P*yPal
I hear a lot about email fraud schemes that try to lure recipients into bogus websites disguised as reputable ones these days. Beth of mutated monkeys blogged about a scam targeting PayPal customers, which in fact comes from "PcyPal." I'm a PayPal user, so it gives me the shivers to think how I would have reacted if I had received that email even though it's from PcyPal or Peypal or PussyPal or whatever.
Now I have to be careful not to click on a hyperlink readily without making sure the spelling of the URL. Give me a spell checker.
Comments
Hi, this is Gav from Japan tales blog.
Just thought I'd make contact.
nice blog
Posted by: Gav | January 27, 2004 9:07 AM
Kiyo,
You really have to be careful about links also.
You now can spoof http links. Check out the bottom part of your browser when you place your cursor over the link.
http://www.paypal.com%00@trenttroyer.com
(I can't completely hide it on your comment section, but you get the idea)
Here is a page that shows you what is going on with examples.
http://netsquirrel.com/spoof/
tatroyer
Posted by: tatroyer | January 27, 2004 2:09 PM
I must admit, I sometimes don't read things carefully. it's quite scary to think that your haste can sometimes cost you quite dearly!
Posted by: Rae | January 27, 2004 6:22 PM
Hi, Gav. Thanks for dropping by. Glad to know there's another blogger in Hokkaido. :)
Tatroyer, that's great info! Thanks! It's too bad that only IE can't display real URLs in the status bar. Hmm....
Rae, yeah, really scary. ;)
Posted by: Kiyo | January 27, 2004 11:23 PM
I've gotten tons of fraudulent emails claiming to be from both Paypal and Ebay. A good general rule to remember is that neither of those companies will ever ask you to click on a link through email to go to their page. They will always tell you to just type their address into your browser. So never trust anything that asks you to click through to update your details, or has a form for you to fill in directly.
I've seen some pretty good fake Paypal and fake Ebay sites, so you have to be careful. Make sure you always see the https:// before Paypal, not just http://.
Posted by: Quinlan | January 31, 2004 11:31 PM
Another thing that I just realized, Kiyo: The email from 'Paypal' went to an email address that I have not used to correspond or register with Paypal. That didn't occur to me until just now! It should have been the FIRST thing that tipped me off.
Since email addresses are so easy to get, especially if you have your own domain, a way to guard against this sort of 'fishing expedition' would be to devote a special email address exclusively to Paypal, another to Amazon, etc., and not publish those emails anywhere. (All the emails could be forwarded to one inbox.)
Posted by: Beth | February 1, 2004 7:12 AM
Thanks for the nice advice, Quinlan. I'll keep them on mind.
Beth, yeah, I received an email from "Visa" that said my card was used by someone. And it came to an address, my domain, that I don't register with Visa. ;)
Posted by: Kiyo | February 2, 2004 6:59 PM