Dear Paypal Member,
We're not able to process your account information at this time.
In reviewing your account, we found out that we need more information from you before we restore your full account access.
What you need to do
Please visit the Resolution Center. There, you'll also be able to get more details about your account and what additional information is required, and what you can and can't do with your PayPal account until the issue is resolved.
http://secure-area.dustlady.com/.online/secure/area/identification-code-account-suspended
Once you provide the information we need, we'll send you an email to let you know if we need more details.Resolution Center
Please note: I have de-activated the link as a click-through; please do NOT attempt to access it unless you want someone to steal from you. Or you're a better hacker than I am and want to f**k with them, in which case I will buy you a beer of your choosing...
Now... Let's count the fail in this e-mail:
1. This e-mail address is not attached to my PayPal account;
2. Poor grammar, missing punctuation, etc.;
3. Not even attempting to hide that the "click me" link isn't even vaguely connected to PayPal;
4. "Resolution Center" for a closing? Serious?
What saddens me is that hundreds if not thousands will fall for this. They'll just click on the link, enter all their personal information, and send it off, blissfully unaware that they're basically handing a thief the key to their house along with a vacation schedule. I'm really torn on how to feel about that - on the one hand, they get what's coming to them for not taking even the most basic precautions of paying freakin' attention; on the other hand, it's the idiots that click on the link that make these scams worth perpetuating...
I hate to horn in on my #1 blogson's territory with security blogging, but I figured that I owed it to y'all to point out this particularly badly executed phishing expedition. I'm certain that y'all are smart enough to do five seconds worth of critical thinking so that you don't get burned. Certainly you'd never click an unsolicited link from an unknown source to begin with, let alone enter any personal information there. But still, there might be someone out there just lurking who wasn't quite sure, and if this helps them out, I'm happy to do it.
Besides, if you want to click a link and give someone your money, here's two places to to it: www.pcf.org/kilted7 or Kilted to Kick Cancer Team Page. :)
That is all.
6 comments:
I think I would have stopped after reading this far:
http://secure-area.dustlady...
Dustlady?? now that looks legit!
Would it be phisherman, or internet angler?
Certainly you'd never click an unsolicited link from an unknown source to begin with, let alone enter any personal information there
Um, well... Like the guys who 'fess up to their negligent discharges, let my story be a warning...
I fell for a phishing message once and gave away my son's World of Warcraft login. It was right after WoW had switched to the Battle.Net account management servers, so I wasn't used to looking for that URL. My son was able to get back all his in-game stuff and I didn't out my credit card details, but it was embarrassing as heck for someone who's supposed to know better.
Then, to rub salt in the wound, after we'd changed his password the phishers started sending me messages that said "Your profile has been modified. If you did not make any changes to your profile, login here to check your settings." I almost fell for that one too.
I've gotten that one a few times, and I don't even have a PayPal account.
The first thing I noticed was that the scammer wrote "Paypal Member" instead of your name. PayPal uses the name associated with the account for all the e-mails they send out.
I happen to work for a gigantic bureaucracy, and we get emails like this every day. Five different IT teams, and each one is outraged that someone might think that their email, full of typos, demanding SSNs and other confidential information, and demanding an immediate response, and threatening dire consequences, would not be instantly recognized as legitimate.
Post a Comment