If you’ve been on the ‘net for any time at all, I’m sure you’ve gotten notes from phishers. What’s a phisher you ask? A sender of an unsolicited mail intended to lure you to visit a site and disclose sensitive information about yourself under false pretenses and for the benefit of the criminals. As a public service, here’s one of about 200 similar mails I’ve gotten over the past few weeks:
Dear Member,
The security questions and answers for your PayPal account were changed on April 23, 2008.
If you did not authorize this change, please contact us immediately using the form on the following page:https://www.xxxxxxx-xxxxxxxxxx-pay-pal-acc.com/
Thank you for using PayPal!
The PayPal Team Security Advisory: When you log in to your PayPal account,
be sure to open up a new web browser (e.g. Internet Explorer or Netscape)
and type in the PayPal URL to make sure you are on the real PayPal website.For more information on protecting yourself from fraud, please review the Security Tips in our Security Center.
Please do not reply to this email. This mailbox is not monitored and you will not receive a response.
For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.
—————————————————————-
Copyright © 1999-2008 PayPal. All rights reserved.
The xxx’s I’ve added as I don’t want to give these scumbags any more linkage than they already get, but suffice to say the landing page is a complete rip of PayPal and if you didn’t look at the URL, you could easily be fooled by what they’ve put on their harvest page. So, please, please, please don’t click on the links that come along with these messages and by all means, do not respond to the criminals.
If you are concerned and want to check what’s happening with your account, open a separate browser window, use your bookmarks to visit the vendor in question, and inquire through their customer service process how they would contact you if there was a problem and validate that there isn’t one.
In the past I would have suggested forwarding the message on to abuse@[vendor name].com – but these have become as bad as the thing you’re reporting. So do that if you like, but it’s now arduous. Be careful out there! Be skeptical, and don’t click URLs from unsolicited emails.
After nearly 15 years of this behavior, you’d think we would have learned how to defeat it by now. Oh well, another business opportunity to build a better mouse trap…
This is actually quite frightening. The phishers have gotten a lot more sophisticated in wording the messages. During a busy day, I could see myself quickly scanning this message and clicking on the link. It looks much more authentic with the “fraud” warnings and the “Security Center” support. Is there a place where other phishing messages are posted so we can be aware of what’s being sent for other financial institutions (eg, Bank of America, etc)?
Good question, I don’t know though I’d imagine there are security sites that have examples out there. The problem is, it’s a losing battle as they change constantly and it would be nearly impossible to keep up.
I saw a new one today that said I was part of a class action suit for a memory card (that might be real) and had some links to claim my share.
They at least get marks for creativity on the memory one…