PayPal Scam

That was really surprising for me, as in last few months I am using PayPal, so I looked into mail more deeply and find it a fraud mail. I would like to share my findings with you, which you should also consider, if you receive any mails which are asking you for immediate action to enter your sensitive Bank Details or any other Financial Information.

1. From Email Address:

From Email Address is from abuse-paypal.com. You see there is a hyphen ( – ) between “abuse” and “Paypal.com”. Whereas, if it is Sub-Domain there should be Dot (.) between these two words. So Writer has tried to play tactfully as very few people will observe it.

Dot Vs Hyphen

However, it should be noted that, its very easy to forge “FROM” Email Address. Most fraud email senders may send emails with forged email addresses-some of them appear to be real email address.The “From” field of an email can easily be altered – it is not a reliable indicator of the true origin of the email.

2. Hidden Hyperlink:

When I took mouse on the link, which this mail asked me to click on and login, it showed, that text shown is different than Hyperlink hidden under this text. Almost All good Email Clinets show actual hyperlink in status bar.

Hidden Hyperlink

So What happen actually is? when you click this link, it takes you to a site that is 100% looks like Paypal Login Page. And when Information is entered, it store at some Remote Server. And then this information is used to access your PayPal Account and make transactions. And What you get in the end………………….? A breath-stopping Credit Card Bill.

Technically it is called Phishing, Just like Fishing.

Phishing Definition:

Web Forgery (also known as “Phishing”) is a form of identity theft that occurs when a malicious Web site impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details, or credit card numbers. Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake, but very real looking, Web sites. More information on phishing can be found at the Anti-Phishing Working Group, and there are a number of examples and resources available at the Wikipedia Phishing page.

There is Another way, these Fraud Websites can steal your information, that is Malware.

What is Malware?

Malware is software designed to harm your computer or steal your personal information without your knowledge. Attack Sites are Web sites that try to infect your computer with malware when you visit. These attacks can be very difficult to detect; even a site that looks safe may be secretly trying to attack you. Attackers will often hack a site to turn it into an Attack Site, and sometimes the Web site’s owner won’t even know that this has happened. You can learn more about Attack Sites and malware from stopbadware.org, a partnership among academic institutions, technology industry leaders, and volunteers committed to protecting Internet users from threats to their privacy and security caused by bad software.