Navigation

logo
Follow me: Facebook Twitter rss rss

Check out www.winhelp.us

help.artaro.eu

Being somewhat helpful to home users of Windows since 2009
About this article:
Last modified: 2011-08-04 10:45:53 EEST
Recommended reading:
Strong and memorable passwords
Facebook account safety guide
Backup and restore: 7, Vista, XP
3-minute free online virus scan
Update critical programs automatically
Keep phishers and key-loggers out
Easy protection from zero-day bugs
Free and powerful malware remover
You are here: General Security » Real-life phishing example

Content

Real-life phishing example

Tip: keyboard shortcut Ctrl+F searches in the page contents

Learn about: A real-life phishing example about an e-mail that tried to trick gullible readers into disclosing their PayPal user names and passwords

Do not visit any IP-address or web addresses shown here, you might fall victim of information and money stealing! This article just shows how legitimate phishing e-mails and websites may seem!

For those who do not know - PayPal is a large international online payment system that helps people shop safer online. You can read more about them at their website.
PayPal is not in any way related to the phishing e-mail described below.

It was 18th of June, 2009 when a phishing e-mail passed all spam filters and landed in my mailbox.

At first it seemed absolutely legitimate, it had correct PayPal logos and no spelling errors (spam and phishing e-mails often use spelling mistakes to pass spam filters). The content was also professional and it warned me that there had been attempts to access my PayPal account and that I have to verify my account now.
Here's a picture of the e-mail (as Outlook does not download pictures automatically for security reasons, you cannot see the PayPal logo here):
Phishing e-mail pretending to be from PayPal

As the e-mail sounded a bit alarming, I was about to click on the account verification link. But then something more alarming caught my eye - the link was not pointing to www.paypal.com, but to an IP-address! This is always a sign that should make everyone suspicious - all companies have their own website names (such as www.paypal.com) and they never link to an IP-address or different website name in any customer e-mails.
So always check the links in e-mails, usually you just have to stop your mouse pointer on the link for a second or two to see the destination address in a popup or Status bar.
Phishing e-mail pretending to be from PayPal, notice that the link does not lead to www.paypal.com, but an IP-address instead

I moved my mouse pointer down to www.paypal.com link below to confirm my doubts. And yes, it did not point to www.paypal.com at all! That assured me that this was nothing but a phishing attempt to find out my PayPal account name and password!
Phishing e-mail pretending to be from PayPal, notice that the link does not lead to www.paypal.com, but an IP-address instead

And the links at the bottom of the e-mail pointed to a wrong address again:
Phishing e-mail pretending to be from PayPal, notice that the link does not lead to www.paypal.com, but to some other website instead

So I opened command prompt and ran nslookup 96.10.219.74 to confirm that the IP-address is not PayPal-related. And sure enough, it was probably some ADSL-client's address, not something like www.paypal.com or server.paypal.com!
Phishing attempt - IP-address in the e-mail is not PayPal related!

So it was confirmed - a phishing e-mail that looked legitimate at first sight!

Do not try this part at home ever!

To prove my point, I did some security mumbo-jumbo and opened Google Chrome web browser in Incognito mode (this is something like safe mode to protect your computer from malware and other malicious stuff) and visited the link.
Oh boy, the site looked exactly like PayPal looks! If I had entered my e-mail address and password there, that information would have been stolen and my PayPal account would have been emptied and maybe used for some criminal activities!
A phishing site looking exactly like PayPal

Other common web browsers - Mozilla Firefox 3 and Internet Explorer 8 blocked the site automatically. Here is a reminder to you - always enable SmartScreen Filter in Internet Explorer 8 Advanced Settings and protections under Mozilla Firefox 3 Security Options.

How to enable automatic protection in Internet Explorer 8

Here's how Internet Explorer 8's new feature called SmartScreen Filter blocked the phishing site:
Internet Explorer 8 SmartScreen Filter blocked the phishing site

Here's how Internet Explorer 8's SmartScreen Filter blocked an unsafe download:
Internet Explorer 8 SmartScreen Filter blocked an unsafe download. Click Cancel.

To enable SmartScreen Filter in Internet Explorer 8, open its Tools menu and click Internet Options. Select Advanced tab and scroll all the way down until you see the Enable SmartScreen Filter checkbox. Check it and click OK to close Internet Options.
Internet Explorer 8 SmartScreen Filter. To enable SmartScreen filter, open Tools menu and click Internet Options. Select Advanced tab from above and scroll down to find and check Enable SmartScreen Filter box to be safe from phishing.


 Comments? Suggestions? Ideas? Let us know! 
Your name (public):
Your e-mail (will not be displayed):
Title:
Notify me of new comments to this page:
Your comments/suggestions/ideas (no HTML code!)
By adding a comment you agree that help.artaro.eu owners are not responsible in any way for your comment's contents. You take the full responsibility for your comments.
help.artaro.eu owners reserve the right to remove comments that they find unacceptable because of strong language, inappropriate contents, advertising or spamming.
Our Privacy Policy

Tweets and news

Site News

Dec-12
backup
Data Recovery CD on my other site

Next: Free anti-malware programs

Previous: Password Safe

^ Top

© Copyright 2009-2012 - Margus Saluste
Privacy Policy | Contact information | Site map
This site exists thanks to Artaro, makers of water supply systems

Print this page  Search  Donate