Phishing Victim
Saturday, 2006-03-25; 00:20:00
Grr. I did something really stupid yesterday morning. I got up at around 9:30 AM, and I found this e-mail sitting in my inbox:
I should've noticed that 1) the e-mail address is highly irregular to have that ".---24.Mar.2006.stanford.edu" pegged at the end of it, 2) there was no actual reason stated in the e-mail stating what the "issue" was, and 3) any "security" measures sent via e-mail should immediately throw up a red flag. Furthermore, that link there goes to this URL "http://www.paypal.com%20cgi-bin%20webscr%20cmd--secure-amp-sh-u%20%20.userid.jsp.krblrice.com/.https//.www.paypal.com/webscr_cmd=_login-run/".
This is actually a fairly good phishing attempt (if you go to the URL, the PayPal page is very convincing), and apparently good enough to count me in as a victim in the morning after just getting up. I foolishly put in my e-mail address and password to the website at that address, and when it then asked me for my credit card (another big red flag), I realized immediately what I had done.
So, yeah. I guess it was a good excuse to change all my passwords. :rolleyes:
Incidentally, I really think there should be some security measure for hyperlinks -- if the text doesn't match the link, a warning should be displayed. (If they match, no warning is necessary.) Although that would effectively block me from being able to pull an easy prank on a certain person over iChat, I think it'd be a useful security measure.
I should've noticed that 1) the e-mail address is highly irregular to have that ".---24.Mar.2006.stanford.edu" pegged at the end of it, 2) there was no actual reason stated in the e-mail stating what the "issue" was, and 3) any "security" measures sent via e-mail should immediately throw up a red flag. Furthermore, that link there goes to this URL "http://www.paypal.com%20cgi-bin%20webscr%20cmd--secure-amp-sh-u%20%20.userid.jsp.krblrice.com/.https//.www.paypal.com/webscr_cmd=_login-run/".
This is actually a fairly good phishing attempt (if you go to the URL, the PayPal page is very convincing), and apparently good enough to count me in as a victim in the morning after just getting up. I foolishly put in my e-mail address and password to the website at that address, and when it then asked me for my credit card (another big red flag), I realized immediately what I had done.
So, yeah. I guess it was a good excuse to change all my passwords. :rolleyes:
Incidentally, I really think there should be some security measure for hyperlinks -- if the text doesn't match the link, a warning should be displayed. (If they match, no warning is necessary.) Although that would effectively block me from being able to pull an easy prank on a certain person over iChat, I think it'd be a useful security measure.
Technological Supernova Unfiled Older Newer Post a Comment