Frighteningly good Paypal phishing

This area is for the discussion of what's new, what's on your mind, and general photographic topics. A place to meet, make comments on this site, and get the latest community news.

Moderators: rjlittlefield, ChrisR, Chris S., Pau

Lou Jost
Posts: 5948
Joined: Fri Sep 04, 2015 7:03 am
Location: Ecuador
Contact:

Frighteningly good Paypal phishing

Post by Lou Jost »

Since so many of us use PayPal to buy our weird lenses, I want to share an incredible PayPal phishing email I got last week. It was an email telling me my credit card ending in xyz was expired and I should enter new information. Usually these are addressed to "Dear Customer" and are easily dismissed, but this one had my full name with middle initial. When I hovered the mouse over a link in the email, my browser showed a link to https://paypal.com/..... And the letter contained the correct last three digits of my credit card, but in the wrong order. How did they do this? Maybe they have installed an (imperfect) keylogger. But I never enter my whole formal name with my middle initial in anything that I can recall. How can it be so good, and even more curious, why did it make that one mistake about the order of my last three credit card digits?

My credit card isn't expired and I know that PayPal wouldn't ask for information this way, so I wasn't tempted. But in my experience this is a new level of phishing sophistication. We need to be aware of it.

Big Pete
Posts: 62
Joined: Thu Dec 02, 2021 7:40 am
Location: Ulricehamn Sweden

Re: Frighteningly good Paypal phishing

Post by Big Pete »

It is so sad that people spend all their knowledge for crime! My personal experience is that China is one of the top nations where criminals on the net are getting more and more refined in their effort to take our money! Lucky you that no harm was done!

DonBMichigan
Posts: 5
Joined: Sat Nov 20, 2021 1:51 pm
Location: Southeast Michigan, USA

Re: Frighteningly good Paypal phishing

Post by DonBMichigan »

The coincidence with the last three digits was just dumb luck on the attacker's part. They just choose three numbers, send out the email to hundreds of thousands of people, and figure it will register with someone.

I was phished recently by something made to like an email from DocuSign. I was actually waiting for DocuSign to send me a notification at the time the phishing email arrived - my first reaction was "hey, there's that email I was waiting for." The email looked strange, and fortunately I didn't fall for it, but if you send enough emails to enough people, it's bound to land in someone's inbox at the right time, and then the attack can begin. Even security experts get phished and scammed, because sometimes the attackers are just that good and the email came at the right time with the right look.
Don from Ann Arbor, Michigan, USA

Lou Jost
Posts: 5948
Joined: Fri Sep 04, 2015 7:03 am
Location: Ecuador
Contact:

Re: Frighteningly good Paypal phishing

Post by Lou Jost »

The coincidence with the last three digits was just dumb luck on the attacker's part. They just choose three numbers, send out the email to hundreds of thousands of people, and figure it will register with someone
No, this cannot be a coincidence. They had the right name (first name, middlke initial, and last name) AND the right three digits. In order to get this kind of hit, the culprit would have to send out many messages daily to everyone in the world. I would have recieved many failed attempts myself every day. The fact that these messages are rare falsifies your claim.

klevin
Posts: 129
Joined: Fri Dec 14, 2012 5:28 pm
Location: SW New Hampshire, USA

Re: Frighteningly good Paypal phishing

Post by klevin »

I think there's an easier explanation. Have you ever been notified of a breech at a website you use? I've lost count of the number of times my personal data has been stolen, including my fingerprints. I suspect some poor crook somewhere is manually transcribing this stuff from a database he bought with a few hundred thousand names and credit card numbers and just slipped up transposing those digits. Happens all the time, at least the transposing.

Consider yourself lucky if this is the first time you received one of these nicely personalized scam emails. I see them weekly.

Now, back to macro photography...

Lou Jost
Posts: 5948
Joined: Fri Sep 04, 2015 7:03 am
Location: Ecuador
Contact:

Re: Frighteningly good Paypal phishing

Post by Lou Jost »

Good point about stolen data that could match my name with my email address. Even so, to get the last three digits of my credit card correct by chance (in arbitrary order) would require (on the average) hundreds of attempts, and I have only gotten one that looked like this. So again, it seems virtually impossible that they just tried random digits. If they were guessing numbers by chance, I would have recieved many misses along with this hit.

rjlittlefield
Site Admin
Posts: 23564
Joined: Tue Aug 01, 2006 8:34 am
Location: Richland, Washington State, USA
Contact:

Re: Frighteningly good Paypal phishing

Post by rjlittlefield »

The last three or four digits of credit card numbers appear frequently in emailed receipts. Those are transmitted between systems as non-encrypted text, are stored on end-user systems in files that are easily read by malware, and I suspect will appear in many database systems that are vulnerable to hacking. To me, the most intriguing aspect of Lou's phish is that the digits were transposed. That seems to imply human involvement. I share klevin's vision of some person typing this stuff in, and I expect that person is probably not even a crook themselves, just some poor soul being exploited by one.

--Rik

Post Reply Previous topicNext topic