« Don't Phishers Do the Math? | Main | Is spamwars.com Being "Joe-Jobbed?" »
| Home | The Book | Training | Events | Tools | Stats |
Web log archive.
A Dispatch
August 14, 2006
Phishers GivethIn their never-ending quest to lure unsuspecting victims to log into phony lookalike Web sites, phishers pull every kind of trick. They've all begun to merge before my eyes, so it's not easy to know if I've seen a particular ploy before or not. Maybe I just haven't seen this for awhile.
It's quite common for a PayPal phisher to send a message that claims you've paid for something out of your PayPal account—when you know damn well that you didn't. All huffy and irate, you follow the link and log into the site. Whammo! Your PayPal ID and password are gone.
Tonight's missive is just the opposite. Someone named Samantha Gray has supposedly sent me money via PayPal. Here's what the message looks like in my email client:
Things fall apart at the end of the message with the spelling of "tranzaction," but I'll bet plenty of greedy recipients will overlook such details on their way to collect their $151.75. Log into the page (hosted at a hijacked Brazilian server), and you really ought to receive a message that starts:
You've got trouble!
Posted on August 14, 2006 at 12:36 AM