«
»

Technology & Science

Damned Phishers

04.23.08 | 4 Comments

Phishers lure information from you for criminal intent

If you’ve been on the ‘net for any time at all, I’m sure you’ve gotten notes from phishers. What’s a phisher you ask? A sender of an unsolicited mail intended to lure you to visit a site and disclose sensitive information about yourself under false pretenses and for the benefit of the criminals. As a public service, here’s one of about 200 similar mails I’ve gotten over the past few weeks:

Dear Member,

The security questions and answers for your PayPal account were changed on April 23, 2008.
If you did not authorize this change, please contact us immediately using the form on the following page:

https://www.xxxxxxx-xxxxxxxxxx-pay-pal-acc.com/

Thank you for using PayPal!

The PayPal Team Security Advisory: When you log in to your PayPal account,
be sure to open up a new web browser (e.g. Internet Explorer or Netscape)
and type in the PayPal URL to make sure you are on the real PayPal website.

For more information on protecting yourself from fraud, please review the Security Tips in our Security Center.

Please do not reply to this email. This mailbox is not monitored and you will not receive a response.
For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.
—————————————————————-
Copyright © 1999-2008 PayPal. All rights reserved.

The xxx’s I’ve added as I don’t want to give these scumbags any more linkage than they already get, but suffice to say the landing page is a complete rip of PayPal and if you didn’t look at the URL, you could easily be fooled by what they’ve put on their harvest page. So, please, please, please don’t click on the links that come along with these messages and by all means, do not respond to the criminals.

If you are concerned and want to check what’s happening with your account, open a separate browser window, use your bookmarks to visit the vendor in question, and inquire through their customer service process how they would contact you if there was a problem and validate that there isn’t one.

In the past I would have suggested forwarding the message on to abuse@[vendor name].com – but these have become as bad as the thing you’re reporting. So do that if you like, but it’s now arduous. Be careful out there! Be skeptical, and don’t click URLs from unsolicited emails.

After nearly 15 years of this behavior, you’d think we would have learned how to defeat it by now. Oh well, another business opportunity to build a better mouse trap…

4 Comments




«
»