paypal phishing example. can you tell which is real? 1. 2

Report

Tags:

Post on 28-Mar-2015

219 Views

Category:

Documents

1 Downloads

Preview:

Click to see full reader

TRANSCRIPT

PayPal Phishing Example

Can you tell which is real?

1. 2.

Both appear to be fromservice@paypal.com

1.

2.

Both have the same logo

Both want you to verify your account.

1.

2.

Both want to thank you.

1.

2.

Both tell you not to reply,and have a “log in” link.

1.

2.

Both tell you how toupdate your preferences...

1.

2.

...and both have an official Email ID.

1.

2.

Did you guess which one is real?

1. 2.

Let’s take a closer look...

1.

...message 2...

2.

More of message 1...

1.

More of message 2...

2.

Now do you know which is real?

1. 2.

Let’s look at the links.

Right-click on the message.Select “View Source”The source code will open in Notepad.Edit -> FindSearch for “http”

Message 1 Source Message 2 Source

Link Examples

<a href=http://www.topcc.org> <a href=“http:// 211.202.2.79/login.asp”> <a target=_new https://site.com/etc> <img src="http://images.paypal.com/logo.gif”>

The URL may or may not have quotes around it.

It may have other code between “<a” and “http”.

It may be https instead of just http.

It may be a link to an image instead of a page.

If you are using web based e-mail...

You may see something like href=/exchweb/bin/redir.asp? before the actual URL.

Just ignore that part and look for what’s after http.

Source code for web-based email will have added code.

Results for Message 1

http://211.202.2.79/~funkeyboy/.../.www.paypal.com/www.paypal.com/cgi-bin/webscrcmd_login.php(Obviously not the PayPal site.)

https://www.paypal.com/row/PREFS-NOTI(Actually DOES go to the PayPal site.)

Results for Message 2

https://www.paypal.com/ushttps://www.paypal.com/us/securitytipshttps://www.paypal.com/us/VERIFYhttps://www.paypal.com/us/cgi-bin/

webscr?cmd=_login-runhttps://www.paypal.com/us/PREFS-

NOTI

Message 1 is Fake.

Click for close up.

Message 2 is Real.

Click for close up.

Things to remember...

Never click on a link in a suspicious email.

Instead, type the link into your browser manually.

Other observations...

Now you know why spam filters may have a hard time figuring out if a message is spam or not.

Many fake messages look just like real messages.

Thank you for listening!

top related

españa - abox · ejemplos ataques simulados 1.1. ataque...
Documents
rahasia paypal
Documents
phishing by, himanshu mishra parrag mehta. outline what is...
Documents
phishing & spear phishing - info.vadesecure.com marketing...
Documents
el correo electrÓnico · 2021. 1. 8. · detectada...
Documents
paypal partner_event_magento_presentation_march_2014
Technology
paypal booster
Documents
tugas paypal
Documents
phishing and anti-phishing techniques
Documents
manuale paypal
Documents
awareness of phishing scenario - cyberwiser.eu · 2020. 11....
Documents
paypal introduction - carnegie mellon...
Documents
the phishing issue - amazon web services...• places links...
Documents
paypal sécurisé
Documents
phishing awareness - valdosta state university€¦ ·...
Documents
paypal cash and paypal cash plus terms and conditions ·...
Documents
paypal användaravtal för paypal-tjänster ·...
Documents
reiserücktrittsversicherung für paypal-kunden ·...
Documents
welcome kit krko - paypal · 2018-08-15 · 3 1 paypal...
Documents
launching paypal - the ebay paypal tech separation
Engineering