This blog post was written by Bruce Snell.
One piece of advice I always give (after update, update, update) is to never click on a suspicious link. A lot of times, those dodgy links are easy to spot, which is why cybercriminals try to be extra tricky to get you to click on them. They suggest all kinds of reasons you should click: your password needs to be reset, there is a prize waiting to be claimed by you, someone found an embarrassing picture of you, etc…
I recently received a very suspicious email telling me that my PayPal account was going to be closed. Instead of deleting the email, I thought it might be helpful to share how I could tell it was a fake and give you a look at what was waiting on the other side of that link.
Let’s start with the obvious issues here.
- The email address: Does the address match the legitimate URL of the site? In this case, the email should be from something like “firstname.lastname@example.org” not “email@example.com”. A lot of scam emails can be quickly spotted this way.
- Grammar: Take a moment and reread the email if it wasn’t apparent at first. A legitimate company of any size will typically send email text through multiple people for review. Occasionally a mistake slips through, but you should never get an official email with text like “Why My accounts is Limited ?”
- The button: Most financial institutions will not include hyperlinked graphics in important account related emails. You may see them in advertisements for new services, but if you need to verify your account, the email will most likely be a text link, or better yet, instructions along the lines of “Log into your account and click on the “Update Profile” link”.
Now speaking on the “resolve it now” button, take a look at what happens when you examine the link. It actually wants to send you to a really dodgy link on a host that is not who they are pretending to be.
So as you can see, if I clicked on the link I would be going to some site that is CLEARLY not PayPal.com.
Given that I got this email on my iPad and most of cybercriminals target Windows, OSX or Android, I was fairly confident that whatever lie on the other side of that link probably would not infect the system I was on, so I decided to see what they had in store for me.
The link took me to a page that was most likely copied straight from the original HTML source of the page they are impersonating. The login actually looks legitimate.
As I was sure this was not PayPal.com, I entered in a random string of characters into the email address and password fields. I was not surprised that it “logged me in” with no problem as the whole purpose of this site is to trick you into entering your personal information and infecting you with malware.
After asking you to enter in personal information such as address, phone number and birthday, the next screen asks you to enter in a credit card number.
Now after getting your credit card information, the page makes a grab at your bank account information. It even asks for your login name and password! This of course, is nothing you should ever enter anywhere besides your actual bank’s website.
Next is my favorite part. After asking for all your personal information, a pop up is displayed asking you to hold your ID in front of your webcam so they can “verify your identity”.
As you can see, they also include a handy Flash application to use your webcam to take a picture of your ID. Guess what else that Flash app does? That’s right, it installs additional malware on your machine to make you part of a botnet for further use by the cybercriminal.
So how do I stay safe?
There are 3 main ways to protect against cyberscams like this.
- Don’t click on suspicious links. Use the tips I provided above to help spot scam emails. If you receive an unexpected email from your bank or credit card provider, go to the site’s main landing page and navigate to your account information yourself. Additionally, you should use a web reputation tool like McAfee® Web Advisor, which is part of McAfee® Total Protection.
- Update, update, update. Do your best to keep your system up to date with the latest patches. This includes operating system and applications. Take advantage of the auto-update features available as you can avoid a lot of malware with an up to date system.
- Run anti-virus on your system. While you can avoid a lot of malware by following the two steps above, it is still very important to run anti-virus on your system to protect against new exploits that aren’t yet fixed by an update or attacks like drive by downloads. The cost of anti-virus software is always less than the problems caused by an infection.
As we’re approaching the holiday season, expect to see more of these scams than usual. Be vigilant and keep yourself safe.