Monday, March 5, 2007


Yet Another Paypal Phishing Attempt.

Paypal continues to be the darling of phishers with another phishing attempt released today worth reporting on. Phishtank's February stats show 2,511 phishing attempts against paypal in the month of February... making it the most targeted website of February. Other top targets include eBay, Bank of America, Fifth Third Bank, and Barclays Bank.

This attempt appears to pass login credentials through the phishing site to paypal and to accurately report successful and failed logins. The site also does a good job of looking like Paypal.

The e-mail subject is "PayPal Account Possible Fraud - Notification." It goes on to say, "You have received this email because your account has been used from different locations by you or someone else." It also says, "we require you to confirm your banking details." (Emphasis added; this is where you should be suspecting funny business.) Finally it warns that the user has 48 hours to follow up or their account will be suspended. Here's an image of the original mail:

As always, use extreme skepticism whenever being asked for account information of any kind.

No comments: