paypallogo

Whoever invents the means to validate beyond a doubt when emails are from genuine companies will have the technology of the century on their hands.

Why do we need to validate who emails come from?  Well the biggest reason is phishing and other scams to get your personal info.  There is a reason we keep seeing these attempts to gain access to our accounts – they are hugely successful. 

So how do you keep these attempts from being effective?  Well you can start by learning to recognize a phishing attempt compared to a legitimate email from a company.  We have a lot of modern tools to help with this and for me the most critical one is your email client since that is where all the emails come in at.

I use Outlook 2010 as my primary email program and it, like many other modern email programs, has a nice feature that can help you recognize a phishing attempt or other scam email.

Just this morning I received no less than six emails, all supposedly from PayPal, notifying me that there was a problem with my account and it was temporarily limited.  It also asked me to log in and fix the issue.  Of course, it provided a convenient link to make it easy to reach the website. 

So here is what the email looked like:

paypalphisingemailapril2011

Right there in the middle is the familiar blue link that will supposedly lead you to a web page to take further steps to fix your account.

Now if you hover your mouse over that link a box will pop up showing you the actual link that the text Click here to resolve the problem leads to. 

Here is what that looks like:

paypalphisingemailhoverlinkapril2011

I removed the IP address for safety and security reasons. 

As you can see they start with a IP address instead of the normal domain name address for PayPal.  That IP address leads to their server and not PayPal’s.  They try to get you to look past that IP address by creating a link on their site that is under the directory www.paypal.com/management/financial/login.html. Their hope is that you will just see the textual part of that link and click on it.

Now the next step here is to show you the benefit of the SmartScreen technology that is in Internet Explorer 9.  SmartScreen will show you if a page has been reported as unsafe and encourages you to not go any further.  Notice I say encourages you because it does not completely stop you from visiting the web page in question.  Ultimately you have to decide the next step.  Your decision and good software are both part of a solid defense against bogus websites.

So, if you click on that link IE will show you this warning:

paypalphishingsmartscreenapril2011

If you chose to visit the web page despite this warning then SmartScreen will make one more attempt to warn you that this page is not legitimate. 

Check out the address bar:

paypalphishingsmartscreenaddressbarapril2011

The red color highlighting, red shield and red Unsafe text should be further indicators that this site is not safe.  I recommend you do not ignore them.

As you can see I visited the web address because I wanted to show you the SmartScreen function works.  While I was there I took a screen shot of the bogus page to show you how valid a fake site can look.

Take a look at the genuine PayPal site and the bogus one side by side:

paypalphishingboguspagepaypalphishinggenuinepage

Can you tell the difference?  The real PayPal page is on the right .

As you can see there is no end to the ways and means that will be used to gain access to your personal information so you must take two steps to prevent it from happening to you.

First, use a good anti-virus, anti-malware, anti-phishing software so you can get some warnings when you might be inadvertently attempting to access bogus pages.  The second thing is to use your own brain power to recognize these attempts to keep them from having a significant impact on your life.

With these two things engaged you should be able to eliminate any phishing or scam attempts that come your way.