Saturday, November 15, 2014

Lame Phishing Scam of the Day

Did my grandmother write this e-mail?
Most phishing scams just make me roll my eyes; this one made me laugh.

I'll admit it right here: I have a PayPal account. I assume they're quite common, so the people trying to steal account information know if they broadcast these things, they're likely to find someone who has an account, which is so much better than the phishing scams where the scammers try to get me to log into accounts when I have never had a relationship with that particular financial institution. 

I do have a PayPal account, and sometimes real e-mail ends up in spam, so I opened it up and took a look at it. I sort of skimmed it. There at the bottom was the actual text that PayPal puts at the bottom of its e-mails to warn users about fake e-mails.
Here's the text:
How do I know this is not a fake email?
An email really coming from PayPal will address you by your first and last names or your business name. It will not ask you for sensitive information like your password, bank account or credit card details. Most fake emails threaten that your account will be in jeopardy if you do not take action immediately. An email that urgently requests you to supply sensitive personal information is usually an attempt at fraud. Also, fake emails often contain misspellings and grammatical errors or are written in a language which you did not set as preferred for your PayPal account. Remember not to click any links in suspicious looking emails.
It even had a link to the real PayPal page on phishing. Nice touch. Of course, they sort of fell down after that. Take that first line, "An email really coming from PayPal will address you by your first and last names or your business name." How was this e-mail addressed?
Hello Dear,
I didn't think PayPal thought of me that way. Dear? I am not sending e-mails to PayPal that open with some tender endearment. We have a strictly business relationship and I intend to keep it that way, no matter what lovey-dovey language they use with me.

The body of the text also was a little messed up.
Click here ,and sing in to your paypal account , update your account info
I've typed this letter-for-letter, omitting the link at "Click here," as I certainly don't want my blog linked to a phishing page (once I hovered my mouse over it, I could see it wasn't a PayPal link). Things are grim enough without Google cause to shut down my blog. I clicked anyway, because I wanted to see where it would take me. Sophos Antivirus blocked the page because it hosted a phishing trojan (and one that would have worked on OS X). I've decided to append a screen shot of the actual item.

How's your singing voice? Does PayPal want to know?
So, about those "misspellings and grammatical errors," the footer warns about. These are really inept phishers, as they've appended handy "guide to why this e-mail is fake, fake, fake" at the bottom. I also had to laugh at "sing in to your paypal account." Any particular song guys? Maybe a song about fish.

I'm not much of a singer, so I'm glad that my mail filtered this into spam. Good catch. I could see how a casual view might fool someone into thinking it was legit, but once I started looking, it really was full of errors.
You can follow my blog on Twitter (@impofthediverse) or on Facebook. If you like this post, share it with your friends. If you have a comment just for me, e-mail me at
This blog runs solely on ego! Follow this blog! Comment on this post! Let me know that you want to read more of it!

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...