Sophos Cloud Optix
Australian PayPal users are being targeted in what is a now-typical pattern of phishing against the global payment service.
The trick is short and simple: you receive an email “acknowledging” a smallish payment. It’s $79 to an eBay advertising service in our example:
You know you didn’t spend that money yourself. Perhaps, at this time of the year, you’re worried than someone else in your household, like an unsupervised child, clocked up the charge?
Your natural inclination is to dispute the transaction. Indeed, it seems small enough that the PayPal’s online dispute resolution ought to be enough to take care of it, so you may be inclined to click through to kick off a dispute right away.
And that’s the ploy, of course. Hovering over the “Press here to cancel this payment” link should be enough to reveal the bogosity. You won’t be sent to PayPal but to a lookalike impostor site that helps itself to your login details:
You should spot easily that the site is bogus – the URI isn’t PayPal’s; the look and feel isn’t quite right; and the site doesn’t use an encrypted connection (https) like the real site:
The main page of the website used as a link in our example phish looks like a holding page from a server that was never properly configured.
It’s a reasonable assumption that the crooks behind this phish simply plundered resources on an insecure server – very likely using automated tools that help them “find-and-own” improperly configured sites:
Don’t become part of the problem this Christmas season.
- Be wise about what and where you click. Don’t rely on login links sent to you in email.
- Be cautious about where you enter your password. Check that the site looks right, and uses https, before you start typing.
- Secure your servers before you put them online. Don’t go live and then worry about locking the door. Crooks need just a few seconds to set up “cybersquat” pages on your web properties.
(To learn more, why not take a look at the Sophos Security Threat Report 2013? It’s full of advice on how to be a safer surfer.)
Good to read link addresses for legitimacy.
Which is why the spelling of this article's address is ironic: "payapl-phising-scams-take-care-of-yourself"
Payapl-phising. Unless that's on purpose.
It's just interesting coming from you guys, that's all.
Irony, indeed. Well spotted 🙂
I'd love to say it was a touch of deliberate satire…but it was a plain old blunder. (The system we use for publishing gives you a giant web form for the title of your article, but about 23.5 pixels for the URI. And once you've published your URI, you're kinda stuck with it.
Oh well. At least we don't ask for a password anywhere on the page – and the host-and-domain-name part (nakedsecurity.sophos.com) is what you'd expect.
I did groan when I spotted my mistake, about 0.026 seconds after publishing it. But then I thought, "Cool. I'll repurpose it as irony," which was a sort of meta-irony in its own right. Or something.
After being hit up with several attempts like this – and similar, I always do an immediate mental check back on any of my last 10 plus payments made through PREYPAL – and immediately send them through to their spoof@paypal.com address…….
The y ALWAYS – but ALWAYS reply back with their usual screed of looking out for "suspicious" phishing attempts [DOH!] and to be very careful about "clicking" on any links ……
Like I mean to ask – – WHY do you think I sent the "spoof" message to them in the first place – but for their information and possible tracking [ highly unlikely most times] – sometimes – well most times actually – I wish they could respond on an equal level sometimes instead of treating me like an uneducated child…….?
After all I know I bray a bit sometimes – my big ears flop in the afternoon sun – but that is because I am a donkey who brays – not an ass!
I just delete unsolicited mails then visit the supposed sender account to see if they have any messages or actions for me. Takes a little longer than clicking on a spoof link but I can live with losing 30 seconds now and then.
Found this email in my "junk" and thought it looked suspicious! My son just had unauthorized use on his debit card, so tis hit close to home. But I figured that it was a scam, since my email account knew to stick it in my junk mail! Thanks for the info!