Today I received my first confirmed phish email.

Fortunately I played it safe and sent it to PayPal's spoof center before giving any information. They confirmed that it was fraudulent.

BEWARE!

Here's the email:

[FONT=Optima]From View message header detailPayPal <client-232053@paypal.com>
Sent Wednesday, May 25, 2005 6:35 am
To
Cc
Bcc
Subject PayPal Accounts Management



Dear valued PayPal

 

I've gotten a bunch of these...you certainly did the correct thing!!!!

My most recent one involved unusual account activity, from foreign shores, which is the most common point of attack. Seeing this certainly makes you concerned, however having plenty of experience, I knew not to respond...without checking it out, first.

NEVER...respond to one of those, and ALWAYS forward a copy to whichever business entity you are dealing with.

 

if you mouse over the links in the email you will notice that they actually go to an address other than paypal.com.

 

How can you tell? My navigation bar says the same thing as the URL?

 

this is in your email program in the original email?

 

When I hover on the link (above), the URL is shown in the nav bar at the bottom of the Firefox screen.

I went to my "Deleted" folder to see what hovering over the original email would do and guess what. The email has disappeared.

*hearsthemefromTwilightZone*

 

Me too! After I re-upped my S2KI membership thru the PayPal service. I have never used PayPal before. Hmm any coincidence here?

 

Hovering over the URL is a good way to check on the link. Often, the graphics in the eMail will come from the actual vendor's (bank, whatever) site but the clickable link will point somewhere else. Still, there are ways to obfuscate URL's that are hard to detect.

The safest thing is, if you think the email might be legit, open a browser and go to the site using your usual shortcut, favorite or hand-typed URL. That way you avoid any pointers to phishing sites.

As a rule, no ISP, Bank or other vendor is going to ask you for your account information. After all, they already know it. One point about PayPal, the phishing eMails always have something like "Valued PayPal Customer" as a salutation. Real mail from PayPal will always have your actual name in the salutation.

Good computer hygiene, Mybad!

 

I'm glad somebody noticed.

Keeping myself hygenic is getting harder every day.

(I'll kill anyone who cracks an old-age joke here)