Some people are surprised that phony sites are so "real looking".
Remember, anyone can download , for example, a Citibank page complete
with all the logos, modify it, and put it onto a phony site. The only
safe approach is to never enter sensitive data into a site that you did
not get from a trusted source. Don't click on an email but rather type
"www.citibank.com" directly into your browser.
Incidentally, I've run across an ingenious tactic whereby a site brings
up a popup window which looks like a browser window, but, in fact all
the "buttons" may do rather different things. With such a ruse may think
one is typing into the navigation window but is actually communicating
with the clandestine site. To avoid this tactic, one should kill and
then restart the browser before pay bills...
Aaron Silverman wrote:
I think you guys misunderstood. I wasn't really trying to warn you
guys about this as you know about it. However I can think of many
friends who are plenty capable of knowing the Nigerian thing is fake
but yet may still fall for the paypal thing. My message was more of a
suggestion to warn your less savy friends.
David Zakar wrote:
I think, if anything, I'm surprised at how many people are acting as
though phishing emails are something new and surprising. I recall
getting these things _years_ ago, and they were of reasonable quality
back then, too. Don't click before you look, everyone. You'd think that
people would understand that by now.
On the same topic, I also just recently got an email from some guy in
Nigeria who's apparently got some money tied up in the government.
Apparently, he's got like five million in a bank account, but he can't
get it out unless he pays ten grand to the government. He offered to
split the sum with me 30-70 if I'd just send him the ten grand to get
the money out. Ten grand for 1.5 million bucks, sounds like a great
deal. Have any of you heard about this guy? Seems like it would have
made the news before, but I'm definitely thinking about taking him up on
his offer - it almost sounds too good to be true!
Sorry if that sounds obnoxious, but "look out for phishers" is about as
obvious as "keep your system patched" and "don't send money to people in
Nigeria". You may as well just say "hey, you need to teach your friends
to be Internet savvy!".
I appreciate the sentiment, though, so I do thank you for the concern.
-DMZ (compounding useless emails with more useless emails)
On Fri, 2005-09-16 at 10:55 -0400, Aaron Silverman wrote:
Just a heads up guys, I got this e-mail from "[EMAIL PROTECTED]":
Note that it also had little fancy logos and stuff:
"We recently noticed an attempt to log in to your PayPal account
from France,a foreign IP address and we have reason to belive that
your account was used by a third party without your authorization.
If you recently accessed your account while traveling, the unusual
log in attempts may have been initiated by you. Therefore, if you
are the rightful account holder, click on the link below to log into
your account and follow the instructions.
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
(this link really points to www.paypal-webscr.com)
If you choose to ignore our request, you leave us no choice but to
temporarily suspend your account.
If you received this notice and you are not the authorized account
holder, please be aware th at it is in violation of PayPal policy to
represent oneself as another PayPal user. Such action may also be in
violation of local, national, and/or international law. PayPal is
committed to assist law enforcement with any inquires related to
attempts to misappropriate personal information with the intent to
commit fraud or theft. Information will be provided at the request
of law enforcement agencies to ensure that impersonators are
prosecuted to the fullest extent of the law.
Thank you for your patience as we work together to protect your
account.
Sincerely,
PayPal Account Review Department
PayPal, an eBay Company"
However the link takes the poor clicker to
"http://www.paypal-webscr.com/"; where they try to steal your
information. Just like that e-bay scam you can enter any
name/password and then see how it tries to get your credit card
number and bank routing numbers and all that good stuff. I know
you guys are probably smart enough not to fall for this but you may
want to tell your friends.
P.S. This person spelled "believe" wrong in the last line of the
first paragraph.
