Starting yet another hazy day, I launched my email client to check if there were any new emails. The feeling of receiving emails is always a happy thing because it feels comforting that someone out there cares or wonders about you.
As much as it pleases anybody to receive fan email or in my case, feedback of my blog or website, the emails sent to me were newsletters and invites. I got a newsletter from Thawte; company selling SSL certificates, and it’s weird because I don’t remember subscribing to them. The invites were interesting with one coming from Softnyx (Gunbound creators) asking if I’d like to BETA test their new fantasy game called, Raikon.
The second invite came from supposedly PayPal. Everything in the email down to the email address listed it as coming from PayPal themselves. However, one crucial mistake foiled this phishing scam.
The term phishing is used to described a scam by sending an email to an end-user with the representation that the email was send from a legitimate establishment, but the true intent is to gather personal information of the end-user with the intent to fraudulent use these information. ~ Symmetric Triangle
So let’s start this with a snapshot of the phishing email sent to my inbox. Click HERE to view image.
Even with close analyzation, it’s not really possible to identify the legit of this email. The address that this email came from was registered coming from a sender at PayPal themlseves. So with all this done, my curiosity prodding me since I ain’t a PayPal member, I just clicked on the link.
Soon later my browser launched and I was brought to the website. Now, if I was just a normal person who didn’t pay much attention to stuff like URLs or even bother installing a good antivirus engine, I’d be in big trouble. Click HERE and try to find out the reasons.
If you noticed, there’s a weird address just below the URL. It’s the official website address and if you look around the area, it’s inside a box. The box is almost the size of the URL area you type your address. Now ain’t that smart. But for some reason, that box wasn’t done up to actually cover the original address.
The next problem relates to practice of always installing and updating your antivirus engines. On that website, the moment it finishes loading, a trojan virus is inserted into your computer in the background. Thankfully for me, my antivirus picked the trojan up and warned me about it.
Trojans are a seemingly harmless program that hides a malicious virus, such as a password program that secretly allows a black-hat hacker to steal important data from your computer or in some circumstances, even crash your machine. Some even speculate that they might be able to control your webcamera connected.
So if you receive an email as before, either contact PayPal directly enquiring about any emails sent by them lately or just make sure you have a good antivirus engine. It also pays to be a little observant when surfing to websites involving any form of money transactions.
During the case of the Maybank website phishing scam, I heard that it was so great that even the URL was modified. Therefore, practice enquiring about fishy emails by contacting official companies and also make sure you have a good antivirus engine installed. And not all free antivirus engines are great.
As a long time Pay Pal user I can honestly say that Pay Pal never ever send any e-mail asking for details. So if you receive such e-mails just delete them/report spam to your mail provider.
Hey Jon. Well, come to think of it, not many companies ask you for the details as you said. But some people don’t keep that in mind and might just click on the link out of curiosity. And when they load the website, when they find it it’s not authentic, too late because a trojan might’ve loaded into the visitors computer already. :)
Trojan isn’t the only issue here. The main issue is phishing and sadly there are still people who are naive enough to subscribe to the belief that their company has requested something, paving a way to complete identity fraud.
In fact the trojan virus idea seems harmless if a firewall/antivirus software is installed compared to what will happen if one accidentally gives out their life detail.
Looks like phishing hasn’t really developed in Malaysia yet, but once it does it will be a pain in the arse. But common sense usually prevails.
Well, common sense doesn’t really prevail to many here because we still have some non-Internet savvy people. And we can’t just assume people to ignore these emails all the time. Unless some companies tell their customers up front that they’ll never send personal emails what so ever. :)