VIEWS

Email spoofing getting more sophisticated

by

Phishing attacks are becoming more and more elaborate.

Moments ago a curious PayPal scam landed at my PayPal address that we’ve never used for anything else than PayPal transactions.

The scam email contained one element only — an image that perfectly reassembled PayPal’s transaction receipt. More specifically, a payment receipt for an “inMotion iM4 Portable Audio System” supposedly purchased from Dell for $115.

The entire image was an HTML imagemap and the spammer has linked a few image areas to external websites. For instance, to make the scam look genuine the fraudster had connected PayPal’s “Get Verified!” link to the actual, non-spoofed PayPal page that provides information on becoming PayPal-verified.

How would unsuspecting recipients react when confronted with such a spam email? They would get anxious about being charged for buying something they never did.

Perhaps they would even click on the “Dispute Transaction” link contained in the scam email which, surely enough, would take them right to the phishy website in the attempt to extract their sensitive information.

Depending on your anti-spam measures and on your email software, such scams may not be obvious at the first sight. I personally use Mozilla Thunderbird that prevents from showing images from unauthorized senders AND pops up a warning message whenever a potentially fraudulent link is clicked.

Remain vigilant!

Become a marketing PRO!

Join more than 15,000 SMB marketers who get our top marketing articles straight into their inbox