Welcome to the SecAware blog

I spy with my beady eye ...

13 May 2016

Friday poser

Is this a spoof PayPal email (most likely a phisher) or a genuine but misguided and inept attempt by PayPal to contact me? 

The message includes a log in link, pointing not to PayPal.com but to PayPal-Communication.com which could easily be a lookalike domain registered for the express purpose of fleecing naive recipients of their PayPal credentials, not to mention defrauding them of their funds. 

Further down, the message suggests that addressing me by my "given surname and given name" means I should trust the message - codswallop! For a start, the correct term is "given and family names", but of course that is readily available information: phishers can easily obtain lists of email addresses complete with given and family names, and lots more personal information. Google knows billions of them. As a means of authentication, it is worthless. 

So, what do you think: genuine (but inept) or fake?


No comments:

Post a Comment