[Curlyben]

This is quite a serious issue that everyone should be fully aware of.
What is Phishing ? Well basically it's a scam designed to steal sensitive personal information.

Read Here for more information


These type of "attacks" tend to come form addresses that you could almost trust with subjects that sound possible.
Here's an example of one I received today from [email protected]
with the subject Re: PayPal Security Alert: Message id 3868355

Ok so it all looks OKish.
Once the mail is opened it all set out to look like a real paypal mail.
The text of the mail also sounds right:

Your PayPal password has been changed.

If you or anyone with authorized access to your account did not make this change, please update to your account Online account can be confirmed at any time clicking here:

Respond to this notification.

Our database will be instantly updated.

The Password Change request was made from:
IP address: 40.16.60.868
ISP host: sjclb789-map647.sjc.ebay.com

Thank you,
PayPal

From here on you are asked to follow an inbedded link that takes you to what looks like paypals own site.
Here is where they attempt to steal your info.

So time to point out some tell tail signs.
Note the from address is -paypal.com, the subject is a Re: a reply and the best one is the so called IP address.
It is impossible for any number in the IP address to be more than 255 so ending 868 is really bad.

Of course if these pointers haven't allerted you then the address that it sends you to should. The address tends to be oddly formatted.
It starts OK with the normal www.paypal.com but then degenerates in to seemingly meaningless characters. This is the real address.
There is an underling fault in the way the WWW is coded where by the insertion of a perticular character tells your brower to ignore the first part (www.paypal.com) and direct you to the second part (random charcters). These characters contain all the needed information to redirect you to the scammers site.

To cap it all this phisher even has the gaul to post Paypals scam warning on the bottom:

* Protect yourself from spoof (fake) emails and Web sites. Take the Spoof Tutorial to learn about eBay Toolbar with Account Guard, which warns you when you are on a known spoof site.

Learn how you can protect yourself from spoof (fake) emails at:
http://pages.paypal.ca/education/spooftutorial

These type of mails don't just come from Paypal, but any site where personal information is needed.
Some pretend to be Banks, Insurance agents, Ebay and Other financial companies.

So as a word of warning if you ever receive a mail of this type and it looks real then DO NOT follow the link supplied, but log in to your account the way you normally do.
If it is real then you'll be notified on the site.

It always pays to be careful and surf safe


Now where did I put my Tinfoil hat

[J_9]

I think it is behind you Ben.

Oh, yeah, and thanks for the great head's up!!

[labman]

I am getting a ton of those including my Yahoo address that I don't use for Pay Pal.

Where do you find real tin foil these days? All I can find is the aluminum foil, and I am not sure it will work. You can't trust a lot of this new stuff. Ask tkrussel about the residential use of aluminum conductors and how many houses burned down. Tinned copper makes very reliable connections. I have also heard you don't have to wear a tin foil hat, just line a regular hat with it.

[andrewcocke]

I am getting a ton of those including my yahoo address that I don't use for Pay Pal.

Where do you find real tin foil these days? All I can find is the aluminum foil, and I am not sure it will work. You can't trust a lot of this new stuff. Ask tkrussel about the residential use of aluminum conductors and how many houses burned down. Tinned copper makes very reliable connections. I have also heard you don't have to wear a tin foil hat, just line a regular hat with it.

Don't forget to hang a bunch of wire clothes hangers from the ceiling.