Pages

Monday, 30 June 2008

Identity theft

A phish email, supposedly from PayPal, landed in my Bulk folder today. I didn't have to take a second look at it before forwarding it immediately to spoof@paypal.com. Here is how it looked like:


A typical identity theft or phishing technique but it didn't fool me. Here's how a phish usual works. The fraudster sends out an officially looking email that makes the potential victim feel concerned enough to want to reply to it. And when you do, you're also asked to disclose some personal details like your password or financial information. That should make you wary enough because once you give these details away, your credit will be wiped clean.

In this case, the fraudster had even given these three easy steps to follow:
  • Login to your account by clicking on the link below
  • Provide requested information to ensure you are the owner of the account
  • Find this transaction in HISTORY and click 'Cancel Transaction'
The other giveaway sign was the CANCEL TRANSACTION button which linked not to PayPal but to a suspicious-looking web address in Romania. You can uncover this easily by moving your mouse over the link (but you don't have to click on it). If you were to click on it, it'll take you to a website that looks like the real organisation's. But it's not. That's the bogus website that has been designed to steal your identity. So be warned if you receive an email similar to mine.

No comments:

Post a Comment