Tag: phishing

Paypal Phishing Spam with a twist…

This post was inspired by some work on one of my other sites but made me laugh so much it was worthy of being discussed here to.

We all get them, Paypal phishing emails that look like a mail from Paypal. When you click on them, they then take you to a site that looks like Paypal and when you enter your Paypal information, it gives you an error and redirects you back to the real Paypal site with you hopefully none the wiser… Except that you’ve now given the Phisher’s your Paypal details…

So before I go any further, never ever click on a link in an email that subsequently is going to ask you to log in.

1. You get en email from "Company ABC".
2. Open your browser of choice.
3. Navigate to "Company ABC’s" website.
4. Log in.
And you’re done.

If you get into the habit of doing this, you can never ever fall prey to a phishing email.   
 
I’ll say it once more just for effect, Never ever log in to a site that you have arrived from after clicking a link in an email.

Ok, warning out of the way, back to the main point for this post.
Earlier on today, I got a new format of Paypal phishing email.
The contents of which are quoted below:

Due to our recent database update we require that you confirm your PayPal account. The confirmation process takes 3-5 days.

So far, nothing new I thought…Here we go again and I look down for the usual phishing link, except I couldn’t see one, so I read on.

We have taken this measure to reduce the number of the unused PayPal accounts in our database.

To confirm your PayPal account you must make a deposit in the bank account of our PayPal agent in charge with account management. The deposit amount of  $ 50.00 USD will be uploaded into your PayPal account.

So hold up…They want me to deposit $50.00 USD into their account and then they will pay it back to me.
hmmm, I’m starting to see a slight flaw in their plan already…

The details needed for the deposit are:

Amount to deposit: $50.00 USD
PayPal agent name: <details deleted>
Bank name: <details deleted>
Bank address: <details deleted>
IBAN: <details deleted>
SWIFT/BIO: <details deleted>

For security reasons, I’ve deleted various details from above, but in this case, they were all valid and did point to an existing foreign bank account with a valid name.

So just how exactly do the phishers collect their money?
Either someone else has been scammed and the bank account details belong to someone who has had them stolen or, the details actually belong to the phisher.

Now I know these people can be stupid, but I can’t believe they would openly send out their own bank account details. Or are they that stupid? I’d like to think so, because that means by the time you read this, they are already hopefully locked up in some Gulag camp (now there is a clue as to where the bank account details were based which shouldn’t surprise most of you).

But even if they weren’t that stupid and the bank account belonged to some other poor soul who was totally unaware, surely there aren’t enough people in the world dumb enough to fall for this for them to get enough money before the account was shut down.
The account is also in a country where I don’t know what sort of relations the authorities in the west has.

Unfortunately, a great number of people do fall for these types of scams.It just beggars belief at the number of different methods that spammers and phishers will try in order to extort money from people.  What is more disheartening is that real people will fall for tricks like this.
So never ever click on a link from an email that subsequently wants you to log in.

For the techies out there: The email was sent using a compromised computer based in the US and the phishing website was being hosted on a Spanish server in Madrid. (They were probably distracted watching Spain at Euro 2008 or Nedal at Wimbledon).

The quick way to shut down a phishing website!

Ok, so I open up today’s spam mail folder and there at the top of the queue is a phishing email ‘from’ the NatWest Bank.

Clicking on the "log in" button takes you to a perfect replica of the NatWest site with a page for visitors to enter in their information to ‘verify’ their account.

The dead give away was the URL contained a non-NatWest looking domain.  What caught my eye this time, was the fact that I recognised the website that had been hacked.

http://www.companyA.com/folder/folder/natwest.com
rather than 
http://www.natwest.com

Rather than set up their own web server to ‘host’ the target bank web sites, one method the bad guys employ is to use a ‘hacked’ website.

In this case, the bad guys had obviously hacked their way into "Company A’s" web server (who being an innocent party here, will remain anonymous).

They then uploaded their imitation "NatWest" bank site to which they would direct users from within the phishing email.

In this case, the phishing website would email any data entered into the fake form back to a central account which would be read by the attackers.

At the time of opening this email this morning, it already being detected by several anti-phishing filters, so at least those users would have been protected. (Note: If you haven’t installed McAfee SiteAdvisor toolbar for Firefox or IE, then go do it now. It’s free and it works).

Continue reading