I just got an email that is the most convincing phishing attack that I've seen.
Phishing : A phishing attack is an online fraud technique which involves sending official-looking email messages with return addresses, links and branding that all appear to come from legitimate banks, retailers, credit card companies, etc. Such emails typically contain a hyperlink to a spoof website and mislead account holders to enter customer names and security details on the pretence that security details must be updated or changed. Once you give them your information it can be used on legitimate sites to take your money.
The offending email looks like it came from PayPal. It says:
PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.
--------------------------------------------------------------------------------
Why is my account access limited?
Your account access has been limited for the following reason(s):
June 03, 2007: It has come to our attention that your PayPal billing information are out of date. This require you to update your billing information as soon as possible.
This billing update is also a new PayPal security statement which goes according to the established norms on our terms of service (TOS) to reduce the instance of fraud on our website.
Please update your records on or before June 03, 2007. A failure to update your records may result on a suspension of your account.
To update your PayPal records click on this link (link didn't make it in the cut and paste)
This new security statement will helps us continue to offer PayPal as a secure and cost-effective payment service. We appreciate your cooperation and assistance.
Sincerely,
The PayPal Team
(Your case ID for this reason is PP-227-460-629.)
--------------------------------------------------------------------------------
Copyright © 1999-2007 PayPal. All rights reserved.
--------------------------------------------------------------------------------
The format of the email looks perfect. Even the link to click looks like a PayPal link... but it's not....
http://www.paypal.com.login.1c611cd....run/webscr.htm
This looks like it goes to PayPal.com, but really this is 1c611cd.com. That domain does not inspire much confidence if I'm going to go somewhere and log in with my PayPal info....
Please do not click on a link an log into a banking system as a response to an email or a website unless you are absolutely sure!!!!
I know too many people who've lost thousands this way.
Mark