No honey, I didn’t buy a TAG Heuer watch on eBay using PayPal

The phishers are getting better and better, and it’s fascinating how, by playing the law of averages, inevitably they strike it lucky. This is an email Fiona just received:

Screen Shot 2013-05-14 at 2.12.58 PM

It looks perfect, exactly like a PayPal/eBay purchase confirmation. And the kicker is, I already have a TAG Heuer watch, and we’re extensive users of PayPal, so Fiona came asked, ‘hey did you buy another TAG watch?’.

I showed her how, if you View Source on this email (or indeed, in Mac Mail hover your mouse over the links) the actual URLs are in Russia, with a .ru address.

Of course we did not try any of the links. But I’ll bet my last dollar that the pages will be excellent copies of the PayPal log in pages, and thus the scammers would have access to our PayPal account, and our linked bank accounts and credit cards.

Here’s PayPal’s page on spotting fake emails:

Screen Shot 2013-05-14 at 2.21.39 PM

The fake email Fiona received doesn’t ask for personal information. The only thing that triggers an alarm at first glance is the lack of a personal salutation – notice it just says ‘Hello,’, not ‘Hello Fiona’.

And not everyone knows how to check the URLs behind the links of an email, and to realise they are not pointing to the real PayPal web site.

Another blogger has also seen this email and pulled it apart some more to reveal the type of nasty Javascript exploit you could be exposed to by following the links.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s