I received this classic phishing attack email today and it managed to slip through my anti-spam system. It’s an ill wind that blows no-one no good, so I thought I’d showcase it here in the hope of helping you recognise and avoid such attacks. Click on any of the images to see them full size.
The innocuous looking message just makes you want to rush and login to your PayPal account, but as soon as you do, the attacker will have your login credentials and will no doubt promptly empty your account. Now, let’s take a closer look at that URL.
By hovering the mouse over the link, Outlook pops up a little help balloon that shows the actual destination of the link instead of the display text. As you can see, that’s not a PayPal address. The alarm bells should be sounding at this point. This is the classic phishing scam, which works by concealing the destination of a hyperlink behind innocent-looking display text. It is the least sophisticated of the phishing attacks but easiest to construct, therefore probably the most common, but also easiest to detect. A slightly more sophisticated version is to link directly to an IP address instead of a domain name, which looks less obvious. Never follow a link that goes directly to an IP address, unless you know what/where/who that address is.
What is also worth noticing is that Outlook has blocked download of the image.
A look in the HTML source of the message reveals that the sender has attempted to link to PayPal’s logo:
Outlook blocks this type of reference because it could be used as web beacon, wich could be considered an invasion of privacy. When the image beacon is downloaded from the server, the server can sometimes work out who you are and record the fact that you downloaded the image. This is usually used by advertisers to analyse your browsing habits, but could be used by a malicious email to verify whether the email was delivered and opened, which could then result in a more targeted attack (in this case, the creator of the message was just too lazy to embed the logo image in the email message). This clearly demonstrates the benefits of a multi-layer defence-in-depth security strategy. Although this message was able to slip through my anti-spam filter, Outlook still had a part to play in protecting me.
This one is absolutely priceless. I wish I had the comic genius of this self-confessed prankster from Australia…
Man tries to pay bill with spider drawing