Yet another phishing email...

markjay

MB Master
SUPPORTER
Joined
Jun 24, 2008
Messages
29,194
Location
London
Car
W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
Well, it says pretty much the usual...:

'Our Technical Service department has recently updated our online services, due to this upgrade we sincerely call your attention to follow below link and reconfirm your online account details. Failure to confirm your NatWest account details will permanently suspend you from accessing your account online.'




The English is actually pretty good for this type of email (apart perhaps from the somewhat improper use of 'sincerely').


But the clever bit is the link's URL...

It is (click at your own peril
):

http:***//mail.nibblerscatering.com/www.natwest.co.uk/index.php***

Now that looks almost legit... or it would have been, if it was like that:

http:***//www.natwest.co.uk/mail.nibblerscatering.com/index.php***

(ignore the *** - there are there so the link does not get clicked on by mistake)


And it is not just the untrained eye that might fall for it... I do look at these links, and my first instinctive reaction was 'how do they do that??', until I spotted that it was the other way around... :doh:


As always, beware...
 
Last edited:

effbee584

Active Member
Joined
Mar 5, 2011
Messages
523
Location
Norwich
Car
Jag XF 3.0S and 10 yr old Micra 1.2 auto with Air Con.
Yes, if we get an unexpected email about a bank account we might hold, we need to look carefully at it. Of course we will not get these from genuine banks anyway.

I had one last week asking me to log in to my PayPal account to check my activity, naturally I would need to input user name and password.

The return email address was....

paypal.5VULGF.63699@e.paypal.co.uk

very strange address, so it went into the bin.

But does the .co.uk bit mean there are scammers and phishers in the UK? probably not since they can access a UK email address from anywhere, and Paypal operates from Luxembourg!
 

eGuru

Active Member
Joined
Mar 29, 2006
Messages
580
Location
Northants
Car
S320cdi, S204 C180
Had this phishing email last month and forwarded it to paypal. Paypal came back and assured me it was a genuine email. The email was sent to a dormant domain I hold.



On Wed, 17/8/11, paypal <aadd10293@FEFLHW.pay-pal.co.uk> wrote:

From: paypal <aadd10293@FEFLHW.pay-pal.co.uk>
Subject: Take action.
To:
Date: Wednesday, 17 August, 2011, 3:19

#yiv1323174837 a {text-decoration:none;}#yiv1323174837 a:hover
{text-decoration:underline;}

Jack, lift your PayPal restriction

Trouble reading this? View online
Add paypal at info.paypal.co.uk to your Address Book

Dear Customer,

You may have noticed that some limitations have been placed on your
PayPal account. As a valued PayPal customer, we want to let you know
what this means and how to resolve the situation.

What does it mean to have limited access?

Your account may be restricted for a number of reasons; you'll find
out when you next log in to PayPal. As a result, you'll notice that some
of the following options are now unavailable:

• Send money to other PayPal users


• Request or receive money from other users


• Edit or remove account details


• Close your PayPal account

How do I resolve the issue?

To assist us in our review, please log in to your account at paypal.
You will see a message explaining why your account has been restricted,
with details of what to do next.
 

effbee584

Active Member
Joined
Mar 5, 2011
Messages
523
Location
Norwich
Car
Jag XF 3.0S and 10 yr old Micra 1.2 auto with Air Con.
I can see that yours is similar, and since they advised your account was restricted I would have done the same ie checked with PayPal direct. However mine just asked me to check my recent activity which I thought strange.Not bothered to check if mine was genuine though.
 
OP
OP
markjay

markjay

MB Master
SUPPORTER
Joined
Jun 24, 2008
Messages
29,194
Location
London
Car
W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
The return email address was....

paypal.5VULGF.63699@e.paypal.co.uk

very strange address, so it went into the bin.

...
Had this phishing email last month and forwarded it to paypal. Paypal came back and assured me it was a genuine email.


From: paypal <aadd10293@FEFLHW.pay-pal.co.uk>

...
This is strange, because paypal.co.uk is actually legit, while pay-pal.co.uk isn't :confused:
 

John

Hardcore MB Enthusiast
SUPPORTER
Joined
Mar 3, 2011
Messages
12,755
Location
Daan Saaf
Car
W222 S500L
I had one last week asking me to log in to my PayPal account to check my activity, naturally I would need to input user name and password.

The return email address was....

paypal.5VULGF.63699@e.paypal.co.uk

very strange address, so it went into the bin.
I would say if this email was sent directly to you, and contained your name (as in who they are addressing) as you registered it with PayPal, it could be genuine.

Normally, they would not want you to go off and check things by your own steam, they would want you to send them your details or click on a link to present you with a phishing scam.

Email headers can be forged and spammers now seem to be using genuine FROM addresses to not make you suspicious, however, for this to work if it was a scam, assuming you've pasted the whole email here, they would need to have a keylogger installed on your machine for it to then collect what you type which they can then use.

Whilst this could be reverse logic, if the crooks had a key logger installed on your machine, they would be better off saying nothing and not drawing your attention to it.

But, because it is getting harder and harder to install malware onto machines technically, they are having to turn to trojans and social engineering to get you to open your machine to them etc. etc., so I would have thought it unlikely they've been able to drop one on your machine - especially if you are up to date on antivirus and antimalware protection, along with all security updates for your software.
 

John

Hardcore MB Enthusiast
SUPPORTER
Joined
Mar 3, 2011
Messages
12,755
Location
Daan Saaf
Car
W222 S500L
I'm surprised PayPal would think that unless they know they have pay-pal.co.uk - but even then, I can't see how they could be sure.

Whilst emails from larger companies don't always come from nice.simple-email.address@justourdomainname.com, usually they will end in the company domain name.

Paypal have paypal.co.uk so anything they send probably from the UK will more than likely have this address at the end (don't worry what is inbetween the @ and paypal.co.uk).

However, as I said above, email headers (which contain information about the email and is where email programmes get the FROM, TO etc. from) can be forged - even with a genuine address in the FROM field - so just because it ends in paypal.co.uk, doesn't mean it is genuine.

In one of the examples above, I can see 'Dear Customer' and I would be surprised if this was a genuine email as they would know your name - this would be the case in any email where your name is not there and yet they should know your name if you are a customer...

You should always visit websites you know by your own efforts (go to a web browser and type in the website name), never click on links unless you know the email is genuine (you've just registered an account and they've obviously sent you an email so you can verify your address to them).

If your machine is compromised, there is still a possibility it is a well-coordinated scam, albeit unlikely - although you should be comfortable your machine is not compromised...

Again, ensure your machine has an antivirus product, with antimalware (such as Avira from free-av.com) and another antimalware product like malwarebytes (.org), and is fully up to date with all software patches.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top Bottom