Can you spot a fake email when you see one? Especially, one that might be trying to steal your PayPal login information.
Here is an email that I received, at first look, from PayPal. It warns me if i didn’t sign in and update my billing information, my account might even be deleted!
As authentic as the email might seem – notice the phishing attacks are getting better, the English isn’t as broken as we would see, there is a big giveaway if you know what you are looking for.
Look at the URL of the link they want you to click in the email. It is made to look like a AOL.com address but all they are doing is using aol.com to redirect it to a IP address which has paypal.com word in the url.
If you failed to sense something is amiss in the link, you can still spot a major flaw. After you click on the link in the email, if you looked at the Location bar in your browser, you’ll see the url as http://18.104.22.168/icons/www.paypal.com/managament/cgi/. But, look how identical the web page looks like compared to an original PayPal page.
The URL shows that it isn’t a paypal.com address you are at. You are at some other server that has the words paypal.com in it’s URL. This should send a big red warning signal to you. IP location software points this server to be located at Cordoba, Mexico.
Once you have missed the second clue, it is very hard to turn back after that because they have copied everything from the real Paypal login page except they have their own PHP script behind the login form. All the links in the fake page actually point to the PayPal’s website as is common in most phishing sites.
Here is the fake PayPal login page:
(fake PayPal login page)
Here is the actual PayPal login page:
(actual PayPal login page)
Once you enter your login credentials and hit Login, you have just given access to your PayPal account to someone else.
There is another subtle clue that may not be apparent. The page has some extra characters that is totally out of place but hard to spot. I don’t know if it’s a typo or carelessness or if it’s a code for the phishers but mostly likely a typo.
How can you protect yourself from phishing attempts?
You might not be using PayPal but there are many phishing attempts everyday at many financial websites such as Bank websites, Credit Card websites, etc. And it will pay to be careful when you access your accounts from emails such as this.
Here are a few things you could do to protect yourself:
- Look for the clues mentioned above and as you can see they are nothing special but just common sense.
- If you really believe the email could be a real one, just login to the website from your own bookmark to the website or by typing the web address in the browser instead of clicking the link in the email. By practicing this all the time, you wouldn’t even be vulnerable for that one time when you might be tired or not so alert or sleepy and click the link in an email.
- Use a secure browser such as Mozilla Firefox, which has a phishing filter and shows a warning when you access a known phishing site. Internet Explorer 7 and newer browsers also have a similar feature so it pays to upgrade your IE 5/6 to newer versions.
If you are Internet savvy, this is all too familiar to you. But, we all know someone who may be unaware that such attempts are made everyday and we should try to educate them so they won’t be caught unawares.
I received a second PayPal phishing attempt and you can read it about it now.
If you use Gmail, check out the new Gmail Labs feature that helps with identifying phishing emails easily.