PayPal is teaching fraudsters how to create the perfect phishing email

PayPal is sending a lot of emails these days, one of these got me confused. I am sure now it is a valid email, but the multitude of different links in it and the confusing information is making this email very suspicious.   Here is a summary of the email:   Ihre Meinung ist uns wichtig. Daher möchten wir Sie einladen, ein paar Fragen zu Ihrer Erfahrung mit PayPal zu beantworten. Sie helfen uns damit, unseren Service für Sie noch besser zu machen. Alle Antworten sind selbstverständlich anonym und vertraulich. Um an dieser 10- bis 15-minütigen Umfrage teilzunehmen, klicken Sie einfach auf den Button. Sie haben bis zum 27/01/2023 Als Dankeschön für Ihr Feedback erhalten Sie automatisch eine Gewinnchance für einen Mastercard-Geschenkgutschein im Wert von 1.000 €.* Für weitere Einzelheiten zu Gewinn und Teilnahmeregeln, klicken Sie bitte hier. Jetzt mitmachen     How do I know the email is not a phishing? Because all of these together (not separated): It addresses me via name It writes my email address below All domains belong to PayPal No confidential information is requested   Why is this email suspicious: The subject promises the chance to get a large amount of money if the…

Major PayPal failure: sending emails following all rules of a “good” phishing email

The email below (in German) is from PayPal. It is not a phishing email or a spam email pointing to some online pharmacy. I assure you of this. I have verified the DKIM and SPF information in the headers, checked all headers of any trace of alteration and of any trace of foreign IP address or domain. It is also very correct: it informs me that my credit card behind the PayPal account is about to expire. It asks me to update the credit card by clicking on the yellow button.   At this point, I am without words. I would have never expected to receive something like this from PayPal. Their suggestions to detect phishing and to report phishing are here: I quote: Suspicious emails Phishing and spoof emails aim to obtain your secure information, passwords, or account numbers. These emails use deceptive means to try and trick you, like forging the sender’s address. Often, they ask for the reader to reply, call a phone number, or click on a weblink to steal personal information. If you receive a suspicious email, FORWARD it to Our security experts can take a look to determine if it’s a fake. If…

PayPal Phishing for German customers with innovative social engineering technique

  Nothing special in this phishing email in German from the “PayPal Team” asking to click in order to unlock your PayPal account. PayPal – Informationen erforderlich! Hallo Ihr PayPal-Konto ist vorübergehend gesperrt. Sie können keine weiteren Zahlungen bei PayPal tätigen. Um die Sperrung Ihres Kontos aufzuheben und die Entfernung all Ihrer aktiven Fälle sowie weitere AGB Widerrufe, müssen Sie die fehlende Informationen eintragen. Bitte gehen sie wie folgt vor. Die Seite Jetzt loslegen aufrufen und die Schritte durchführen.     The first screens ask for PayPal account and name of the owner, so all is standard for this kind of phishing. In the screen below (3rd) the fraudster ask for the standard Credit Card, for the maximum amount of money that can be paid with the credit card. What is new is that additional request for the account number ! They actually require the standard bank account behind the credit card. This way they would be able to book money twice: once from the Credit Card, once from the bank account directly.   Interesting evolution, isn’t it?

No Image

Spam impersonating PayPal using attached form

A classical phishing email… Nothing special (same bad English, as always). Dear Valued Customer, Unauthorized access has been detected in your account. Unfortunately, due to this event, our security system has limited the access to your account. Account Limitations prevent you from completing certain actions with your account, such as withdrawing, sending, or receiving money. These limitations are implemented when we see unusual or suspicious activity to help protect both PayPal buyers and sellers. Please verify your account by completing the form which is attached in this email. By doing this, restrictions in your account will be lifted. We apologize for any inconve nience. Thank you, PayPal Security Team What is interesting is the usage of a technique which I haven’t seen used since a couple of years: they attached an HTML document containing the form below. The document is called “form.html” and it contains just one single javascript function used to validate the input. It is a simple HTML form which submits to hxxp:// using a hidden ID. Are they counting which form performs better ? Hmm…     Fortunately, Google detects these emails as spam/phishing and blocks them. For additional tips on how to improve your security, check by eBook…

No Image

Paypal and Phishing : Paypal CISO’s Dream vs. Reality

I received from the CompTIA Smartbrief newsletter a notification about an interesting article: PayPal security guru: No one is safe from threats This is the article PayPal security chief on Epsilon breach and more written by Elinor Mills of Cnet. I agree with most of the comments of Mr. Barret until this one: Q: Is phishing still the bane of PayPal and its customers? Barrett: I joined PayPal almost exactly five years ago and it’s fair to say the company had not realized at that point the true significance of phishing. But since that time we’ve put in place a number of defenses against it. It probably will never go away completely as a problem, but it can be substantially minimized. We’re at No. 8 on a list of most phished sites, which is better than being No. 1. I’m not satisfied with being No. 8 and I’d really like to obliterate the crime completely, but I realize that will take another five years to get to that state. Ohoooo…..Wow…. Mr. Barret, please wake up…. You’re dreaming, and in this dream, Paypal is actually no longer no. 1 in the top of the most phished brands. In my top in…

No Image

PayPal security warning email with malware

PayPal security warning email with malware There is a new wave of emails pretending to come from Paypal having a ZIP archive attached. The email says that your PayPal account have been accessed by a third party and, in order to protected your account, PayPal has been locked.The user is invited to review the report attached to the email, the zip archive, containing a single executable following the template account–report.exe There is no link inside the email, so everything was made “easy” the user : he should only extract the file and execute it. Please don’t because it contains a malware detected by all Avira products as the dropper DR/Delphi.Gen.

No Image

Project Honeypot – 1 Billion Spammers Served and more…

Project Honeypot published this nice article which contains all kind of data and graphics here: 1 Billion Spammers Served All nice and shiny, but I have a problem with this graphic: Notice that PayPal is about 1% … Our data, gathered by the URLCheck service, gives us completely different numbers: So, don’t believe everything what you see…

No Image

Spam description with my name in it

John Graham Cumming is maintaining his Spammer’s Compendium and he is giving names to spam techniques. I reported some time ago one technique used in PayPal phishing emails and he created a method: Cross your fingers and click (UH!Mustaca!HTML) What: Making what looks like a valid link to PayPal turn into a link to a phishing site using a FORM and a cleverly constructed INPUT tag. Date added: June 30, 2006 Example from the wild: (Reported by Sorin Mustaca)

No Image

Double Phishing: PayPal & eBay

Subject:PayPal & eBay From:”PayPal” Date:Thu, 6 Jul 2006 04:36:34 -0700 To:undisclosed-recipients:; This e-mail is the notification of PayPal Become One With eBay. We’re excited about this change because it allows us to offer you: * Easier access to all your account information* Enhanced Online Bill Payment * Transfer balances online * Mass Payment allows anyone to send multiple payments instantly-saving time, money and the hassle of having to individually send funds to every payment recipient and others. You won’t need to do anything to prepare for the move, just continue logging on to PayPal account by access the link bellow : notification expires July. 15, 2006 Note : Ignoring this message will cause losing the account . Thank You PayPal & eBay Company

%d bloggers like this: