PayPal Phishing Scam Exposed

February 2006

Watch out Internet purchasers—a new kind of identity theft has emerged that can nail even the computer savvy!

Internet thieves are now using fake receipts with obviously fradulent charges in order to alarm you into quickly hitting a dispute transaction link.

Thieves are also getting better and better at mimicking legitimate web sites and e-mails.

Read our article below to examine the PayPal phishing scam and learn tips that will help you spot other phishing scams.

1. Article—PayPal Phishing Scam Exposed
2. Suggested Products—Spyware Doctor and MySecurityVault Pro Password Manager

PayPal Phishing Scam Exposed

A member of WhiteCanyon's staff recently received an e-mail that appeared to be a payment confirmation e-mail from PayPal. A screen capture of that email is included here for reference. Click to enlarge it.

Click to Enlarge (190Kb)

This e-mail shows that apparently our male staff member ordered a small, strapless, Forever 21 salsa dress in brown and pink. His first reaction was to say, "No I did not!" and follow the "dispute claim" link that appears on the page. Luckily, his security training kicked in before he clicked the link. Instead, he began looking for clues to see if this e-mail was legitimate or not.

Incredibly Credible Scam

This PayPal scam is one of the most sophisticated we've ever seen—the phishers got nearly every detail correct. They missed just two details (listed below), and anyone who didn't know these two details would probably be caught and have their identity stolen.

1. Customized E-mail

   The phishing e-mail used our staff member's e-mail address as part of the message. This is a detail that fools many people. However, PayPal states on its help page that it only addresses PayPal members with their first and last name, not by e-mail address.

2. Real Product

   The item listed in the e-mail was an actual item for sale on eBay: Strapless Salsa Dress

3. Nearly-Perfect URL

   The URL for the real and the fake sites were identical except for a handful of characters.

   Real URL: https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
   Fake URL: https://www.paypal.com.dllsll2.us/icmd=_login-submit.htm

   You can quickly tell a fake PayPal link from a real one because ALL PayPal URLs must begin with this exact domain name: www.paypal.com. Notice the fake URL is www.paypal.com.dllsll2.us.

4. Legitimate-Looking Site

   The phishing login page was almost identical to PayPal.com's login page. Here's the real site: Real PayPal, and here's the fake one (DO NOT ENTER REAL INFORMATION ON THIS SITE. Don't mix it up with the real PayPal, either. Please be extremely careful!): Fake PayPal.

How to Spot a Phishing Scam

So how do you spot a scam like the PayPal phishing scam? Here are some tips:

Credibility Elements

Our staff member began by looking at credibility elements that would help him prove to himself whether the e-mail was legitimate or not. Phishing e-mails often miss or imperfectly mimic these elements.

1. Real Account

   Do you actually have an account with this company? Does the e-mail actually refer to the correct account? Another WhiteCanyon staff member received a spoofed eBay e-mail even though he doesn't even have an eBay account!

2. Corporate Logo / E-mail Appearance

   If you have an account, you can check the e-mail to see if it is current with the logos and appearance of the company's web site or other e-mails you have received. This PayPal spoof does a pretty good job of appearing legitimate.

3. Return Address

   Some phishing e-mail will look completely legitimate except that the return address does not match the company that is supposedly sending the e-mail. In this case, the return address (not shown) appears to be "confirmation@paypal.com"

4. Contact Information

   Legitimate e-mails usually come with multiple forms of contact information, including e-mail, telephone (1-800 number), and street address information. This e-mail doesn't include any PayPal contact information, which arouses some suspicion.

Warning Signs

There are certain signs that make an e-mail "smell phishy," some of which include:

1. Image E-mails

   Some phishing e-mails are simply screen captures of legitimate e-mails with a link to a web site designed to steal your information

2. Wrong Server

   If you've clicked a link from an e-mail and the address in the address bar at the top of your browser doesn't match the usual address for the site or login page, it is very likely that the e-mail is from a phishing scam.

3. Grammatical Mistakes

   Phishing e-mails often contain a large number of grammatical mistakes. This isn't to say that legitimate e-mails won't have mistakes, but mistakes are much less frequent in real e-mails—especially when it comes to purchases or account information. These e-mails are form letters that get sent out thousands of times and are usually carefully proofread. Phishing e-mails are often slapped together and contain mistakes.

   This PayPal has few grammatical mistakes but contains the following crucial sentence with four errors in it: "If you haven't authorized this charge,click the link below to dispute transaction and get full refund" The comma is misplaced, the period is missing, and there are two articles ("the," "a") missing.

4. Urgent Requests for Information

   Most phishing e-mails try to rush people into making a bad decision. If you receive an e-mail regarding an important issue such as your account or purchase status, it pays to slow down and collect some information. In our PayPal e-mail, notice that there are only two links on the entire page—the item description link and the dispute claim link. There are no links to PayPal.com, your account, frequently asked questions, support or help, or anything else.

Conclusion

Remember, even if an e-mail or website has all the necessary credibility elements and is devoid of the normal warning signs, it can still be a phishing e-mail. Legitimate companies don't (or shouldn't!) ask for important information by e-mail. If you are unsure if an e-mail is legitimate or not, visit the company's website by typing it directly into your address bar (links can fool you) or call the company using a registered telephone number (not the one listed in the e-mail!) and ask them.

Never give out personal information unless you are sure that it will be secure.

Suggested Products

Spyware Doctor Spyware Doctor is a key tool in the fight against phishing. Spyware Doctor's Phishing Protector blocks many phishing e-mails from ever arriving in your inbox. You can't fall for a scam that you never see!
	Block phishing e-mails Detect and remove spyware from your computer Block and prevent the installation of spyware and adware Keep your computer running at top speed Protect your personal information and prevent identity theft
Was $34.95, Now $29.95   You Save $5.00!

MySecurityVault PRO MySecurityVault PRO is a powerful password manager. It organizes and stores your passwords in encrypted vaults that prevent your passwords from being stolen and prevent you from forgetting them! It can also store and encrypt files and other information in customizable fields (like your address book).
	Keeps your passwords and files from falling into the wrong hands Stores and organizes your passwords so that you won't forget them and won't be tempted to use easy (and therefore bad) passwords. Uses leading-edge encryption techniques to protect your files Multiple users can each have multiple vaults
Normally $24.95, Now $19.95   You Save $5.00!