Trust No One?

| | Comments (2)
Sorry to go all X-Files on you, but I received an EMail earlier today that really drives home how paranoid we probably all are about Phishing nowadays.

Entitled "Chris Boyd, would you be able to spot a fake email?", it was apparently from Paypal:

fakeornot1.jpg

"Protect yourself from phishing: Paypal is working with Gmail and Yahoo! to block fake Paypal emails from your inbox. Learn how".

As it turns out, the email was real - but as soon as I hear someone asking me "Can you spot a fake Email", my brain is sadly conditioned to assume the mail asking me that question is fake anyway.

Kind of depressing, isn't it? At any rate, it's interesting how certain words / phrases in mails will automatically set alarm bells ringing. If I'd received this email, I'd have deleted it as soon as I saw the phrase "Your download to win contest has arrived".

Download to Win Contest?? That sounds so very, very wrong, doesn't it?

2 Comments

I received this one, too, and was very unsure as to whether it was real. I decided it was highly fishy because:

1) I clicked on the Learn How link and was taken to a website with an address www.paypal-marketing.co.uk, rather than paypal.co.uk which I thought was fishy.

2) One of the links on that site invited you to download software "to protect yourself". That seemed fishy too.

3) All of the links from that website (including the download link and the "Forgot password?" link) pointed at a completely different domain (altfarm.mediaplex.com). Alarm bells!

I sent it to PayPal, who sent a form reply saying it was a phishing email, and also advised that any legitimate message would also appear in My eBay message inbox (which this one didn't). I also noted that the paypal-marketing.co.uk site had a Verisign certificate to PayPal Private Ltd of Singapore, which I assumed to be a fake company, so I reported this to Verisign. This morning I note that the certificate did not seem to be on the site any more, so presumably has been revoked, following my email.

All I can say, is that if this is real, PayPal need to sort out their hosting arrangements, domain names, etc., because I only decided this was suspicious by following the advice on their own anti-phishing pages:

https://www.paypal.com/uk/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/FightPhishing-outside

Quite amusing if a legitimate PayPal subsidiary has had its Verisign certificate revoked/suspended as a result :)

That's really interesting that they said it was actually fake. I came to the conclusion it was real (but using a middle man of some description) because when you hit the paypal-marketing site, there's nowhere they ask you to enter your login (as far as I can see) and all of the links on the page take you to the real paypal website. Also, if you look at the URL where it says Newsletter then go cycling back through the months, there's a pile of what looks like legit newsletters that have been sent out on paypals behalf (of course, there's no guarantee they're real either).

I think I'm going to look into this a bit more - if it *is* a legit thing being sent out on their behalf it's pretty bizarre if they're also calling it fake!

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on August 13, 2008 3:46 PM.

Spamblogs Pushing Rogue Antivirus Programs was the previous entry in this blog.

A Change of Plan For Your Spam is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.