What is the "best" phishing email you have seen?

[ErikAlbert]

devilsadvocate,
We IGNORE/DELETERS of spam-emails, just don't take any unnecessary risks. That's all.
If you like to open and read spam-emails, go ahead, I don't have any problems with that.
Just like you shouldn't have any problems with those who IGNORE and DELETE their spam-emails.
It's a personal decision and much safer than opening and reading spam-emails and there is no doubt about that.

Quote:

Originally Posted by ErikAlbert

devilsadvocate,
We IGNORE/DELETERS of spam-emails, just don't take any unnecessary risks.

Except when you do *decide* to open them to read then the risk is necessary....

Quote:

That's all.
If you like to open and read spam-emails, go ahead, I don't have any problems with that.

Nah, I dont enjoy opening and reading spam email. I just don't shake in my boots like you do, when i accidently open one. I understand how emails work, so they don't feel me dread like they do you.

Quote:

Just like you shouldn't have any problems with those who IGNORE and DELETE their spam-emails.

I have no problems with people who say one thing (ignore and delete) to newbies and yet when it comes to themselves have no problems with opening, reading and researching spam emails

Really, no problems at all...

Quote:

It's a personal decision and much safer than opening and reading spam-emails and there is no doubt about that.

It's also a personal decision that disconnecting your computer is safer then turning it on and there is no doubt about that.

[Rasheed187]

The thing about the PayPal mail is that it redirects you to the real site, didn´t you all notice that? So is this some kind of advanced scam or what?

[ErikAlbert]

Yes I noticed that and I was a bit surprised by that too, but I never login this way.
This is the right login page for PayPal :
https://www.paypal.com

Any other login page, like this one, is suspicious to me :
https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-run
I can't say for sure if this login page is a scam or not. Too technical for me,
but the url is longer than it is supposed to be.

The fact that you received this email, without being a member of PayPal is already suspicous and as far as I know, PayPal doesn't send any emails.
I and many others, received alot of scam-emails from "PayPal" (the fake one), but I never touched them and PayPal warns their members for these emails on their website.

The best way to know this for sure, is sending a copy of this email to PayPal and ask for explanation.
Personally, I consider this as a scam until the opposite is proven.

[MikeNash]

Quote:

Originally Posted by deviladvocate

Mike in your line of work you receive emails from new sources ,say people seeking support for online armor. Do you live in fear that some of them might actually be spammers trying to trick you?

I receive several hundred emails per day - a distressing proportion of them are spam. If it's obviously spam, I don't open it - but not because of any fear - just because spam ***** me, and I don't have the time to read it anyway. I don't use spam filtering because some of the mails I receive would definitely be gobbled up by it.

Quote:

Originally Posted by deviladvocate

A subject that says "Online Armor questions", could actually be spam or some exploit. Does that stop you from opening emails?

Yes, I suppose it could. But, no, it does not stop me from opening emails.

Quote:

Originally Posted by deviladvocate

Also Is it really your position that users who are protected by every trick in the book, including online armor, shouldn't open spam at all because they are not protected and are at great risk at being compromised if they open spam mail?

I'm sure the customers of Online Armor would be really disappointed to hear that....

Is it really your position that average, inexperienced users who don't know what they are doing should open every email they receive and double click on any attachments that might be present? Oh, wait... that's not what *you* said either

What I said was that Acacdia's advice to not open email you know is spam (and, that could also include in my mind any form of junk email) is very sound advice, and I stand by that. I did not say you should be afraid, and I did not say people were at great risk, regardless of what software they run.

[Blackspear]

Just received one from "Paypal".


From: PayPal Service [costumer@bank.com]
Sent: Wednesday, 25 January 2006 3:03 PM
To: xzy @ hotmail.com
Subject: ALERT

hxxp://pics.ebay.com/aw/pics/spacer.gif<hxxp://pics.ebay.com/aw/pics/spacer.gif>

Information provided below will be transmitted via a secure socket layer connection !

________________________________

<hxxp://www.paypalobjects.com/en_US/i/header/hpPrivacy_shopwoutsharing_563x115.jpg>

hxxp://pics.ebay.com/aw/pics/spacer.gif<hxxp://pics.ebay.com/aw/pics/spacer.gif>
<hxxp://pics.ebay.com/aw/pics/sitewide/leftLine_16x3.gif> Dear valued customer <hxxp://pages.ebay.com/help/new/signin.html> hxxp://pics.ebay.com/aw/pics/spacer.gif<hxxp://pics.ebay.com/aw/pics/spacer.gif> Need Help? <hxxp://pages.ebay.com/help/new/signin.html> hxxp://pics.ebay.com/aw/pics/spacer.gif<hxxp://pics.ebay.com/aw/pics/spacer.gif>
hxxp://pics.ebay.com/aw/pics/spacer.gif<hxxp://pics.ebay.com/aw/pics/spacer.gif>


We regret to inform you that your PayPal account could be suspended if you don't re-update your account information. To resolve this problems please click here <hxxp://bunjeria.de.dd12412.kasserver.com/image/paypal.com/update/> and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 1-2 days, after this period your account will be terminated. For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us. Due to the suspension of this account, please be advised you are prohibited from using PayPal in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to PayPal.

