A few months back another friend of mine was attempting to sell a cell phone on EBay. Being fairly new to the entire EBay “thing”, he wasn’t really too sure of some of the precautions you should take before you begin a final transaction with either a seller or a buyer. In his case, everything was going great right up until the time when the auction closed and the phone had sold for about $150 dollars. The buyer claimed to be a woman from England who was looking for a new phone for her daughter to use when she went off to college. Even after hearing this, everything still seemed pretty legit. The transaction began. My friend contacted the woman and informed her that once he had received the payment from her, he would ship the phone. The woman responded and told him that she would pay via PayPal and that the transaction should show up soon. After a few hours my friend received another email, this time it was from what appeared to be PayPal. The email claimed that he had received a payment to his account. My friend was pleased that the transaction had been handled so quickly. He rushed over to his PayPal account, but instead of seeing a cool $150 being added, he saw absolutely no signs of any transactions. While this set off a small red flag in his head, he brushed it off as the system taking a while to update his account, and decided (most unfortunately) to send the package the next morning (to Nigeria…another red flag). Sadly, that was the last he saw of that phone, and he never did receive his $150. So, how did this happen? The answer is simple actually, the buyer basically relied on the excitement of a new sale to trick my friend into thinking he had been paid. In the heat of the moment, even though there were already a few red flags, my friend failed to notice one key element that was in plain view when he received the payment confirmation email; it wasn’t really from PayPal, a quick look at the sender address confirmed this outright. The email was actually sent by the buyer, who hoped to trick my friend into thinking that his payment had been received and it was now safe to send the package. Sadly, the buyers scheme worked perfectly. Even worse is the fact that this particular scam was so easy to detect and SOULD have been prevented. What would he do differently next time? What can you do to keep yourself from falling victim to a scam such as this?
- NEVER send any item without absolute proof that you have received payment. In this case, upon checking PayPal and seeing that there was no payment received he should have never even considered sending the package. Always go right to the actual account to be sure your money is there!
- ALWAYS check the sender address on emails confirming account transactions such as this. When my friend first showed me the email he had received that “confirmed” the funds, I saw within seconds that it was a fraud. The sender address didn’t even have the word paypal in it.
- Pay attention to small details, if the buyer claims to be a woman living in London, buying a phone for her daughter, than it should be at least somewhat suspicious when you receive a ship to address in Nigeria.
As I showed you last night, Phishers like to target users through mass emails. The email example last night was an email that portrayed itself as PayPal. Two other popular email targets are Chase Bank and CitiBank. These emails come in almost the exact same form as the sample PayPal emailed that I showed you last night, the only real difference is the use of the different logos. Again, these emails will direct you to update or confirm your account data. In reality they direct you to a site that is owned by the phisher, who will then steal your personal information. To determine if the site you’ve been taken to is fraudulent or not, just look at the web address in the address bar of your browser. If you are truely at the Chase Bank website, the base address WILL BE www.chase.com, the address for CitiBank WILL BE www.citibank.com. If you see an address other than this, there is a good chance that you’ve been directed to a phishing site.
So, how do you know if you’re at risk, and how do you protect yourself if you are? I will answer those questions tomorrow night during the fourth, and last intallment of “Phish Week”. Thanks for reading!
Share This
