Wednesday, November 19, 2008

PayPal Scams and Evolutionary Pressure

We've discussed the anatomy of a typical PayPal scam email in the past, and we've analyzed other scams such as credit union member phishing. With that in mind, a recent PayPal scam email has a few little tweaks that are worth noticing.

The first thing to note is that it tells the recipient that the investigation process will take at least 12 hours, and that they recommend that you verify your account then. This means that most users won't try to log in for at least 12 hours, giving the scammer a chance to loot the account.

Second, it was interesting to see that the scammer did not use a very well concealed clickable Paypal URL - a simple mouseover points it to a site easily identified as a non-PayPal site. The most interesting part here for me was that the help link redirects to an alternate site as well - although, again a poorly concealed one.

Finally, the email spends almost a third of its length discussing what PayPal does to address scams and to prosecute fraud. This appears to be an attempt to tap into what Bruce Schneier discussed recently regarding the science of cons.

These incremental improvements - and the lack of sophistication in the links show that PayPal scam email continues to evolve and adapt, and that some of the most common tricks aren't universally used. As users become more savvy, successful scams must become more realistic, and must appear more trustworthy.

The email is reproduced below as a clickable image - click to expand:

No comments: