PayPal phishing scams – take care of yourself online this Christmas


Australian PayPal users are being targeted in what is a now-typical pattern of phishing against the global payment service.

The trick is short and simple: you receive an email “acknowledging” a smallish payment. It’s $79 to an eBay advertising service in our example:

Paypal phishing email

You know you didn’t spend that money yourself. Perhaps, at this time of the year, you’re worried than someone else in your household, like an unsupervised child, clocked up the charge?

Your natural inclination is to dispute the transaction. Indeed, it seems small enough that the PayPal’s online dispute resolution ought to be enough to take care of it, so you may be inclined to click through to kick off a dispute right away.

And that’s the ploy, of course. Hovering over the “Press here to cancel this payment” link should be enough to reveal the bogosity. You won’t be sent to PayPal but to a lookalike impostor site that helps itself to your login details:

Paypal phishing site

You should spot easily that the site is bogus – the URI isn’t PayPal’s; the look and feel isn’t quite right; and the site doesn’t use an encrypted connection (https) like the real site:

Paypal's real site

The main page of the website used as a link in our example phish looks like a holding page from a server that was never properly configured.

It’s a reasonable assumption that the crooks behind this phish simply plundered resources on an insecure server – very likely using automated tools that help them “find-and-own” improperly configured sites:

Website with 'now configure me' warnings

Don’t become part of the problem this Christmas season.

  • Be wise about what and where you click. Don’t rely on login links sent to you in email.
  • Be cautious about where you enter your password. Check that the site looks right, and uses https, before you start typing.
  • Secure your servers before you put them online. Don’t go live and then worry about locking the door. Crooks need just a few seconds to set up “cybersquat” pages on your web properties.

(To learn more, why not take a look at the Sophos Security Threat Report 2013? It’s full of advice on how to be a safer surfer.)