Regards,
The PayPal Team
________________________________


Cheers

[Blackspear]

And the cheeky bugga's sent me a follow up, hmmmm must get on to that asap


From: PayPal Service [costumer@bank.com]
Sent: Wednesday, 25 January 2006 5:35 PM
To: xyz @ hotmail.com
Subject: Second Notice

<hxxps://www.paypal.com/en_US/i/logo/paypal_logo.gif>

SECOND NOTICE

Dear PayPal Member,

We were unable to process your last two billing transactions and your account is now past due. To ensure that your service is not interrupted, please update your billing information today by clicking here <hxxp://bullingnjeri.de/paypal.com/update/> . Or call PayPal Member Services toll-free at 1-205-383-2916. We're available 24 hours a day, 7 days a week.

If you have recently updated your billing information, please disregard this message as we are processing the changes you have made.

Sincerely,
PayPal Service
_____________



Cheers

[TNT]

Quote:

Originally Posted by ErikAlbert

Any other login page, like this one, is suspicious to me :
https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-run
I can't say for sure if this login page is a scam or not.

Unless they hacked the Paypal server (which I doubt), that URL can't be a scam, because it IS on Paypal. Nevertheless, the e-mail certainly is phishing. That's why (unless of course I'm proven wrong) I am almost sure the e-mail was sent in HTML and the real URL that you can see in the mail html source is actually different (most phishing uses this really "low expertise" technique).

[Blackspear]

Quote:

Originally Posted by ErikAlbert

Any email from "Paypal" is a scam.
Paypal doesn't send any emails. They sometimes ask to verify your data, but that happens only on their website, after logging in.

Not correct, they do actually send legitimate email to ask for verification when setting up a new account or asking for you to read and accept change in policy.

Cheers

[ErikAlbert]

Quote:

Originally Posted by Blackspear

Not correct, they do actually send legitimate email to ask for verification when setting up a new account or asking for you to read and accept change in policy.

Cheers

OK. I can't remember any email like that, but you are most probably right.
Personally, it's not important for me, because I don't really use my PayPal account anymore, because I stopped playing on free lottos and it only contains a small amount of my winnings, which I will probably spend on software, that can be paid via PayPal and not visa card.
If you are right Blackspear, I'm the first one to admit it.

[ErikAlbert]

Quote:

Originally Posted by TNT

Unless they hacked the Paypal server (which I doubt), that URL can't be a scam, because it IS on Paypal. Nevertheless, the e-mail certainly is phishing. That's why (unless of course I'm proven wrong) I am almost sure the e-mail was sent in HTML and the real URL that you can see in the mail html source is actually different (most phishing uses this really "low expertise" technique).

Possible, but I'm not an expert in these matters.
I have built a bunch of rules to protect myself and I always use my personal website address to visit PayPal, anything else looks suspicious to me.
Internet & real money is already a bad combination enough, so I don't fool around with urls.
I wouldn't be surprised when you click on such url on an email that you are directed to a fake website with some nifty dirty trick.
I don't know what is technically possible. So that url is suspicious for me until the opposite is proven and activating PayPal via an email is not a very smart habit.

Quote:

Originally Posted by MikeNash

I receive several hundred emails per day - a distressing proportion of them are spam. If it's obviously spam, I don't open it - but not because of any fear - just because spam ***** me, and I don't have the time to read it anyway.

That's what I thought. But there are others who *do* fear opening spam even accidently yelling DELETE AND IGNORE as if it is taboo. And they are using your statements as endorsements for that stance.

Quote:

What I said was that Acacdia's advice to not open email you know is spam (and, that could also include in my mind any form of junk email) is very sound advice, and I stand by that. I did not say you should be afraid, and I did not say people were at great risk, regardless of what software they run.

Aracdia said curiousity killed the cat, which would imply that he fears opening them because it might 'kill' him, a surprising statement to make.

You don't fear opening spam. So what are you saying? I would appreciate you spelling out why you think it is sound advise. You apparantly don't think it's a big risk. Is it merely because it is a waste of time?

If so, I have no problems with this view. I'm against the view that you should delete and ignore all spam mail just because it's so damn dangerous to even gaze at one, because you might be dumb enough to fall for it even if nothing bad happens to your computer!

[MikeNash]

Quote:

Originally Posted by deviladvocate

You don't fear opening spam. So what are you saying? I would appreciate you spelling out why you think it is sound advise. You apparantly don't think it's a big risk. Is it merely because it is a waste of time?

If so, I have no problems with this view. I'm against the view that you should delete and ignore all spam mail just because it's so damn dangerous to even gaze at one, because you might be dumb enough to fall for it even if nothing bad happens to your computer!

My reason for not opening spam is pure disinterest and laziness. I don't want their products, I won't support their activities. I may even get into ANTI spam products one day.

I think the advice is sound for a number of fairly obvious reasons -

1) The average computer user does NOT understand what they are doing. They don't know the consequences of their action. If you say it's safe to view spam, what happens if they miscategorise a virus as spam and think it's safe to open.

2) The guys who are doing phishing, spamming and so on are cunning. There is BIG money involved in Phishing, Spyware, spamming - it's organised and criminal. Todays email may just contain a silly little image. Tomorrow could be a WMF exploit. Who knows what is the day after?

I'm not saying that you should run away and cry like an 8 year old girl if you accidentally open a spam email - but why take the risk - no matter how small. Sometimes it's easier to have simple, basic rules to follow.

Simple rule - don't point guns at people, you may accidentally kill them.

Do you ever point a gun at anyone, and pull the trigger - even one you KNOW is not loaded?

Simple rule - don't open dodgy email, it might contain a nasty. All you may be missing out on is an advertisement for crap you don't want, and more of the same emails if your address is validated.