How to expose a fake…
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
Fake PayPal phishing email is easily mistaken as real. This is a particularly legitimate looking attack with the purpose of tricking the reader into giving up sensitive account information; specifically PayPal account information.
I’ll give you two easy ways to test if this is legitimate.
- Who is it really from?
- Check your links… (but DON’T click)
First let’s look at the email message itself – all in all a very real and official looking message.
Fake PayPal Email
There is nothing blatantly false looking within this message. Good clear and compelling instructions. No improper punctuation or misspellings. Many that originate from another country or from those less versed in the English language are fraught with misspelled words, incomplete sentences and poor punctuation. We’ll explore the links and or buttons in this message later.
Let’s back up just a little to show the Email as it appeared in the Inbox, you can see it looks quite official. I’ve highlighted the message so you can easily see the ‘from’ and ‘subject’ information.
Fake PayPal Email Subject
Next, lets look at who its really from. Again, I’ve highlighted the information. At first glance, you see ‘support’. You might think “Wow”, this is from paypal support. It may falsely set off an alarm in you of something you need to act upon with urgency! But wait! Look at the address a little closer and you will see it states at paypal-media dot com. That is your first clue that this is not a legitimate message from PayPal; if it were it more than likely would state at paypal.com. (Also note that you may need to view or enable full headers to see where your particular email is really from. Consult your email application help how to view full headers.)
Fake PayPal Email
Now back to the actual message and the links or buttons. Again do not click on any of the links or buttons!!! I can’t stress that enough. All you need to do is move your mouse over the link or button to see where it will take you. As long as your web browser is displaying the Status Bar, you will see what is behind these links or buttons. Resting my mouse over the “Confirm” button reveals a web address clearly not PayPal as well as a very long crypictic address. Another danger clue that this is fake. I’ve highlighted the address in the status bar below. Again, simply moving the mouse so it rests over the button will show you the information. Don’t click it!!!
Fake PayPal URL
This message is without a doubt a Phishing attempt to steal your account information!
The final steps are to forward the message to spoof@paypal.com and delete the email message from your inbox. As you can see in this picture, PayPal instructs us to forward then delete the message. Their support staff can then act upon the sender as well as probable fake websites used in collecting or stealing your account information.
Forward suspicious email to PayPal
Stay safe. Be diligent. And don’t fall prey to these thieves.
How has this helped you? Or what further information would you like to see?
Let me know in the comments below.
Tags: Browser Security, Computer Security, Fake PayPal Email, Fraud, Internet Security, PayPal, Phishing, Stealing Account Information
Twitter
Hello from Russia!
Can I quote a post in your blog with the link to you?
Hello! Thank you for asking. That should be okay, thank you.