Tossing and Tortured 'Till Dawn

I come back to you now, at the turn of the tide.

Wednesday, May 03, 2006

Woah. Phisers and Spoofers are getting pretty clever.

I'm generally a pretty nice guy, but if I could find the people responsible for things like phishing schemes and deceitful e-mail spam, I'd take them out, bang, dead, no questions asked, no appeals.

I use paypal for my eBay payments; who doesn't? So today I get an e-mail from "service@paypal.com" which was a "receipt for your payment to Soandso's Jewelry." It read Th is email confirms that you have paid Liz Collectible Jewelry (lizbryman@lizjewel.com) $256.00 USD using PayPal."

I'll admit: it scared me for a moment. It looked pretty slick; it had Paypal's real cut-and-pasted logo, etc. It took close inspection to notice that it didn't use paypal's EXACT language to describe the transaction.

The phish? At the bottom, in fine print, it has this notice: "With PayPal, you.re protected against unauthorized payments sent from your account. This payment will not appear in your PayPal account untill we verify this transaction.If this is transaction is not authorized, click on the link below to fill a claim and cancel the payment."

So, you simply log in...

And there they have you. You log into their pretend-paypal site, and they have your login and password, and can promptly steal all of your money.

Of course, real paypal confirmation e-mails don't have that little notice.

As an aside, my smirking revenge against phishers doesn't include plain-old junk e-mailers. If your e-mail from "herbalmedicines.com" says "Try our penis enlargement crap," I don't care. I'll delete it, but that's just an advertisement, like those stupid coupons that fill up your mailbox. Only the first order of evil, as opposed to the eighth.

The other sweet thing is that my e-mail provier's junk mail folder can't sort out that this isn't from the IP address it's supposed to be, and flag it?

Really, can't someone invent a better interweb? Like Al Gore?

2 Comments:

  • At 7:03 PM , Anonymous Anonymous said...

    Where I work, we have 3 layers of spam filtering. A university wide portal filter that catches 99 percent of everthing, a filter on the network mail server and individual filters tied into our outlook accounts. And I STILL get paypal phishes once a day. Usually if you click on whatever link they offer the URL is something like www.GRRFFEFRRPAYPAL.com/....etc

     
  • At 8:24 AM , Blogger Al Maviva said...

    I know exactly what you mean. Colorado cyclist sends me an email every month that says I'll get faster, all I need to do is give them my bank account numbers, and then they'll send me a full Dura Ace gruppo.

    Yeah, right. Like that would ever happen.

    I'm on to you Nigerian bicycle wholesalers!!!!

     

Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home