Here are some more examples of phishing emails, this time supposedly sent by PayPal and eBay.
It is our hope that our series on Phishing Emails will help you easily identify a fake email from the real one. So next time you see a phishing email, just hit the “Spam” or “Report Phishing Message” on your inbox.
We hope that our series on Phishing Emails have helped you identify fake emails and prevented you from becoming one of their victims.
You probably know by now that phishing emails, also known as fake or spoof emails, are used to direct recipients to a fraudulent website where they are asked to provide personal information. This information is then used for identity theft.
Below you’ll find another addition to our growing list of actual phishing emails we have recently received.
A few minutes ago, I cleaned up my inbox and found the following warning email from “eBay” threatening me that my “eBay account has been suspended.”
In the tradition of fake Paypal, eGold, E*Trade, Gmail, and YouTube emails designed to steal your personal information, here comes another phishing email that attempts to deceive you into logging to a fake website so it can hack your e-Bullion funds.
The well-designed email comes complete with the logo of online currency e-Bullion.com and a header image that ironically announces, “Eliminate Risks & Fraud.”
Pardon my French (literally), but a few minutes ago I received an interesting email supposedly from PayPal France.
The polyglot that I am (not!), I had to get help from a Language Translation site in order to decipher the message and, as expected, it is just one of those many PayPal phishing emails.
Phishing is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, account login information, etc. Phishing emails are normally used to direct recipients to a fraudulent website where they are asked to provide personal information. This information is then used for identity theft.
The French PayPal email I got was no different from other spoof emails. All bore the warning that my PayPal account has been restricted and I need to access a certain website in order to lift the restriction.
Now the rule when receiving emails like these that ask you to login to a certain site: if the website’s URL does not appear to be the official URL of your bank, credit card company, or payment processor, don’t go there and don’t log in!
Just a few minutes ago, we received the following “Security Alert” email purportedly from Gmail:
from: Gmail Team <mail-noreply@google.com>
date: Sep 20, 2007 1:44 PM
subject: Security AlertYour account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have acces and use of your Google account and to ensure a safe Gmail experience. We require all flagged accounts to verify their information on file with us.
This is the right link for edit account page
After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account. Please note that if you don’t verify your ownership of account in 2 x 24 hours we will block/ susspend your Google account.Thanks,
The Gmail Team
The text “edit account” in the second paragraph contains a link that redirects to the following site: < http://www.uk-google.com/account > (Screenshot of the website below.)
This site is a PHISHING website. Phishing is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, account login information, etc. The phishing email usually looks like an official letter from a trusted source, such as a bank, credit card company, payment processor, or online merchant. Phishing emails normally direct recipients to a fraudulent website where they are asked to provide personal information. This information is then used for identity theft.
Although the header included a line saying the mail was sent by the “Gmail Team,” the server that actually sent the mail was “crater.myserverhosts.com” — definitely not a Gmail or Google server.
Note as well the typographical and grammatical errors in the email (acces, 2 x 24 hours, susspend). If that guy was indeed working in Google, he should be fired for sending a crappy, unprofessional email like that.
More info on how to detect phishing emails in the article What is Phishing?
Today I received another phishing email – emails that look like an official letter from a trusted bank, credit card company, or payment processor but is actually a type of deception designed to steal one’s personal data.
The email intends to trick E*Trade Financial (www.etrade.com) users into providing their personal information which will be used for identity theft.
Don’t fall for these fake emails! Find out how you can protect yourself by reading the following articles:
Copy of the E*Trade phishing email after the jump.
Be warned of the following email purportedly from e-gold. It is a phishing email, one designed to steal your personal data to be used for identity theft.
Do not click the link in the email. It goes NOT to e-gold’s official site (www.e-gold.com) but to a fake site (loooooooooong URL!):
http://lwww.e-gold.com.acc.secure.
accsent.activationacc.
egoldupdateservice.3ahd.net/
5ae52d14451gf45gfffgf54gf1h4524
5412ds45 sd21dsike539e6saas56df
54hg5f4h45ds5445cv5m54zxc45e
4545jh4h87fg8872s356475s78fs8
fs8jfhfd54.html
How a phishing e-gold site works is described in the Beware of the fake e-gold site article.
More examples of fake e-gold emails can be found in the Fake E-gold Emails thread in the forum.
How you can protect yourself from phishing can be described in the Fight the Phishing Sites article.
Full text of the fake e-gold email after the jump.
The Bank of the Philippine Islands (BPI) recently issued a warning to users of BPIExpressOnline, its online banking facility, against phishing emails. Phishing — pronounced “fishing” as in “fishing for information” — is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, and account login information.
How to check whether an email is a phishing email or not and how to protect oneself from phishing is discussed in the What is Phishing? article.
Here’s one more reason why you should install or update protection softwares in your PC.
Today I received an email supposedly from PayPal regarding my unauthorized activity claim (full copy of the email at the end of this article). Now, I did file an unauthorized activity claim in PayPal several weeks ago so I thought this was a valid response from PayPal.
Of course, I am aware what phishing is and how to protect oneself from phishing sites so before clicking the link in the email, I tried this basic test to check if it was a spoof mail: I hovered my cursor above the link and, true enough, it was not a valid PayPal link.
Nevertheless, I still went to the phishing site (WARNING - This is a Phishing site: http://diaresch.sites.netavous.net/) just to check how it looks like. Voila! both browsers I was using — Mozilla Firefox and Internet Explorer — warned me against accessing the site.
Here’s a screenshot of what I saw upon accessing the phishing site via Mozilla Firefox.
The entire site faded to black and a very conspicuous warning appeared at the top of the page. It read:
Web Forgery
This page is very likely to have been designed to trick users into sharing personal or financial information. Entering any personal information on this page may result in identity theft or other fraud.
It gave me options to “get out” of the site or “ignore the warning” to continue and also to “report the site to Google”. Of course, that was not a tough choice for me, I opted to get out of the site.
