Since so many of us use PayPal to buy our weird lenses, I want to share an incredible PayPal phishing email I got last week. It was an email telling me my credit card ending in xyz was expired and I should enter new information. Usually these are addressed to "Dear Customer" and are easily dismissed, but this one had my full name with middle initial. When I hovered the mouse over a link in the email, my browser showed a link to https://paypal.com/..... And the letter contained the correct last three digits of my credit card, but in the wrong order. How did they do this? Maybe they have installed an (imperfect) keylogger. But I never enter my whole formal name with my middle initial in anything that I can recall. How can it be so good, and even more curious, why did it make that one mistake about the order of my last three credit card digits?
My credit card isn't expired and I know that PayPal wouldn't ask for information this way, so I wasn't tempted. But in my experience this is a new level of phishing sophistication. We need to be aware of it.
Frighteningly good Paypal phishing
Moderators: rjlittlefield, ChrisR, Chris S., Pau
Re: Frighteningly good Paypal phishing
It is so sad that people spend all their knowledge for crime! My personal experience is that China is one of the top nations where criminals on the net are getting more and more refined in their effort to take our money! Lucky you that no harm was done!
-
- Posts: 5
- Joined: Sat Nov 20, 2021 1:51 pm
- Location: Southeast Michigan, USA
Re: Frighteningly good Paypal phishing
The coincidence with the last three digits was just dumb luck on the attacker's part. They just choose three numbers, send out the email to hundreds of thousands of people, and figure it will register with someone.
I was phished recently by something made to like an email from DocuSign. I was actually waiting for DocuSign to send me a notification at the time the phishing email arrived - my first reaction was "hey, there's that email I was waiting for." The email looked strange, and fortunately I didn't fall for it, but if you send enough emails to enough people, it's bound to land in someone's inbox at the right time, and then the attack can begin. Even security experts get phished and scammed, because sometimes the attackers are just that good and the email came at the right time with the right look.
I was phished recently by something made to like an email from DocuSign. I was actually waiting for DocuSign to send me a notification at the time the phishing email arrived - my first reaction was "hey, there's that email I was waiting for." The email looked strange, and fortunately I didn't fall for it, but if you send enough emails to enough people, it's bound to land in someone's inbox at the right time, and then the attack can begin. Even security experts get phished and scammed, because sometimes the attackers are just that good and the email came at the right time with the right look.
Don from Ann Arbor, Michigan, USA
Re: Frighteningly good Paypal phishing
No, this cannot be a coincidence. They had the right name (first name, middlke initial, and last name) AND the right three digits. In order to get this kind of hit, the culprit would have to send out many messages daily to everyone in the world. I would have recieved many failed attempts myself every day. The fact that these messages are rare falsifies your claim.The coincidence with the last three digits was just dumb luck on the attacker's part. They just choose three numbers, send out the email to hundreds of thousands of people, and figure it will register with someone
Re: Frighteningly good Paypal phishing
I think there's an easier explanation. Have you ever been notified of a breech at a website you use? I've lost count of the number of times my personal data has been stolen, including my fingerprints. I suspect some poor crook somewhere is manually transcribing this stuff from a database he bought with a few hundred thousand names and credit card numbers and just slipped up transposing those digits. Happens all the time, at least the transposing.
Consider yourself lucky if this is the first time you received one of these nicely personalized scam emails. I see them weekly.
Now, back to macro photography...
Consider yourself lucky if this is the first time you received one of these nicely personalized scam emails. I see them weekly.
Now, back to macro photography...
Re: Frighteningly good Paypal phishing
Good point about stolen data that could match my name with my email address. Even so, to get the last three digits of my credit card correct by chance (in arbitrary order) would require (on the average) hundreds of attempts, and I have only gotten one that looked like this. So again, it seems virtually impossible that they just tried random digits. If they were guessing numbers by chance, I would have recieved many misses along with this hit.
- rjlittlefield
- Site Admin
- Posts: 23603
- Joined: Tue Aug 01, 2006 8:34 am
- Location: Richland, Washington State, USA
- Contact:
Re: Frighteningly good Paypal phishing
The last three or four digits of credit card numbers appear frequently in emailed receipts. Those are transmitted between systems as non-encrypted text, are stored on end-user systems in files that are easily read by malware, and I suspect will appear in many database systems that are vulnerable to hacking. To me, the most intriguing aspect of Lou's phish is that the digits were transposed. That seems to imply human involvement. I share klevin's vision of some person typing this stuff in, and I expect that person is probably not even a crook themselves, just some poor soul being exploited by one.
--Rik
--Rik