PayPal Phishing Example
Can you tell which is real?
1. 2.
Both have the same logo
Both want you to verify your account.
1.
2.
Both want to thank you.
1.
2.
Both tell you not to reply,and have a “log in” link.
1.
2.
Both tell you how toupdate your preferences...
1.
2.
...and both have an official Email ID.
1.
2.
Did you guess which one is real?
1. 2.
Let’s take a closer look...
1.
...message 2...
2.
More of message 1...
1.
More of message 2...
2.
Now do you know which is real?
1. 2.
Let’s look at the links.
Right-click on the message.Select “View Source”The source code will open in Notepad.Edit -> FindSearch for “http”
Message 1 Source Message 2 Source
Link Examples
<a href=http://www.topcc.org> <a href=“http:// 211.202.2.79/login.asp”> <a target=_new https://site.com/etc> <img src="http://images.paypal.com/logo.gif”>
The URL may or may not have quotes around it.
It may have other code between “<a” and “http”.
It may be https instead of just http.
It may be a link to an image instead of a page.
If you are using web based e-mail...
You may see something like href=/exchweb/bin/redir.asp? before the actual URL.
Just ignore that part and look for what’s after http.
Source code for web-based email will have added code.
Results for Message 1
http://211.202.2.79/~funkeyboy/.../.www.paypal.com/www.paypal.com/cgi-bin/webscrcmd_login.php(Obviously not the PayPal site.)
https://www.paypal.com/row/PREFS-NOTI(Actually DOES go to the PayPal site.)
Results for Message 2
https://www.paypal.com/ushttps://www.paypal.com/us/securitytipshttps://www.paypal.com/us/VERIFYhttps://www.paypal.com/us/cgi-bin/
webscr?cmd=_login-runhttps://www.paypal.com/us/PREFS-
NOTI
Message 1 is Fake.
Click for close up.
Message 2 is Real.
Click for close up.
Things to remember...
Never click on a link in a suspicious email.
Instead, type the link into your browser manually.
Other observations...
Now you know why spam filters may have a hard time figuring out if a message is spam or not.
Many fake messages look just like real messages.
Thank you for listening!