eHelp
Choose a category:
An email stating that your PayPal account will be suspended can be well designed and look convincing.
Note the spelling error in the subject heading. Spelling, punctuation, capitalization and grammatical errors from renown, professional companies should alert the user as to the probability of fraud.
Additionally, an anonymous greeting of "Dear Paypal Customer" should immediately raise suspicion. There is no reason why PayPal wouldn't use your real name. Anonymous greetings are characteristic of scams.
| Email title: | WARNING!!! Yout PayPal account will be suspended!!! |
| Scam target: | PayPal users |
| Sender: | Unknown |
| Scam objective: | Obtaining PayPal username/email and password |
| Phish link method: | "Click Here" type link |
| Is link masked? | Yes |
| Visible link text: | "Click here to confirm your account" |
| Actual link to: | http://www.paypal-cgi.us/webscr.php?cmd=LogIn |
| Phish site IP : | 68.142.234.44 |
A single, login-page scam is quite dangerous.
The phish site is on a domain that closely resembles PayPal.
The user should consider an unsecured page (no lock icon) as fraudulent. Sites such as PayPal would process your login information via a HTTPS session. HTTPS is the secure version of Hyper-Text Transfer Protocol or HTTP that uses Secure Socket Layer (SSL) technology. HTTPS is now a de facto standard for websites that gather sensitive information (e.g. account and credit card information, etc.). The use of only HTTP in the URL shows that this website is not secure, something that a respectable financial institution like PayPal® would not risk.
If a user does enter his/her personal information, the page returns a failed submission attempt. Most users dismiss the failed submission message as a technical error on the part of PayPal and close the window, making it easy for the unscrupulous source to acquire the user's email address and password successfully and inconspicuously.
| Fraudulent PayPal Site | True PayPal Site | |
|---|---|---|
| Address Bar (URL) | http://www.paypal.securevrs.com/.cgi-bin/?webscr?cmd=_login-run
|
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
|
| Links | Professional sites are well maintained and would rarely have dead or non-responding links. The navigation links at the bottom of the page are un-clickable. |
The navigation links at the bottom of the page take you to the indicated service (i.e.: Sign Up, Log In, Help, etc.). |
| SSL Padlock Icon | The use of only HTTP in the URL shows that this website is not secure. | The use of HTTPS in the URL would show a padlock icon on the far right end of the address bar and the bottom right page. |
Disclaimer: The use of PayPal® here does not mean a weakness in the security of PayPal® and its online transactions. This example is meant for educational purpose only. PayPal® is a registered trademark, and is no way connected to Cal Poly Pomona.
For phishing examples that purport to be from Cal Poly Pomona, see eHelp's Scams and Phishing page at http://www.csupomona.edu/~ehelp/scams_phishing.shtml.
An email from FedEx stating that representatives need to confirm your address in order to deliver a large sum of money to you in the form of a check can be well designed and look convincing.
Note the spelling error in the paragraph just above the payment information request . Spelling, punctuation, capitalization and grammatical errors from renown, professional companies should alert the user as to the probability of fraud.
Note the grammatical errors throughout the email. Also note the punctuation errors in the last paragraph, closing and signature line.
Additionally, an anonymous greeting of "Attention" should immediately raise suspicion. There is no reason why FedEx wouldn't use your real name. Anonymous greetings are characteristic of scams.
Note the email address to send your sensitive info is a Google email account, not a FedEx email address.
The phish email is sent from an address that purports to be from FedEx. The sender's email address should immediately raise suspicion. If you look at the domain name - "walla.com", it shows that the email is not from any one officially connected to FedEX.
If you enter "www.walla.com" into a browser, you'll find that walla.com is a web-based email service. This fact is emphasized at the foot of the email by advertising text promoting Walla Mail.
| Email title: | FEDEX COURIER SERVICE |
| Scam target: | Cal Poly Pomona Students, Faculty and Staff |
| Email sent: | Fri 7/11/2008 4:34 AM |
| Sender: | Unknown |
| Scam objective: | Obtaining name and address |
| Phish link method: | Reply to email with sensitive personal information |
| Is link masked? | N/A |
| Visible link text: | N/A |
| Actual link to: | N/A |
Disclaimer: The use of FedEx ® here does not mean a weakness in the security of FedEx ® and its online transactions. This example is meant for educational purpose only. FedEx ® is a registered trademark, and is no way connected to Cal Poly Pomona.
For phishing examples that purport to be from Cal Poly Pomona, see eHelp's Scams and Phishing page at http://www.csupomona.edu/~ehelp/scams_phishing.shtml.
An email stating that your email account will be closed can look convincing. However, upon closer inspection, note the inconsistencies in capitalization, punctuation, spelling and grammar.
| Email title: | Mail Box Access Limitation |
| Scam target: | Cal Poly Pomona Students, Faculty and Staff |
| Email sent: | Monday, March 23, 2009 4:29 AM |
| Sender: | Unknown |
| Scam objective: | Obtaining user name, password and address |
| Phish link method: | Reply to email with sensitive personal information |
| Is link masked? | Yes |
| Visible link text: | customer-care-accounts@live.com |
| Actual link to: | N/A |
From: Rudolph F. Ward (rfward) [mailto:rfward@henrico.k12.va.us]
An unusual activity has been detected in your mailbox. As a result, access to your mailbox has been limited until the issue has been resolved. Unfortunately, if access to your mailbox remains limited for an extended period of time, it may result in further limitations or eventual mailbox closure.
You are required to contact your system administrator with your Email User name and Password to enable them resolve the issue and reactivated your mailbox.
System Administrator
E-mail: customer-care-accounts@live.com
NOTICE: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained herein by any other person is not authorized.
Disclaimer: The use here of Henrico County Public Schools does not mean a weakness in the security of Henrico County Public Schools and its online transactions. This example is meant for educational purpose only. Henrico County Public Schools is no way connected to Cal Poly Pomona.
For phishing examples that purport to be from Cal Poly Pomona, see eHelp's Scams and Phishing page at http://www.csupomona.edu/~ehelp/scams_phishing.shtml.
To report a security attack directed at your computing resources or to notify us of a compromise of the Cal Poly Pomona network, contact the Incidence Response Team at abuse@csupomona.edu or call the Cal Poly Pomona (I&IT) Help Desk at 909.869.6776.
For more information on computer and network security incident protocol, visit Report a Security Incident.
Spear phishing, a targeted version of phishing, targets bank and online payment service customers. While the first such examples were sent indiscriminately, phishers may now be able to determine which banks potential victims use, and target those people with bogus emails accordingly.
Whaling is a phishing attack directed specifically at senior executives and other high profile targets within businesses.
Think you won't be "hooked"? Take the SonicWALL phishing and spam IQ quiz and find out!
http://www.sonicwall.com/phishing/index.html
This page was last updated on August 10, 2009.
