Comments on: Paypal Phishing Scam Almost Got Me http://www.1003concepts.com/jp/security-privacy/135 Author and IT Consultant since 1986 Sat, 07 Jan 2012 00:11:18 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Christopher http://www.1003concepts.com/jp/security-privacy/135/comment-page-1#comment-1915 Christopher Thu, 27 Aug 2009 06:31:40 +0000 http://www.1003concepts.com/jp/?p=135#comment-1915 There are some very well designed phishing emails out there, a majority of them are blatantly obvious though. The first thing I do in any email is hover the link and see the domain name if there is any question about the email. I also look at the from address, although this is easily spoofed I use it to verify it isn't an authentic address rather than confirming it is. 99% of the phishing emails we receive the email address is not an authentic domain so it is very easy to narrow that down immediately. In the example you mentioned, the email address was mail@online-paypal.com which should have been a dead give away. Although it ends with paypal.com to fool many users the real domain includes everything up to the @ sign unless it is a sub-domain. So I may have reported the email immediately upon seeing online-paypal.com as a domain name, or it may have been once I hovered over the link and saw it was not .paypal.com, it really depends where I am looking the second I check the email. Typically even the best phishing emails only take me about .5 - 1 second to identify if it is phishing or authentic using the email domain and hovering the link, rarely do I need to go further than this. To be honest, I rarely click any link anywhere (email or browser) without first seeing where it goes to by looking at the hover information. Anyway, I'm glad nothing happened and you caught it before clicking ahead. The moment I see a link in an email (regardless of who sends it) my defenses go up and I act cautiously checking things. There are some very well designed phishing emails out there, a majority of them are blatantly obvious though. The first thing I do in any email is hover the link and see the domain name if there is any question about the email. I also look at the from address, although this is easily spoofed I use it to verify it isn’t an authentic address rather than confirming it is. 99% of the phishing emails we receive the email address is not an authentic domain so it is very easy to narrow that down immediately.

In the example you mentioned, the email address was mail@online-paypal.com which should have been a dead give away. Although it ends with paypal.com to fool many users the real domain includes everything up to the @ sign unless it is a sub-domain. So I may have reported the email immediately upon seeing online-paypal.com as a domain name, or it may have been once I hovered over the link and saw it was not .paypal.com, it really depends where I am looking the second I check the email.

Typically even the best phishing emails only take me about .5 – 1 second to identify if it is phishing or authentic using the email domain and hovering the link, rarely do I need to go further than this.

To be honest, I rarely click any link anywhere (email or browser) without first seeing where it goes to by looking at the hover information.

Anyway, I’m glad nothing happened and you caught it before clicking ahead. The moment I see a link in an email (regardless of who sends it) my defenses go up and I act cautiously checking things.

]]>