> I've just got off the phone with PayPal. I found a "we're checking your > account" email suspicious, and called for verification. As I suspected, > it was fraudulent. > > I'm posting just to remind everyone to be suspicious. PayPal says that > all their email addresses the recipient by first and last name -- > always! Also, don't respond: phone or go to their web site (*Not* from a > link in the email -- duh!). > > I know these are obvious precautions, but it's always worth repeating. > > Now if you'll excuse me, I have to get back to that Nigerian minister > with the uncut diamonds and beautiful daughter I'm trying to help out. > > -- > Lan Barnes
I get as many as a half dozen of these kind of messages a day. They are called "phishing" schemes and the main goal is to gather enough information to commit identity theft. The letters will start out with "Dear PayPal User" or "Dear eBay Customer" instead of the first and last name you know the real companies have on file with you. I use Yahoo web-based e-mail so I view the e-mail in Apple Safari web browser. I have the status bar displayed at the bottom. When you hover your mouse pointer over the link they urgently want you to click, you will see that the URL is not the same as the text they show. Some are so obvious that it is pathetic. Others are insidiously clever and use subdomains which allow them to make their fake one look similar to a legit eBay or PayPal address. I would guess that few people outside of the web development community look closely at a URL to know when someone is trying to pull a fast one. Here's a basic prototype: http://subdomain.server.tld/directory/program?GETvar=GETval&GETvar2=GETval2 In this case, server.tld is the main domain name and "top level domain" (ie com, net, org). The subdomain is related to server.tld. I think that MS IE would stop displaying the rest of a URL if a certain character, like %00, was included. This was one way that they could make their subdomain resemble a legit URL and hide their nefarious purposes. Usually the web sites attempting this fraud are only up for a couple of days. Ones in foreign countries last longer, I think. Sometimes the URL has a simple IP address while others use domain names. I sometimes find it interesting to discover which country a fraud e-mail comes from. You can use the Linux traceroute command but it is not always obvious where each IP or URL is located. Some include airport codes in their URL. Another way to approach this is to use http://www.visualroute.com to see each IP along the traceroute query as a point on a world map. There is a "live demo" on the site and you have to register with them to use it. Another way to investigate a domain or IP is with http://www.samspade.org and domain registration info like http://www.allwhois.com. With SamSpade you can find out who owns the IP block in case you want to take a complaint further up the chain. Both eBay and PayPal (same company) have an e-mail where you can forward suspicious e-mails: [EMAIL PROTECTED] and [EMAIL PROTECTED] However, you wait a day or so an get a canned message saying that the e-mail didn't come from them. I've also had these fraud attempts associated with Regions Bank, CitiBank, CalCoast Credit Union, and a number of stock broker accounts--none of which I use. I keep a folder of these messages in my mail box. I understand that there are some browser toolbars for Windows but these are sometimes vehicles for spyware, depending on where they are obtained. Be cautious if you are in the Windows world. I use MacOS X and Linux exclusively. FREE INTRODUCTION TO LINUX CLASS Next Tuesday evening I have a free Introduction to Linux class beginning. For details on this and other classes I teach, please see my web site (http://www.ITeachPHP.com). These are offered as Continuing Education classes from the San Diego Community College District at 8401 Aero Dr., near Montgomery field. This class runs from 5:30-9:30 pm in room 117. James _____ James D. Keeline http://www.Keeline.com http://www.Keeline.com/articles http://Stratemeyer.org http://www.Keeline.com/TSCollection http://www.ITeachPHP.com -- Free Computer Classes: Linux, PHP, etc. Spring Semester Begins Jan 31 -- New Classes Start Every Few Weeks. -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
