How a Paypal phishing email looks like and how to detect it

SHARE & COMMENT

In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.

The first recorded mention of phishing is on the alt.online-service.america-online Usenet newsgroup on January 2, 1996, although the term may have appeared even earlier in the print edition of the hacker magazine 2600. The term phishing is a variant of fishing, probably influenced by phreaking,  and alludes to the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords. The word may also be linked to leetspeak, in which ph is a common substitution for f.

Shown below is a sample email message I received from PayPal

296586444 ae81db85fa How a Paypal phishing email looks like and how to detect it

If you dissect this email digging into its header and the content code, you will see two things jump out

1. The image being shown as PayPal logo at the beginning of the email is hosted on a secure website called paypalobjects. The full link for the image is https://www.paypalobjects.com/en_US/i/logo/paypal_logo.gif

2. At the link in the email where they ask you to click to confirm your email account, the link displayed is only https://www.paypal.com/cgi-bin/webscr?cmd=login-run which is actually a valid login site at PayPal.

However, there is a hidden section in that link with your click being forwarded to a dns.nic.bs website.

https://www.paypal.com/cgi-bin/webscr?cmd=_login-runhttp://dns.nic.bs/webscr/cgi-bin/3fcmd=_login-run/paypal/login.htm

Luckily, both IE7 and Firefox 2.0′s built in phishing detection work as shown below

296599265 ec9548a7ef How a Paypal phishing email looks like and how to detect it

296600017 8663cd6628 How a Paypal phishing email looks like and how to detect it

Anti-phishing software is available that may identify phishing contents on websites, act as a toolbar that displays the real domain name for the visited website, or spot phishing attempts in email. Microsoft’s new IE7 browser, Mozilla’s Firefox 2, and Opera from version 9.1 will include a form of anti-phishing technology, by which a site may be checked against a list of known phishing sites. If the site is a suspect the software may either warn a user or block the site outright as shown in the pictures above. Firefox 2 uses Google anti-phishing software, which may also be installed under IE6. Spam filters also help protect users from phishers, because they reduce the number of phishing-related emails that users receive. An approach introduced in mid-2006 (similar in principle to using a hosts file to block web adverts) involves switching to using a special DNS service that filters out known phishing domains, which will work with any browser

Sites have added verification tools that allow users to see a secret image that the user selected in advance; if the image does not appear, then the site is not legitimate. Bank of America uses this together with challenge questions, which ask the user for information that should be known only to the user and the bank.

External Anti spam links

  • Anti-Phishing Working Group – News about phishing and anti-phishing control methods.
  • Bank Safe Online – Advice to UK consumers regarding phishing.
  • Banking Scam Revealed – A public forensic examination of a phishing attack.
  • CIMIP – Center for Identity Management and Information Protection.
  • Duke Law & Technology Review – Plugging the “phishing” hole: legislation versus technology.
  • FBI E-scams and Warnings Update – Summaries of new or active scams that use the web or e-mail.
  • FTC Consumer Alert – How not to get hooked by a phishing scam.
  • How Phishing Actually Works – How the bad guys actually operate.
  • Indiana University Phishing Group – Collection of research articles on phishing.
  • Know Your Enemy: Phishing – Case study from the Honeynet Project on detailed techniques of a couple of phishers.
  • Phishing Detection and Prevention: Practical Counter-Fraud Solutions – Industry whitepaper exploring various counter-fraud techniques.
  • The Phishing Guide: Understanding and Preventing Phishing Attacks – The technologies and security flaws phishers exploit.
  • Phishing IQ Test – Find out how well you can recognize a Phishing email.
  • Phishing mailing list – Phishing discussion, research and mitigation.
  • Phishing scams gallery – A large and growing gallery of phishing examples.
  • Spot phishing scams – Recognize Phishing Scams.
  • If you liked this article, click here to buy me a beer!

    • Cam

      Anyone notice how September is spelt wrong in that e-mail?

    • http://www.abazza.com Abazza

      Its always looking real,… but be honest,…. wh o can believe in it,…. real post is comming through snail mail,… or not?

      Simply publish this.

    • Pingback: Spammers now using TinyURL to flood comments | Ajit Gaddam: TechNews and Security

    • Justin

      I recently got something like that from Amazon. It looked so freaking real