jul 2008 07:47:22 +0000

I never knew of firefox 3 browser capability of identifying a forgery site. This can be the only best defense of get scammed. The email address not showing ….@paypal.com cannot be quite obvious. Also the language option cannot be too. I might think that the site is broken or something else. Hovering the mouse over the link can be render useless is the scammer uses a javascript text to hide the link. Thanks for enlighten us about paypal scammer.

technoobs last blog post..Firefox is bestowed with download record by Guinness

By: David Bradley

David Bradley — Mon, 30 Jun 2008 08:21:17 +0000

I’m not sure that Amazon phish has ever happened. One thing I nearly got caught by was clicking a link from AdWords…thankfully it really was from AdWords so I wasn’t phished, but I’ve since since AdWords phish (I no longer use the system), so even the aware can get caught…

David Bradleys last blog post..Lighting Up Genetic Disease

By: Peter Answers

Peter Answers — Mon, 30 Jun 2008 01:40:59 +0000

This is a helpful post, thank you. It is amazing how many times I get spam from someone trying to pretend they are PayPal, or EBay or others. I think a lot of people that are not savvy will fall for it.

Peter Answerss last blog post..Peter Answers Transcript

By: K

Fri, 27 Jun 2008 13:43:34 +0000

Rick, they sure are and it’s only going to get worse as time goes by. Their methods will become elaborate. This is the first time I have heard about an Amazon phishing attempt as David Bradley pointed out. As long as we go to the website to login instead of clicking links in the email, we should be ok.

Tim, you are very welcome. I am glad you found it informative.

By: Tim@antique Amish quilts

Tim@antique Amish quilts — Fri, 27 Jun 2008 02:13:12 +0000

This has really spooked me. I might have fallen for that one, and wasn’t aware there was anything that sophisticated to look out for. I always clicked the links in emails before, but no longer. Thanks for the heads up.

By: Rick NHS@NHS Real Estate Blog

Rick NHS@NHS Real Estate Blog — Fri, 27 Jun 2008 01:33:06 +0000

I laugh every time I receive a PayPal email, because the PayPal account I use is a company account and has no associated with me directly.. But a couple days ago a fake Amazon email arrived that almost tricked me, fortunately I realized it was fake before using their login link (by going directly to Amazon.com and logging in there, where I realized there were no messages or errors on my account).

These jerks are tricky though, they disguise the return email address, and have landing pages that are almost exactly the same as the real website’s landing page.

Rick NHSs last blog post..Permian Basin Home Sales Up

By: K

Thu, 26 Jun 2008 12:48:33 +0000

Mark, thanks buddy! There is no dearth of people who get off by being on the wrong side of the law. Appreciate the stumble! :-)David, I can’t agree more on that with you. In fact, even phishing attempt at Gmail or Yahoo Mail accounts which is where most people tend to have their registration information for various websites and most sites send you a reset password email. Amazon is another great example too. Maybe the phishers haven’t gotten up to speed with these low lying targets but lets not alert them shall we?

By: David Bradley

David Bradley — Thu, 26 Jun 2008 06:52:33 +0000

Another aspect of phishing that is rarely mentioned, and as it happens rarely seen is the idea of a phishing attack from an organisation or system such as AdWords or Amazon. How easy it would be for a phisher to hijack someone’s account on any of those systems where there are fewer safeguards and passwords than with one’s bank account.

It even occurred to me that someone could spoof a “you have sold” email from amazon and con someone into shipping goods to a PO box from their marketplace account.

David Bradleys last blog post..Bird Flu Flap

By: Mark Sierra at MeAndMyDrum.com

Mark Sierra at MeAndMyDrum.com — Thu, 26 Jun 2008 05:18:29 +0000

Nicely done, K! I haven’t received this one yet, but have been seeing them getting more sophisticated in their presentation. Shame too, because all that effort is wasted on evil.

Stumbled!

Mark Sierra at MeAndMyDrum.coms last blog post..What Kind Of Sales Copy Ticks You Off?

By: Pavan Kumar@ Individual personal mails

Pavan Kumar@ Individual personal mails — Thu, 26 Jun 2008 01:11:00 +0000

That’s a surprise for me… I think you might have got mails from different bank managers/officers who would like to share a grand amount of likely 20 million dollars in some ratio…. Such ones usually have lots of spelling errors and originate from the above said sources….

Pavan Kumars last blog post..Rename multiple files in windows

By: K

Wed, 25 Jun 2008 21:13:46 +0000

David, that’s an excellent idea to use false login details on the first pass. Although I’d prefer to not use the links in any such emails at all but this technique will come in handy if you are not sure if the bookmark to the banking site you have is legit or not. Your linked post is another nice example of this issue and I am heading over there to comment.

April, you might be missing out on a couple of genuine emails but like David mentioned they should know better than to contact you this way. You are erring on the side of being too cautious which is the best approach towards security in the Internet, imho.

By: April@Cheap PDA

April@Cheap PDA — Wed, 25 Jun 2008 13:59:11 +0000

Once a number of years ago I nearly feel for one of these phishing emails but I’m much more cautious now. It’s kind of a shame because there must be lots of genuine emails I receive where I have just automatically deleted them.

By: David Bradley

David Bradley — Wed, 25 Jun 2008 13:48:01 +0000

Banks themselves often break the golden rules of helping their customers avoid phishing attacks. If they were to subscribe to the idea unencrypted smtp email correspondence with their customers is not safe, and spread the word then we would have less concern.

One thing that users who insist on clicking links do is to put in false login details on the first pass. If the site does not bounce you for entering an incorrect login, then you can be pretty sure it’s phishing bait. A legitimate site would bounce you immediately. One could apply this principle to emails claiming to come from google, facebook, plurk, mixx, anything…

David Bradleys last blog post..Bird Flu Flap

By: K

Wed, 25 Jun 2008 12:35:19 +0000

Pavan, that’s a good point. You’d be surprised to know that it was from Culver City, California.

David, exactly what one should do. Delete the email without clicking on links. Unfortunately, there are still folks who don’t do that.

Madhur, very true. I hope atleast it made a few of my readers wary of such emails.

By: Madhur Kapoor

Madhur Kapoor — Wed, 25 Jun 2008 10:36:52 +0000

Wow, this was good enough to fool a normal user.

Madhur Kapoors last blog post..USB Drive to Freshen up your Office