"The payment you sent"
"Please confirm your LinkedIn password"
"Your bill is now available"
"Your paypal.com transaction"
Recently I've received a number of e-mails about services I use
and subscribe to; some of the subject lines are shown above. The
e-mails look very genuine, and they are normally telling me about a problem
with my account and urging me to click the "Login" button as soon as
possible to resolve the issue. If my personal experience is anything to
go by, recently these scam e-mails are looking more and more like the
real thing. They are designed to look as "official" as possible and they
are solely designed to prompt you to log in to your account at PayPal,
or your bank, or your mobile phone company, or LinkedIn - I've received
examples purporting to be from all of these companies in the last week
or so.
Of course, when you click the "log in to my account" link from the scam
e-mail, you're not actually going to the real site but a site created by
the attacker which looks identical (apart from the address in the url
bar, which will NOT be the address of the site you think you are logging
into but something which looks almost the same).
After you've logged in to the fake website, the attackers will take a
copy of your log-in details. They can then either use the username and
password they now know to log you in to the real site and redirect you
to it (so you'll never know what just happened) or they can show you a
page which says the site is "down for maintenance, please try later" -
again, you might not suspect that your details have just been stolen.
After that, the attackers can do whatever they like to your account. For
example, they can transfer money to their own account, and you'll
probably have a hard time proving that it wasn't you.
If you have any suspicions about an email you receive, never click on the link inside the e-mail. Instead,
go to the account it relates to by typing the address into the browser
yourself. That way you know you're going where you think you're going.
What do you think? Have you noticed the "quality" of these types of email improving recently? Let me know in the comments.
