mysecurepc

I received a very real-looking email from PayPal with the subject line: “PayPal Notification: Payments and Statement”. The crux of the message was they debited my business account for $32.00. No reason given.

The link to view my Account Summary contained paypal.com but hovering my mouse over it showed it went to somehost.lan.io domain…obviously a fake.

The email was forwarded to spoof@paypal.com which brought a quick reply saying the email was, indeed, a spoof and they will take care of it. This event goes back to one of mysecurepc.com’s tenets: do not click on any email link.

Doug

mysecurepc.com has updated its phishing scam page with several new ideas on prevention. Phishing scams through email are growing at an alarming rate. Professional crooks have targeted this area so watch out.

Doug

The things you do not know…

I created a payments web page describing different payment methods my company will take. Innocuous enough, I though…until it was discovered to be a possible phishing site. The IE browser comes with an optional phishing filter which analyzes a sight for suspicious behavior and reported as such. (Personally, I think another reason the phish filter provides is tracking your surfing habits - that is why I have mine off). A colleague had the filter on and found out the web page was suspicious.

In order to remove suspicion a small form had to be filled out and reported to Microsoft: name, address, company name, and a few other pieces of personal information. Within 24 hours the phishing suspicion would be removed. This bothered me even though the information is readily available on the site. If it was not removed clients having the phishing filter on would be inclined not to do business with a suspicious site.

Check your site with a phishing filter turned on - you may be surprised at the results.

Doug

In a recent story, the SANS institute has pointed out that people are the worst security risk. Even after hours of security training, people still fall for the same old ruses. Phishing, or sending nefarious links through email hoping someone will click on them, is the most popular. Users are easily duped into thinking an email comes from a credible source when in reality it does not. Clicking on links can lead to all sorts of problems.

Most of these attacks are from Eastern Europe and Asia.

Doug