My previous post on the pharming scam attempt on one of the more popular sailing on-line forums led me to write about another common way to get ripped off. One common phishing technique used by today’s criminals is the faked e-mail. Here is a good example of one, posted as JPG image.
Things to look for:
1) Make sure that if you do have a PayPal, e-Bay, Bank of XYZ account, that it is indeed addressed to the right e-mail address. In this case, the e-mail is addressed to the contact e-mail address off of my website and blog, and one I don’t use for anything else. I also don’t have a PayPal account, so the threat of my account showing unusual activity amuses me.
2) Check the raw e-mail source for some information. I’ve posted a slightly redacted image of the raw text of the example show above.
3) Look to see what IP address and host it was received from. In this case the host is Ip116.43.ToryVal.abac.ro and the IP address is 184.108.40.206. A quick check with RIPE.net shows us that our IP address is registered to a Romanian named Brinduse Alin. Any time there is a geographic mismatch between the location of the server, as seen by its IP address, and the logical location of the server, a warning flag should go off for you. In my previous post, the servers were located in Hoboken, NJ, even though the website should have been in New Zealand.
4) You can see that the message was received from an IP address of 220.127.116.11. This is a strange address as it is currently reserved under RFC 3171. HMM…
5) Check the e-mail raw source to see what e-mail client was used. The e-mail client is listed as Eudora, a strange choice for the corporate environment of PayPal.
6) Check the raw source for any links that show up in the e-mail. In this case, the e-mail has a link to:
However, if you look at the raw e-mail source, it shows the link actually goes to:
Which brings us to this very authentic-looking, but totally bogus PayPal page. Please note, that there is no padlock to indicate it is a secure site, which also is a good indicator that it is totally bogus.
When in doubt, please contact the bank, website or financial institution directly. Don’t click on links in e-mail unless you can verify the source of the e-mail. Stay safe…and stay alert.