In a previous article, How your Yahoo! Mail account can be hacked with phishing – A real life example, I mentioned how Yahoo email phishing can take place. Phishing can take place with any website especially where hackers have a chance to steal money.
I keep receiving PayPal.com phishing emails. The sender pretends to be from PayPal and asks me to take some action and click a link to remedy the situation: “Warning! Your PayPal account was limited!”
In the picture below, notice the following suspicious elements:
- The “Reply-To” is fishy (firstname.lastname@example.org)! It does not belong to PayPal.com
- The email subject is simply “Update!”
- The email text is really fishy as well. The message has a sense of urgency around it…fake urgency.
- When you hover over the “Click here to Confirm Your Account Information” the target address is: http://msanterre.dectim.ca/wordpress/wp-admin/upp/update/secure/ <– Bid red flag. This is not PayPal
I used a disposable virtual machine to browse to this suspicious address (http://msanterre.dectim.ca/wordpress/wp-admin/upp/update/secure/) but of course it was taken down.
So I decided to lookup the Whois information about this phishing address:
Take aways from this phishing attempt:
- Never get scared because of the message in the email. There is nothing urgent when it comes to electronic communication or online banking / financial related things
- Always inspect the sender’s email address
- Never click on links in an email. Hover the mouse over the link and see where it points to
- If you get a message that claims it is from PayPal, then go manually to PayPal.com (as you usually do) and login and see what needs your attention
You may also like: