Friday, July 29, 2005

Phish vs. Real PayPal email

Phish vs. Real PayPal email

PC Magazine has a nice article entitled "Real PayPal Email!"

In this article, Larry Seltzer explains briefly what made him think the PayPal email message in his inbox *might_possibly_be* a real, genuine message from PayPal, and not a phish.

Phishing is a pretending to be genuine, but actually is a fake to trick you. Using simulated reality to "phish/fish" for gullible people. The bait is the seeming authenticity, trying to sound and look official.

Phish emails come to my inbox from PayPal, eBay, Amazon, various banks, but with none do I actually have an account.

Signs of Seeming Authenticity

Here are 3 things that made the email seem authentic:

(1) message is plain text, and not HTML

(2) message refers to his real credit card number and lists its last 4 digits

(3) no links to click on or paste into his browser, but rather instructions for him to visit the PayPal web site and login to his account.

[[[-- The PayPal Email Message --]]]


Subject: Credit Card Expiration Approaching

credit card expiration date
update instructions

"To update your credit card expiration date:

1. login to your PayPal account

2. go to Profile subtab

3. click on the "Credit Cards" link in the Financial Information column

4. choose the radio button next to the credit card you'd like to update and click "Edit"

5. enter your credit card verification number

6. enter the new credit card expiration date

7. click "Save"

Thank you for using PayPal!

The PayPal Team

Never give your passoword to anyone, including PayPal employees.

Protect yourself against fraudulent websites by opening a new web browser (e.g., Internet Explorer or Netscape) and typing in the PayPal URL every time you log into your account.


carrie said...

i recenty received just such an email from paypal. i started to feel uncomfortable while i was filling out the form and decided to exit. it freaked me out.

i wasn't sure if i was just being paranoid or what.

steven edward streight said...


Or intuitive sense of danger? Submerged common sense?

I conduct zero financial or other sensitive transactions online. No shopping, no credit card usage, no banking online.

Never have, never will.

Each web user needs to spend time going to security sites, sites that teach safe browsing, safe email usage, etc.

Counter Hack, Ed Skoudis is good.

PC Mag has good information.