Yet another phishing email...

Discussion in 'OT (OFF Topic) Forums' started by markjay, Sep 7, 2011.

  1. markjay

    markjay MB Club Veteran

    Messages:
    23,149
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
    Well, it says pretty much the usual...:

    'Our Technical Service department has recently updated our online services, due to this upgrade we sincerely call your attention to follow below link and reconfirm your online account details. Failure to confirm your NatWest account details will permanently suspend you from accessing your account online.'




    The English is actually pretty good for this type of email (apart perhaps from the somewhat improper use of 'sincerely').


    But the clever bit is the link's URL...

    It is (click at your own peril [​IMG]):

    http:***//mail.nibblerscatering.com/www.natwest.co.uk/index.php***

    Now that looks almost legit... or it would have been, if it was like that:

    http:***//www.natwest.co.uk/mail.nibblerscatering.com/index.php***

    (ignore the *** - there are there so the link does not get clicked on by mistake)


    And it is not just the untrained eye that might fall for it... I do look at these links, and my first instinctive reaction was 'how do they do that??', until I spotted that it was the other way around... :doh:


    As always, beware...
     
    Last edited: Sep 7, 2011
    1 person likes this.
  2. effbee584

    effbee584 Hardcore MB Enthusiast

    Messages:
    524
    Joined:
    Mar 5, 2011
    Location:
    Norwich
    Car:
    Jag XF 3.0S and 10 yr old Micra 1.2 auto with Air Con.
    Yes, if we get an unexpected email about a bank account we might hold, we need to look carefully at it. Of course we will not get these from genuine banks anyway.

    I had one last week asking me to log in to my PayPal account to check my activity, naturally I would need to input user name and password.

    The return email address was....

    paypal.5VULGF.63699@e.paypal.co.uk

    very strange address, so it went into the bin.

    But does the .co.uk bit mean there are scammers and phishers in the UK? probably not since they can access a UK email address from anywhere, and Paypal operates from Luxembourg!
     
  3. eGuru

    eGuru Hardcore MB Enthusiast

    Messages:
    582
    Joined:
    Mar 29, 2006
    Location:
    Northants
    Car:
    S320cdi, S204 C180
    Had this phishing email last month and forwarded it to paypal. Paypal came back and assured me it was a genuine email. The email was sent to a dormant domain I hold.



    On Wed, 17/8/11, paypal <aadd10293@FEFLHW.pay-pal.co.uk> wrote:

    From: paypal <aadd10293@FEFLHW.pay-pal.co.uk>
    Subject: Take action.
    To:
    Date: Wednesday, 17 August, 2011, 3:19

    #yiv1323174837 a {text-decoration:none;}#yiv1323174837 a:hover
    {text-decoration:underline;}

    Jack, lift your PayPal restriction

    Trouble reading this? View online
    Add paypal at info.paypal.co.uk to your Address Book

    Dear Customer,

    You may have noticed that some limitations have been placed on your
    PayPal account. As a valued PayPal customer, we want to let you know
    what this means and how to resolve the situation.

    What does it mean to have limited access?

    Your account may be restricted for a number of reasons; you'll find
    out when you next log in to PayPal. As a result, you'll notice that some
    of the following options are now unavailable:

    • Send money to other PayPal users


    • Request or receive money from other users


    • Edit or remove account details


    • Close your PayPal account

    How do I resolve the issue?

    To assist us in our review, please log in to your account at paypal.
    You will see a message explaining why your account has been restricted,
    with details of what to do next.
     
  4. effbee584

    effbee584 Hardcore MB Enthusiast

    Messages:
    524
    Joined:
    Mar 5, 2011
    Location:
    Norwich
    Car:
    Jag XF 3.0S and 10 yr old Micra 1.2 auto with Air Con.
    I can see that yours is similar, and since they advised your account was restricted I would have done the same ie checked with PayPal direct. However mine just asked me to check my recent activity which I thought strange.Not bothered to check if mine was genuine though.
     
  5. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    23,149
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
    This is strange, because paypal.co.uk is actually legit, while pay-pal.co.uk isn't :confused:
     
  6. NW_Merc

    NW_Merc Banned

    Messages:
    5,918
    Joined:
    Sep 3, 2005
    Location:
    Over here, sometimes over there
    Car:
    1994 Mercedes C180 classic
    The thing is you dont have to be in the UK to get a co.uk domain :thumb:
     
  7. John

    John MB Club Veteran

    Messages:
    11,660
    Joined:
    Mar 3, 2011
    Location:
    Daan Saaf
    Car:
    I wish.
    I would say if this email was sent directly to you, and contained your name (as in who they are addressing) as you registered it with PayPal, it could be genuine.

    Normally, they would not want you to go off and check things by your own steam, they would want you to send them your details or click on a link to present you with a phishing scam.

    Email headers can be forged and spammers now seem to be using genuine FROM addresses to not make you suspicious, however, for this to work if it was a scam, assuming you've pasted the whole email here, they would need to have a keylogger installed on your machine for it to then collect what you type which they can then use.

    Whilst this could be reverse logic, if the crooks had a key logger installed on your machine, they would be better off saying nothing and not drawing your attention to it.

    But, because it is getting harder and harder to install malware onto machines technically, they are having to turn to trojans and social engineering to get you to open your machine to them etc. etc., so I would have thought it unlikely they've been able to drop one on your machine - especially if you are up to date on antivirus and antimalware protection, along with all security updates for your software.
     
  8. eGuru

    eGuru Hardcore MB Enthusiast

    Messages:
    582
    Joined:
    Mar 29, 2006
    Location:
    Northants
    Car:
    S320cdi, S204 C180
    I thought so too, I am surprised paypal seem to think it is genuine.
     
  9. John

    John MB Club Veteran

    Messages:
    11,660
    Joined:
    Mar 3, 2011
    Location:
    Daan Saaf
    Car:
    I wish.
    I'm surprised PayPal would think that unless they know they have pay-pal.co.uk - but even then, I can't see how they could be sure.

    Whilst emails from larger companies don't always come from nice.simple-email.address@justourdomainname.com, usually they will end in the company domain name.

    Paypal have paypal.co.uk so anything they send probably from the UK will more than likely have this address at the end (don't worry what is inbetween the @ and paypal.co.uk).

    However, as I said above, email headers (which contain information about the email and is where email programmes get the FROM, TO etc. from) can be forged - even with a genuine address in the FROM field - so just because it ends in paypal.co.uk, doesn't mean it is genuine.

    In one of the examples above, I can see 'Dear Customer' and I would be surprised if this was a genuine email as they would know your name - this would be the case in any email where your name is not there and yet they should know your name if you are a customer...

    You should always visit websites you know by your own efforts (go to a web browser and type in the website name), never click on links unless you know the email is genuine (you've just registered an account and they've obviously sent you an email so you can verify your address to them).

    If your machine is compromised, there is still a possibility it is a well-coordinated scam, albeit unlikely - although you should be comfortable your machine is not compromised...

    Again, ensure your machine has an antivirus product, with antimalware (such as Avira from free-av.com) and another antimalware product like malwarebytes (.org), and is fully up to date with all software patches.
     
Tags:

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.