June 3rd, 2003

(no subject)

Whew. I had my final exam this morning, so I'm glad that's all over and done with now. The exam itself went ok - it was quite tough, and I only just finished before I ran out of time, but I reckon I got about 85-90%, which I'm happy with. I've spent the rest of the day relaxing, and I look forward to catching up on some sleep tonight. Then tomorrow I'll resume work on my project.

PayPal hoax

Hmm, I wasn't intending to post another entry this soon, but I just got a rather worrying email. It appears to be from PayPal, but I think it's a hoax, so be very cautious if you receive something similar.

Key things that made me suspicious:

  • They are asking for my password, which PayPal say they will never do.

  • They shouldn't need my credit card number again, and giving a random person the number/expiration date would make it very easy for them to commit fraud (they could get my street address by logging into PayPal as me, once they have my email address and password).

  • They definitely shouldn't need my ATM PIN!

  • Although the email is dated tomorrow (Wed 4th June 2003), it says that it expires May 31, 2003.

  • General point - if I'm going to enter stuff like this, I'd rather do it at the website, than typing into an email form.

Once I got suspicious, I checked the source code of the message - although it appears to be from PayPal.com (according to the "from" email address), the form is set up to send its data to quiesy.portland.co.uk. And even if they are a registered subcontractor, a file called "boyz.php" doesn't sound very official to me. And finally, this email was sent to my old Demon address, rather than my new address (which is actually registered with PayPal, so the one that they'll use to contact me) - presumably this means that it's a wide scale thing, rather than anything that's specifically targetted at PayPal users.

Anyway, I've notified PayPal of this, and they should get back to me in a couple of days to confirm/deny.

So, assuming that I'm right, it's good to know that I'm getting less gulllible as time goes by. In this case, I think it helps that we covered social engineering as part of the Cryptography/Information Security course, which I was revising a couple of weeks ago.

Oh, and one last thing - I've included the entire email below (behind the cut tags), so that you can see it for yourselves. This should be obvious, but please don't enter your details and click the "log in" button!

Collapse )