Welcome to NBlog, the NoticeBored blog

I may meander but I'm exploring, not lost

Feb 8, 2007

"Cut and paste" phishing

The phishers are constantly searching for new wrinkles to fool their victims. Here's a new one on me: as well as the usual request to 'click the link below' to 'verify your identity', victims are invited to cut-and-paste the URL into their browsers, playing on the well-meaning security advice to that effect.

Dear PayPal Account Holder,

We recently noticed one or more attempts to log in to your PayPal Online account from a foreign IP address and we have reasons to belive that your account was hijacked by a third party without your authorization.

If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you are the rightfull holder of the account, click on the link below, fill the form and then submit as we try to verify your identity.

Message ID Nr: 0xD2.0xBC.0xDA37

Please click here to verify your PayPal account.

or copy and paste 0xd2.0xbc.0xda.0x37/signin.paypal.com/0xd7/ into your Internet Browser.

Be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to upgrade your account as instructed above.

Thank you for your time and consideration in this matter.


Sincerely,
PayPal Inc. Account Departement.



© Copyright 2007, PayPal Inc. All Rights Reserved.


Making the 'PayPal ID' similar to the hex-encoded URL and repeating it in the email subject is a nice touch.

The typo in "Departement" stands out - perhaps our phisher is French?

More phishing & ID theft links