Friday, May 27, 2005

I've been phished

I just received an e-mail from PayPal, informing me that my account has been accessed and that I have three days to confirm my details or the account will be blocked. I went to the link:

http://68.208.50.35/scgi-bin/webscr/

and it certainly looked like PayPal's web page. All the menus worked, but then I noticed something odd. The link above is not paypal.com but 68.208.50.35. So I did a WHOIS and it came up blank - no known address!

So I next went to paypal.com and it certainly looked the same. This time WHOIS came up with a legitimate owner - PayPal.

One more check confirmed the phish. I went to the rogue link (the one above) and clicked on a menu item. Sure enough the URL changed to paypal.com. Then, when I clicked back to the welcome page, it took me to the official paypal.com home.

This is a very clever attempt at obtaining personal information in that it would be very easy to overlook the URL.

Oh, yes, one other reason I was suspicious. I DON'T HAVE A PAYPAL ACCOUNT!!!!