Some evil little bastard or group of'em went out on a phishing expedition today to try to capture Paypal log-in information from unsuspecting folks. I thought I'd show how this little scam works.
Being in the internet business, I see these types quite regularly caught in our spam/virus filtering servers, this one somehow made it into my mail box. As you can imagine, I know not to provide any type of login or personal info from unsolicited emails. And I also know NOT to use MS Explorer as my primary web browser. You'll see why later....The email address was masked to look like it came from email@example.com - this is such a simple trick to set up that it insults one's intelligence. Above is a screen shot of the email with the hyperlink to the supposed paypal site where I am to "log-in" to update and or correct my account.
I know this is suspect immediately because the domain name isn't paypal.com. If you look carefully, it is database-confirmation.com They evil bastards just created a subdomain account using paypal.database-confirmation.com - as most people will just see paypal in the web address and click away.
So knowing this is a phishing expedition, I copied the link and opened up my Mozilla Browser which I consider a far superior browser for surfing the internet. Here's the screen message that came up - Mozilla is telling me that I shouldn't even thinking about connecting to that website - it's already been reported as a web forgery! I back out and am relieved that I did not unknowingly give my paypal log in details.
However, being the inquisitive little shit that I am, I can't leave it at that. So I open an MS Explorer window and paste the same URL address. Lo and behold, I'm taken to what sure looks like Paypal's website - even all the hyperlinks in the page go to internal paypal.com links. All except the golden log-in box which is patiently waiting for my paypal email and password log-in info.
So while probably not all that smart but I couldn't help myself, I entered in my Paypal email address - teeheehee....firstname.lastname@example.org and my favorite paypal password: yousuck!
A new window appears that tells me there was an error with my log-in. So I did what everyone does, I re-type my info again - exactly the way I did it the first time - and have now confirmed to the evil bastards that yes, in fact, these are my PayPal credentials. By the time I "figure out" that the error message is going to reappear every time I enter in the same credentials, the evil bastards have cleaned out my Paypal account and are halfway to China!
Funny, I should say that, I also did a whois look up on the domain name: database-confirmation.com and see that is registered and owned by one Pan Wei wei in Beijing, China.
So a lesson to the wise - download Mozilla's browser for free and make it your primary browser
And never ever provide critical account information just because someone sends you an urgent email telling you to do so.