« Alert, Alert
Syncing your phone(s) to your Mac »

PayPal Phishers get crafty

Posted in Basic, How To, Security | by Ed Morris - May 19th, 2006

Many of us enjoy the easy and convenient use of PayPal, an online payment service most often used in tandem with the electronic marketplace eBay. But like flies to sugar, online theives are drawn to the cash that PayPal’s electronic banks hold. They use fake emails crafted to look like something you would receive from PayPal to get your personal information. The term for emails like these is “phishing” emails. There are some dirty folk out there on the internet, but luckily they are easy to spot if you know where to look.

Here’s a typical example of a PayPal “phish”.

Seemingly innocent

The seemingly innocent email you receive asks you to update your account. The link “Click here to Update your account” looks genuine, there is even a section to the right speaking about fraud and what to do to combat it. Although at second or third glance you might notice that they are asking you to click the link below to “Update your email address”, which is odd, because they just emailed you.

Clicking on the link starts you on a strange journey…

Address bar

Hey, that’s not PayPal’s at all! It directs you to “summer.securenet-server.net”, which certainly has nothing to do with PayPal. This should be the first thing you check when clicking any link you get in an email like this.

Another good way to check if the email you have received is a phishing attack is to check the headers. The headers of you email are the identifiers, the information that tells you who it was from, who it is for, and what it’s about. These are your normal headers:

Normally Visible Headers

As you can see, it looks like this email came straight from PayPal.com. Looks like is right… as we check out the full headers:

Hidden Header Info

The first line in the full header view (after the normally shown headers) is Return-Path: which in this case shows an address of “nobody@mnwhost.ru”. Nobody? Really? Something does smell fishy around here, especially when “nobody” is sending his mail through a Russian server, denoted by the “.ru” at the end. A true PayPal email will have a Return-Path to PayPal.com.
The place to change your header readout in OS X Mail in Preferences > Viewing > Show Header Detail: This drop menu has None, Default, and All; switching to All will show you the full header page shown above, helping you ferret out the true sender of the phishing attack.

This entry was posted on Friday, May 19th, 2006 at 5:03 pm and is filed under Basic, How To, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

\n\n