Wednesday, February 17, 2010

Paypal Phish and banking mode

Paypal Phishing Email

Last year, we received an email which was allegedly from PayPal. I've been meaning to write this up for a while, and now seems like a good time :)

Knowing that it wasn't completely beyond the realms of possibility that I'd treated myself to a new toy without telling anyone, the mail was forwarded to me by Darryl.

The email itself looks reasonably legitimate - but the fun part starts just a little further down the page - as you can see, the criminals have added a nice little "If you didn't authorise this charge, click here to dispute transaction". Cute. The first thing many folks would think when getting a mail like this is "What the hell? I never bought no mobile phone..." so the convenience of having that dispute link there is going to encourage people to click before they think.

Of course - clicking on the dispute transaction button takes you to a fake site (which is now offline). The site itself was a very close clone of PayPal's official site. It even drew in some images directly from - it really looked the business.

While the site was live, I decided to log in and take a look around. Of course, I didn't use my PayPal credentials - because it wasn't the real PayPal site - but I wanted to take a look around inside there, and see what was what. I would not recommend that you do this.

I also thought that this would make a good test run of Online Armor's banking mode as it's designed for situations precisely like this.

What Happened?

Logging in, we're presented with a realistic looking PayPal fake site, complete with all of the menus - but telling you that "Your account access is limited. Remove this limitation".

Under here was a form to collect info - and boy, did these guys go for gold. Full name, date of birth, Mother's maiden name, country, address, SSN, home phone number... credit card number, issuing bank, expiration date, CVV number, Pin Number (with a helpful looking "Why is card signature/pin required" and an equally helpful "Help finding your Card Verification Number.

Just think for a moment; Assuming that you'd been fooled by this, you have just logged in (in other words, given them your PayPal account details) - and then you've provided them with enough information for them to commit identity theft - or even just wholesale theft, depending on how greedy and cunning they are, they could:
  • Empty your account
  • Change your address and other details with the bank (and take control of your accounts)
  • Disconnect or divert your home phone
  • Disconnect your home internet
In other words - if you fall for this scam, you possibly hand the keys to your life to the criminals. Consider - how did you identify yourself the last time you called your bank (or ISP, or phone company)?

How does Online Armor help me?

Online Armor has a safe online banking feature called Banking Mode. It's designed precisely to counter situations where you may somehow be directed to a fake site.

How it works is very simple: It keeps a list of safe banking sites. Before you do any banking, you should always activate banking mode. Online Armor then will only connect to a site that is on your list, meaning that you cannot, even in a moment of weakness, fall for these scams provided you follow the discipline of engaging banking mode before you bank.

Add to Technorati Favorites

Add to Technorati Favorites