Don't fall for it
>> Tuesday, May 24, 2005
Like you, I get a lot of email. I usually delete what little spam passes through the spam blocker but I got a message from PayPal. Or at least I initially thought it was from PayPal. Since I use PayPal a lot, I thought I should pay attention. I was tempted to click the handy link they wanted me to use to update my account. But then I thought to myself "Self, that would be stupid."
Take a moment and read my post on computer security from January's archives. One of the tips I gave was to never respond to a request for personal information from email. Always use your own bookmarks and log on to the site normally. What I found out was that my "PayPal" email was a scam. See what a typical scam email looks like.
Now me, being a good little geek, wondered how the (guilty-sommmabeaches) alleged scam artist pulled their con. I right clicked on the message and selected View Source. Naughty, naughty, they are linking to PayPal directly for the logos and other images. They even added a real link to the PayPal FDIC information page. However the link they wanted me to use, the "update my information" link only appeared to go to PayPal. They even had the code to change the status bar to indicate a PayPal domain. It would really send me to "www.paypal.com.cgi-bin.webscr.login.user.id.verify.customer.content.
usa.your.userid1534953948348851.logged.in.com.ssl.true.
getl0cation.directcountry.com".
Notice the first part still says Paypal.com, but there isn't a slash next, it's a period. The portion immediately before the first slash is the domain, in this case it's "directcountry.com". The scammer at directcountry merely set up 20 sub-domains with the intent of fooling the casual user. Pretty tricky stuff.
The lesson I want you to take from this is that email is an untrusted medium. Always go to the source directly. The lesson I'm going to take is how to change the status bar from a hyperlink. Hmmmmm Should I use my knowledge for good or for evil.... <insert Dr. Evil laugh here>