So i was checking my emails earlier and in my spam box was a reasonably well done forgery. It purported to be from PayPal and stated that a £100 transfer of funds from my account had been cleared for a subscription to a website called Play And Connect... that was something of a surprise since i've vever heard of the bunnies i'd apparently given a ton to and only ever had that much money in my PayPal account twice and neither was this year!
So despite it already being filed as junk, i did some digging around; Play And Connect haven't got a site up right now but there's a note saying they've nothing to do with the emails, that meant a little digging around through the email itself to see where the "trick" was. The sneakiness laid within the "cancel" link, the text version pointed to PayPal.com but the actual link read PayPal.co-uk.***.pl (i've not posted the full domain, but it was only three characters long) followed by a legitimate-looking command string. Presumably the less tech savvy readers would either not look at the real link or if they did merely see the PayPal at the start of the link and miss the .pl domain.
One little twist is that the reply address points to a parked domain, PayPals.co.uk (note the plural) and i assume that's because if they'd forged a straight PayPal address it would've been picked up by the spam scanners far more quickly.
No comments:
Post a Comment