Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

Phishing scams getting sneakier

Posted by Michael Bloch in ecommerce (Friday October 20, 2006 )

Some of these scammers are very clever people – if only they’d use their talents for good instead of being pond scum sucking parasites.

Related:

Anti hacking tips for home based online business

-->

I’ve gotten to the stage that just about any email that claims to be from PayPal gets deleted before it’s opened; but I am interested in monitoring how PayPal and similar phishing scams are evolving.

The latest one I received was quite sneaky and had a very interesting new twist.

At first glance, it was much like any other phishing email.

The subject line was: Attempts to log in to your PayPal account

By the way, if you’re not sure about an email from PayPal and you are concerned about opening it, an easy first step to determine authenticity is (if you’re using Outlook) to highlight the email; right mouse button click and select “options”. The header information showing the path that the email took to get to you will be shown. Look at the Received: from line – if it’s not PayPal’s servers, then it’s most likely a phishing scam.

On opening the message, it appeared to be in plain text format with a plain link to PayPal embedded, but on right-clicking over the text, the “view source” option came up indicating that the body contents were HTML.

Here’s where the twist occurs – on examining the source code, as expected the link actually pointed elsewhere; but where it pointed was a bit of a shock – here’s a snippet from the link:

http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q .. etc.

.. it’s a Google Adwords link – never seen that tactic before. Fraudsters tracking the success of their phishing campaign? Trying to make it harder to track them? Who’s paying for the clicks – I think we can be fairly certain it wasn’t the fraudsters :). They either set up the Adwords account with fake details, or some poor advertiser is having his budget drained and likely to have his Adwords account frozen while this is being investigated.

As for where the link lead, I wasn’t game to find out. I may be curious, but I’m not stupid ;). No comments on that claim please ;).

There’s a couple of morals to this story

a) Always treat emails that appear to be from PayPal, eBay or any other service that has your financial details on file with extreme suspicion. Never click a link in an email to access an account interface – go directly to the site to do so.

b) If you’re an Adwords advertiser, change your passwords regularly and change them now unless you’re absolutely and positively sure that there’s no way anyone could access the current password you are using.

Some of these scammers are very clever people – if only they’d use their talents for good instead of being pond scum sucking parasites.

Related:

Anti hacking tips for home based online business



 

 
3 comments for Phishing scams getting sneakier
  1. InternetPerils exposes phishing cluster at German ISP

    For details see

    http://www.internetperils.com/perilwatch/20060928.php

    Comment by Bill Gram-Reefer — October 20, 2006 @ 1:07 pm

  2. Is this PayPal logon page a fake ????

    (URL removed – MB)

    The link was sent in e-mail

    This page:

    (URL removed – MB)

    Shows:

    (URL removed – MB)
    This page is parked free, courtesy of GoDaddy.com

    Comment by John Q. Netizen — September 18, 2007 @ 10:02 am

  3. Hi John, that was indeed a fake. Any domain name that’s not “paypal.com” or “something.paypal.com” (note the “.” followed by paypal.com in entirety)is usually a phishing site. It’s always safest to go directly to paypal’s site rather than follow links from emails.

    Comment by Michael Bloch — September 20, 2007 @ 3:18 am

Sorry, the comment form is closed at this time.