TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
I just received a new (for me, anyway) scam last night. It was from
PayPal Customer Service so I opened it on my Mac. It was addressed to
me personally both in the "To" line and in the text. It told me that
$765.40 had been charged to my account for a cell phone I had purchased.
I was told that if this was in error I should click on the link to
dispute the charge. Well, I hadn't purchased the cell phone, but I did
have a recent PayPal notice for something I had purchased, so I compared
the two. Except for the ability to click on a link to dispute the
claim, the two notices were the same. The real one didn't have such a
link.
I wonder how many people click on the link because they didn't order
"any stinkin' seven hundred dollar cell phone!"
Katherine Darges
Sr. Management Analyst
National Security Programs Group
-----Original Message-----
From: techwr-l-bounces+katherine -dot- darges=defensegp -dot- com -at- lists -dot- techwr-l -dot- com
[mailto:techwr-l-bounces+katherine -dot- darges=defensegp -dot- com -at- lists -dot- techwr-l -dot- c
om] On Behalf Of Geoff Hart
Sent: Saturday, May 06, 2006 9:18 AM
To: CEL; TECHWR-L
Subject: Misc: New phishing scam trick
Just spotted a clever new variant on the old "your Paypal account has
been compromised" phishing trick. Since this kind of cybercrime is
always a slight possibility, it's worth checking. The way I do this is
to copy the "click here" link into Word to see what the real URL is.
Usually, I get something with an eastern European domain name rather
than the actual PayPal URL.
Today's variant does something unusual and thus, much more likely to
deceive: the first link really does take you to PayPal's security
center. Since you can't actually figure out what to do at that site
without a bit of spelunking, it seems perfectly logical to click the
second link in the mail message, which ostensibly takes you directly to
the place where you can update your account details and fix the problem.
Don't do it: the _second_ link is the phishing scam.
The moral: If you ever get this kind of notification, be it from Paypal
or your bank or your credit card company or whatever, go to that
location yourself: manually type the URL in your browser. Don't ever
click on the link in an e-mail, since (as this example shows), the
phishers can be exceptionally clever at tricking us. If you can't figure
out whether there's really a problem, or how to solve it, you may even
have to resort to calling their 800 number--or send them an e-mail. If
there really is a problem, they'll help you fix it. If there isn't
they'll tell you that too.
WebWorks ePublisher Pro for Word features support for every major Help
format plus PDF, HTML and more. Flexible, precise, and efficient content
delivery. Try it today!. http://www.webworks.com/techwr-l
WebWorks ePublisher Pro for Word features support for every major Help
format plus PDF, HTML and more. Flexible, precise, and efficient content
delivery. Try it today!. http://www.webworks.com/techwr-l