I’m a huge fan of PayPal and use it on a regular basis – it’s linked to my bank account and credit cards, and it has a lot of my close friends and family’s shipping addresses for easy gift giving. So it’s no wonder that I get a lot of emails from PayPal confirming receipts, purchases and statements. Their online transaction process has been so useful that I got my wife to start using it as well, and she opened up her own account.
A few weeks ago, I received a phone call from her stating that she couldn’t log into her PayPal account. I asked her what the issue was, and she said that she got an email from PayPal notifying her of $85.32 in credit that she needed to redeem. The email mentioned that she had to log in and verify the receipt in order to receive the money, so she clicked on the supplied link and attempted to log into her account. She tried not once, but three times, double-checking her caps lock and trying a few different passwords, before she finally called me.
I asked her to forward me the email that she received, but prior to that, I told her to go type in www.PayPal.com directly in her browser and see if she could log in. She did and got in on the first try. I then asked her to change her password immediately (not to one of the 5 she just tried to use), and to deactivate her banking and credit card info for good measure.
I then focused my attention on the email itself. It was a crafty one. The PayPal logo, links, and everything else were perfect until you moused over the hyperlink. It wasn’t going to PayPal at all, but rather ***paypal***.com. This was my first indication that this was a phishing email, and low and behold, my security tools had already given it away. Directly in the email, my software told me that this was a bad site. I clicked on the link to check things out, and again my web protection kicked in, telling me, “The site you are attempting to visit is a known phishing site. Are you sure you want to continue?” I clicked continue, and was then presented with a perfectly copied login screen from PayPal – with the wrong url.
This was an easy one, but it could have been much worse. Web protection is essential, and phishing scams have been around for a long time. What if the hacker took a different approach? What if he embedded a malicious PDF document as a statement credit that had a fast moving worm in place? You have to rely on your malware protection at that point, but what if your system hasn’t been updated? You need to have access to real-time protection, instead of relying on outdated signatures.
McAfee’s layered protection mechanism involves 5 key elements:
- Presenting the user with known good search results.
- Warning and educating users about potential bad sites, and letting them know why the site was flagged.
- Preventing users from clicking on bad sites.
- Leveraging real-time lookups on fast moving and newly created malware, providing protection in real time against downloads.
- Preventing downloads from installing or executing.
As the web continues to grow and evolve, web-borne malware attacks will continue to increase, threatening networks and critical data for both the consumer and the enterprise. More information here on McAfee Web Protection, and be sure to follow us on Twitter at @IntelSec_Biz.