Welcome back to Phish Week. If you were with us yesterday, we went over the basics of Phishing, generally what phishing is. If you’re just joining us, click HERE to checkout yesterdays post and get all caught up.
Today we will take a look at some of the more popular phishing targets out there. As I stated in yesterdays post, EBay is among the popular targets of phishing scams, but another website, which is owned by EBay is also a popular target, PayPal. Why are these sites such big phishing targets? The answer is simple, money! Both EBay and PayPal likely see hundreds of thousands of dollars trade hands each day if not more, so what better place to start trying to rip people off? PayPal scams are usually a little easier to pick up on because they are, in most cases a simple email that directs users to a website that is not owned by PayPal. The biggest challenge for you the user is determining if the site you’re about to be directed to through that email is fraudulent or not. The image below (click to enlarge) is an example of a phishing email that I received asking me to verify my PayPal account. In this particular case, I knew immediately upon seeing the title of the email that it was a fake because I don’t even have a PayPal account registered to that email address. However, it’s not always that easy. As you can see everything from the title of the email down to the 
format and structure are pretty convincing. In most cases with these types of scams the email address of the sender will even look as though it came from the actual organization, such as support@paypal.com or something simliar. This can be accomplished through special address spoofing techniques.
Another red flag in this email is the greeting line. Instead of actually addressing me by name, which an email from the real company obviously would, the sender of this phishing email uses “Dear PayPal Member”. This is a very tell-tale sign of a phishing scam. Big companies such as PayPal and EBay keep very large databases of their users, if they want to contact you, it’s not hard for them to look up your actual name, and they ALWAYS do. Any email that comes from one of these companies will address you by at least your title and last name.
If none of these red flags set you off, there is almost always one other way to tell that you’re being targetted by a phisher. These emails usually include some sort of link which they ask you to click so that you can either verify or activate your account. The problem with these links is that they take you to a fraudulent website. The quickest way to determine if the link is fake is to hold your cursor over it and see what website it actually will lead you to. In the image, I have placed my cursor over the suspect link, and therein lies the final proof that you’ve been targetted. As you can see, the link being masked takes you to some site OTHER THAN PayPal’s website. If you were to click on this link (which you should NOT!) you would be taken to a site that would likely look like a PayPal run site and you would likely be prompted for some personal information, such as your paypal username, password and other information that the phisher could use to steal your identity or steal your money from your PayPal account. Quite ironically, these sites will often include security information such as links to the FDIC and other sites which will warn you of the dangers of phishers and scammer. This is all done to give you more of a sense of security.
Obviously, this is just an example of one popular phishing scam. There are tons of others out there that target plenty of other companies and organizations. EBay and Chase Bank are two other popular targets.
So to sum everything up:
- Companies such as PayPal and EBay will NEVER ask you to verify your account information through an email.
- These companies will almost always address you by your name, not just “dear member”.
- Beware of emails claiming to be from a company such as PayPal that dont come from a sender address ending in “@paypal.com”. (NOTE: Some phishing scams can spoof this, however if it’s not from the actual address of the company then there should be no doubt that it’s fraudulent!).
We’re just over half way through our “Phish Week” series, check back tomorrow night for a story of a phishing-like scam that a friend of mine fell victim to on EBay. We’ll also be taking a look at some other more recent phishing scams and attacks because that just didnt fit in tonights post!
Share This
