« Money Mule Recruitment | Main | Fake Amazon Email as Malware Delivery Vehicle »
Home | The Book | Training | Events | Tools | Stats |
February 18, 2010
(In)Credible PayPal Phishing Attempt [Updated]I'm glad to say that the destination to which the bogus PayPal payment notice leads was quickly taken down. But that doesn't mean that the message won't surface again soon with a different link to a different hijacked web site serving as a PayPal login credentials ripper offer.
The message's Subject: line,
You sent a payment of $40.00 USD to cleverbridge, Inc
looks like it could be from PayPal. In my experience, however, PayPal's notifications of having sent a payment do not include the payment amount in the Subject: line. Such notifications are more typically sent as receipts for your payments.
In any case, the message has a fair amount of HTML/CSS design behind it, adding to its perceived credibility:
There really is a company called Cleverbridge, but it appears to be more involved with back-end e-commerce computing, and not selling to consumers — certainly nothing for $40, whether it be virtual food or otherwise.
This type of message is exactly the kind that gets unsuspecting individuals — infuriated at having been charged for something they didn't buy — to follow the link to cancel the transaction. The link, however, leads to a phony PayPal login page, where the victim will feverishly enter user ID and password to cancel the transaction (a transaction which doesn't exist).
However, a smart potential victim will know to use a previously saved bookmark to log into PayPal manually, and inspect his or her account. Of course, there will be no record of this $40 payment because it doesn't exist. And the login credentials will be kept out of crooks' hands.
Update (19 Feb 2010): The same message arrived today, with the URL going to a freshly minted .org domain whose name includes "paypal". Right on schedule.
Posted on February 18, 2010 at 03:47 PM