Issue 80 - March 2008 - Page 9

Pages in this month's issue:

1. Postcard Image Virus Hoax
2. Pay Up or I'll Kill You Scam Email
3. Bacteria on Restaurant Lemon Slices Warning
4. Water Bottle Car Fire Warning
5. Fake Microsoft Critical Update
6. Shark's Love for Man Hoax
7. Cancer Info From Johns Hopkins Hoax Email
8. Christian the Lion Email
9. PayPal New Security Message Phishing Scam
10. K-9 Congressional Medal of Honor Hoax
11. Cell Phone Gun Warning
12. 359lb Louisiana Grouper
13. Ahmad Khaled Abu Rumman Make-A-Wish Foundation Hoax
14. Barack Obama Endorsed by the Ku Klux Klan Hoax
15. Telstra Free Directory Assistance Protest Email

---

Summary:
Email, purporting to be from PayPal, claims that you have a new security message waiting and are required to click a link to login to your account and read the message.

Status:
False

Example:(Received February 2008)


Commentary:
Many phishing scam emails are quite sophisticated and include graphics and formatting designed to make them seem more legitimate. This particular crop of scam messages is relatively plain and simple, but no less dangerous for unwary web users.

The emails simply state that the recipient has 1 security related message waiting. The recipient is instructed to click a link, ostensibly to retrieve the security message and "resolve the problem".

Like many other phishing attempts, this scam targets users of online payment company PayPal and is intended to steal account details and other personal information from victims. At the time of writing, the fake login page associated with this particular scam email was no longer online. However, phishing scam campaigns change quickly and links in similar scam emails may still be active.

Typically, those who click links in such emails will be taken to a bogus PayPal login webpage designed to closely resemble the genuine PayPal website. If a victim logs in to the bogus site, the criminals responsible for the scam can harvest his or her login credentials. They will then be able to access the victim's real PayPal account. The bogus website may also ask the victim to provide other personal information such as credit card numbers and bank account details, all of which can be retained by the scammers.

Given that PayPal is largely a web based organization, it does communicate with users via email. However, a genuine PayPal message will always address the user by name. Genuine web messages will never omit the user's name as is the case in this scam example. Nor will they include generic greetings such as "Dear account Holder" or Dear PayPal User". PayPal has extensive information about phishing scams on its website.

The same "New Message" tactic has been used repeatedly and targets a number of financial entities including Lloyds TSB Bank:

You have 1 new Message.

CHECK MESSAGE

Check out the latest updates about your e-banking service and take a look at these great offers from Lloyds TSB Bank plc.

Sincerely,
Lloyds TSB Bank plc Internet Banking.

Be cautious of any message purporting to be from PayPal or another financial entity that claims that you have a security message waiting and instructs you to click a link to login to your account. To read more information about phishing scams, see:


References:
Paypal Phishing Guide
Phishing Scams - Anti-Phishing Information

---

Pages in this month's issue:

1. Postcard Image Virus Hoax
2. Pay Up or I'll Kill You Scam Email
3. Bacteria on Restaurant Lemon Slices Warning
4. Water Bottle Car Fire Warning
5. Fake Microsoft Critical Update
6. Shark's Love for Man Hoax
7. Cancer Info From Johns Hopkins Hoax Email
8. Christian the Lion Email
9. PayPal New Security Message Phishing Scam
10. K-9 Congressional Medal of Honor Hoax
11. Cell Phone Gun Warning
12. 359lb Louisiana Grouper
13. Ahmad Khaled Abu Rumman Make-A-Wish Foundation Hoax
14. Barack Obama Endorsed by the Ku Klux Klan Hoax
15. Telstra Free Directory Assistance Protest Email