Uncover the Internet » PayPal. phishing http://www.everyjoe.com/uncovertheinternet Uncovered, Exposed and Available Online Fri, 18 Dec 2009 17:36:00 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 How to Spot Fishing Messages and Spoofs http://www.everyjoe.com/uncovertheinternet/how-to-spot-fishing-messages-and-spoofs/ http://www.everyjoe.com/uncovertheinternet/how-to-spot-fishing-messages-and-spoofs/#comments Thu, 15 May 2008 03:46:32 +0000 Jason Bean http://www.uncovertheinternet.com/how-to-spot-fishing-messages-and-spoofs/ Post from: Uncover the Internet

]]> This may be a little basic for some of our readers, but I thought I’d take a minute and talk about some Internet security for a minute. As this site is dedicated to uncovering great stuff on the Internet, we’re also aware that there’s plenty of opportunities to uncover some less than stellar sites and programs as well. One of these dangers is called “phishing”.

In our context, phishing is defined as:

“Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords. From Digitalstrategy.govt.nz

and the security website F-Secure defines it as follows:

In a computing context, Phishing is an impersonation of a corporation or other trusted institution. The goal of the impersonation is to extract passwords or other sensitive information from the victim. It is a form of criminal activity that utilizes social engineering techniques.

If you’re not familiar with the term your question is probably along the lines of how you really tell the counterfeit from the real-deal?

Let’s look at an example of a phishing message impersonating the popular online payment website, PayPal.com.

paypal-spoof-phishing

Let’s look at the different areas I’ve numbered in the graphic above:

  1. The e-mail looks as if it was actually sent from paypalservice@service.com. The first clue is that an e-mail from the actual PayPal website would probably come from an e-mail address on their own domain of service@paypal.com don’t you think? The service.com website doesn’t seem to have anything official to do with PayPal.com.
  2. Next we see the text of the message using active words to get your attention. One of the big things to look for in the body of a message is misspelled words. Sometimes it happens that typos make it through the editors, but for the most part any message from a company itself should have minimal if any spelling or grammatical errors.
  3. Here they’re providing you with a legitimate looking “reference number”. Again this is just a play to look official.
  4. The e-mail provides a link to go directly to their website to “fix” your problem right? WRONG! See #5
  5. If you hover your mouse over the link you’ll notice that it’s actually programmed to link you to some website that’s not even PayPal’s own domain and servers.

If you have any doubts about a message. Delete it immediately. If it’s serious you’ll more than likely get a follow-up message from the company. Even then, if you go to a website type in the URL manually yourself, don’t rely on any links to get where you’re going, you may not know what you’ll uncover or where you’ll end up in the journey.

Hopefully this has helped someone.

Post from: Uncover the Internet

]]> http://www.everyjoe.com/uncovertheinternet/how-to-spot-fishing-messages-and-spoofs/feed/ 0