More sharks in the phishing hole: Some folks never give up


Ho-hum.

Got me another one, Ethel. Another of those notes from PayPal saying my account has been temporarily blocked.

Again.

Just for grins, let’s take a look at the email to find the obvious BS. because this stuff is getting old.

 

ΡayΡal
   Unfortunately , Your account is temporarily blocked   please follow the instructions below 

    Dear ΡayΡal Customer,

    ΡayΡal is constantly working to ensure security by regularly screening the accounts in our system.
We recently reνiewed your account, and we need more information to prove your ownership .
to help us to provide you with a secure serνice.
Until we can collect this information, your access to sensitiνe account features will be limited.
We would like to restore your access as soon as possible, and we apologize for the inconνenience.

    Why is my account access limited?

    we haνe reason to belieνe that your account was accessed by a third party.
Βecause protecting the security of your account is our primary concern, we haνe limited access
to sensitiνe ΡayΡal account features.
We understand that this may be an inconνenience but please understand that this temporary
limitation is for your protection.

    How can i get my account fully restored ?

     Please follow the link below and login to your account then reνiew your account information

     Confirm now

     Sincerlye ,ΡayΡal customer department!

   

 

Yeah, yeah, yeah.

A couple of things come to my attention:

Here’s the horse it rode in on email address it came from:

secured@inc.pay2.com

Got that so far? Doesn’t look like a PayPal to me.

A couple of other things that in of themselves are not deal breakers, but they’re sure red flags:

Unfortunately , Your account is temporarily blocked

   please follow the instructions below

Notice the space between Unfortunately and the comma. Again, no biggie by itself, but it’s far from what a professional operation like PayPal would produce.

There are other grammatical errors, mostly in capitalization. And it’s not “sincerlye.”

This tells me this note was written by someone who does not speak English as a first language. Russian perhaps? North Korean? One of those nations that specializes in malware and computer hijacking?

After checking my firewalls, bumping up my security and all that good junk I clicked on the link. Here’s what I got:

 

Reported Phishing Website Ahead!
Chromium has blocked access to sssecu1rity.com. This website has been reported as a phishing website.
Phishing websites are designed to trick you into disclosing your login, password or other sensitive information by disguising themselves as other websites you may trust. Learn more
 Advanced

* * *

In case anyone misses it, it’s on a red background.

Now, I don’t ever advocate clicking on links like that. In fact, if you click on “confirm now” in the text of the letter, you probably need to snip your Internet connection, turn in your computer and stick with something safe. Like skydiving or something. I figured I can get away with it because a) I know what I’m doing, b) my security is extremely tight and c) I’m using Linux anyway.

Oh, yeah. I forgot to mention. This email came in two of my accounts (I have several). My PayPal account is only attached to one domain name. These two email accounts are under another domain name. So as far as these senders are concerned I really don’t have a PayPal account.

Hey, y’all. Watch the sharks.

# # #

First add: I covered this issue before, and it keeps coming back. You’ll find my story here.

# # #

Second add: I also ran some precautions when I wrote that. They were pretty much off the top of my head, but the original story is here. I pasted in the list below just ’cause I like you:

  • Choose your tools carefully. If you use Internet Explorer, take that icon off your desktop right now and surf with a different browser. Chromium (an open-source version of Google Chrome) is good, as are Firefox and Opera.
  • Keep that browser updated.
  • Be careful about passwords; PayPal_Andy’s advice of having a designated password for each site is highly recommended, even though I’m guilty of using the same passwords for more than one site.
  • Don’t open any attachments if you don’t know the sender.
  • Be wary of attachments from someone you know; zap it with your virus and malware protection tools before you open it.
  • I’d also be wary of links sent by email, especially when they’re shortened through bit.ly or some other service. Also be careful of links posted on your favorite social media sites; you can click on some malware real easily that way. I’ve seen malware propagate among everyone on your friends/followers lists, making them the gift that keeps on giving.
  • You do have virus protection, don’t you? You do keep it updated, don’t you? Virus protection that’s not kept up to speed is totally worthless.
  • Grab some spyware protection, too. For that I recommend Spybot Search And Destroy.
  • Be careful about using public wireless for any business involving money; it’s too easy to tap into your information that way.
  • If surfing in a public place, watch for anyone behind you or sit with your back against a wall. I know this sounds goofy, but when some lowlife is trying to grab your information the low-tech ways are often the most effective.
  • Don’t let me scare you or anything.

If you use a smartphone:

  • Guard it with your life. Even if you want to be a good neighbor and help someone in a pinch, don’t let that person “hold” your phone. It’s too easy for him to snatch it and run. Most smartphones carry way more information than you’d think, and most of it can be found in seconds.
  • Be careful about dropping or leaving your phone somewhere. Same reason.
  • I use a lanyard from an old mp3 player and attach it to my phone holster. The other end is attached to a small carabiner, which I clip onto a belt loop. The holster’s flap is closed when I’m not using the phone. That way, if the holster falls off (happens more often than I’d like to think) or someone tries to snatch it off your belt, you’d know immediately.
  • Stay aware of what’s around you, even if you’re texting or playing Angry Birds. I’ve heard of folks stealing someone’s phone while the person is using it.
  • Two words: Password protection.

# # #

Final add: For your edification and amusement, I added this video at the last minute. It seemed to fit the theme somehow. I wonder if anyone told the diver that one side of his cage is missing?

# # #

 

 

 

 

 

 

 

 

Share

Author: Eric Pulsifer

Eric Pulsifer is a veteran wordsmith with experience as a journalist, editor, musician, and freelance writer.

  • Eric Pulsifer

    An update: I’m still getting them. Of course, in the wrong email box. It’s funny how they make themselves so obvious.