Back to Fred Mac Donald's Blog
Found an interesting but highly dangerous phishing scam in my inbox today and decided to take a look at how and what they trying to do.
Received Email had a couple of very obvious errors and for those that uses PayPal on a regular basis should be easy enough to spot.
I stripped out all the fancy fonts and things the scammer used to try and make it look legit.
Dear Customer
We are unable to Confirm your account information.
As a result, your account has been temporarily Suspended.
All the services related to your account has been suspended pending resolution. Please provide us with your details as soon as possible.
Just click on Confirm My Account and Login to your PayPal account and follow the instructions :
Confirm My Account
This is an automated message. Please do not reply to this email. If you need additional help, visit PayPal Support.
Notice: If this email was sent to you in your Junk or Spam folder please mark it as not spam due to our new security update.
Sincerely,
PayPal Inc.
Copyright 1999-2016. All rights reserved.
Using googleapps header analyzer returned the following.
Using an URL analyzer like http://urlquery.net showed a numberof interesting things, amongst others the first time this specific Phishing url is used.
The Phishing link pointed to this url: paypal-webapps-security-purchases-intl.spikeflail.com/sys/rez/
It would be easy enough to only look at the beginning of the url and see “paypal-webapps-security” and think you are ok. However the actual domain name the url is located on is “spikeflail.com”. Clearly not “paypal.com”
The website opening up is worrying similar to the actual PayPal website. Even down to the “Favicon” that looks like a PayPal and a SSL certificate to make sure your “PayPal” information is transmitted securely.
There are a couple of things that is wrong here.
The blue block in the URL doesn’t say “PayPal” but “spikeflail.com”
Be careful when opening emails even from familiar senders. Know what the email is suppose to look like. Having said that do not simply click on any link in the email. Rather open a new window in your browser and type in the url of the website you want to visit.
When the new website is opened take a couple of seconds to verify the website is actually the website you are expecting to see. Not one that looks familiar.
Read more about PayPal security here https://www.paypal.com/uk/webapps/mpp/phishing