Web Detective-in-Training

By Bret on February 22, 2005 3:09 PM | | Comments (3)

A few days ago, I got an e-mail, supposedly from PayPal, stating that there had been some unauthorized activity on my account. This struck me as odd, since I really only used PayPal for serious transactions once or twice, back in the summer. Upon first glance, it looked perfectly authentic in its formatting and wording. All the graphics were in the right place, and there were no obvious misspellings or grammar errors. There was, however, a misplaced comma and a spacing snafu toward the bottom of the body:

Ignoring our request, for an extended period of time, may result in account limitations or may result in eventual account closure.

Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protectyou and your account.
We apologize for any inconvenience.

That was my first tipoff. The second clue was the jumble of random letters located in the fine print at the very bottom of the e-mail:

JSTNWHTPTRXCJJUCCODFSLRGVOMNBNRBFNCNGL

I still harbored some curiosity, so I clicked the link provided in the e-mail, which took me to the PayPal login page... except that the URL provided actually showed up as a random IP address. As a final precaution, I brought up PayPal's actual login screen and Alt + Tabbed between the two. The mock-up from the scam e-mail was virtually flawless, except for a few missing contact links at the bottom of the page and a couple of line spacing issues.

So, case closed, and I saved myself from a potentially very big headache. I guess it just reinforces all the lessons you've heard about unsolicited e-mail: always double-check the source before you click on or enter anything.

If you go to the link provided now, the page is no longer there, so hopefully the scammers have been shut down. In case they're not, be careful!

3 Comments

Rachel said:

Sending emails like that is called 'phishing' since they're basically trying to fish for your personal info. I've gotten them before from PayPal and I've never even used PayPal for anything! Internet users beware!!

February 22, 2005 8:16 PM
Bret said:

Phishing, eh? Sounds about right. Thanks for the extra info, Rachel!

February 23, 2005 11:51 AM
Kevin said:

Hi Bret,

I saw your link from Amy's comment page... This is indeed a phishing scam. I actually did a port scan on the IP address that came into my machine when I received one of these a while back. The computer was wide open, indicating that it was probably some unsuspecting user who was infultrated by a hacker or virus. (Incidentally, the IP address originated from Korea... go figure) I imagine the hacker uses this box to send out the emails, and gathers the data from that machine.

Anyway, nice blog!

February 23, 2005 1:48 PM

Leave a comment

Diet Ramble On Zero

    Search


    Technorati

    Technorati search

    ยป Blogs that link here

    Flickr Photos

    www.flickr.com
    This is a Flickr badge showing public photos from Project BS. Make your own badge here.
    Subscribe to this blog's feed
    [What is this?]
     

    Archives

    Recent Posts

    The Rest of Project BS

    Blogroll

    People I Know