Donald Rossberg

I got an email tonight that made me very curious and very angry.  I can not think of many times when I have received phishing attacks but this one is pretty convincing to the untrained eye.  The email states that unauthorized access to my PayPal account has occurred and they are locking it down in order to prevent theft.  The first thing anyone thinks about with this kind of message is “oh my gosh, I’ve been hacked”.  As I continued to read the message there were a couple things that stood out and when I looked at my PayPal account I realized this was a phishing scheme.  The email is below but I want to walk through some things that will help you identify this type of scam so you can be prepared.

You will notice first off that I forwarded this email.  PayPal suggests forwarding all suspicious email to spoof@paypal.com for analysis.   Aside from that there are a couple things that give this email away as a phishing attack.  The first is the “To” field.  It is sent to PayPal.  This indicates that the message was sent to a distribution group that my email happened to be in and not to me directly.  This is clearly not a practice that any organization would use when communicating sensitive information to a customer directly.

The second piece I did not notice right away although I should have.  If you look at the sender, the email address is support@paypal-media.com.  This is not a domain owned by paypal!!  If you ever receive an email from a domain that is similar but not exactly the organization, it is a good chance its a phishing scheme or SPAM.  These two items alone should leave you suspicious and prompt you to contact the organization the message is claiming to be from immediately.  NEVER reply to an email of this type or click on any links contained in it.

The next part about this email that is highly suspicious is the wording in the body followed by the link to complete the form.  Again this is one of the better scams I have seen so don’t feel bad if you wouldn’t have caught some of this, money and bank account messages don’t get deleted like the “win a free ipod” messages do.  That’s what makes this one noteworthy.

Clicking on the link at the bottom reveals that the form is hosted at another domain and Firefox 3.5 automatically recognizes it as a phishing domain.  However the main reason why you need to think twice before taking an email like this one seriously is this…

NO, NOT ONE financial institution will EVER contact you via email if there is a security matter with your account.  There is a reason they want a physical address and phone number!  If you receive an email like the one above, simply contact the institution in question directly, never through a link in the message and verify that everything is alright directly.

Upon further review in the email headers, this email was actually sent from someone’s AOL account.  This typically means that that persons computer has been compromised with malware.  This is why it is so critical that you keep your computer security current.  So in review, lets examine some steps to take to avoid ID theft and falling for phishing scams…

1. If it looks suspicious – it probably is!  Contact the institution in question directly via phone and NEVER through the information contained in the email especially links or phone numbers contained in the email.  Remember that the IRS and banks especially will never contact you via email in regards to account or personal information.
2. Keep your browser current!  Internet Explorer 6 is NOT a viable browser anymore.  You should always update your browser whether it is IE, FireFox, Opera etc.. to the latest version.  It is always free and takes very little time to do.
3. Keep Anti Virus & Anti Spy ware programs current!  I recommend VIPRE anti virus because of its speed, accurate scanning and frequent updates.  Whichever program you decide on, make sure it has the most current definitions.
4. Keep your operating system current!  There is a reason that Microsoft and others release service packs and regular updates.  By keeping your computer patched, you reduce your risk of infection and a data breach.
5. Change your passwords often and have more than one!  By changing your passwords often and not using the same password for everything, you reduce your risk and potential impact if/when a security event occurs.  Passwords should be 8-10 characters with upper & lower case, numbers and/or special characters.  (example: K@ns@sC1ty)

While these steps alone will not guarantee that you never experience ID theft or other issues, they are a great first place to start.  I hope this was helpful and as always please post your thoughts below.