For those of you who aren’t familiar with phishing scams, the basic idea is that they try to trick you into sending them your financial information by pretending to be from a company you do business with. Basically, if you get an email from a bank insisting that you confirm your account details under threat of suspension, don’t believe it.
So, I just got a phishing e-mail, purportedly from Paypal. Thing is, whoever sent this one didn’t do a terribly good job.
Not only has the message been cc’d to dozens of other people, key words have been misspelled or misused. I particularly liked their exhortation to “Make sure you never provide your password to fradulent persons” and their link to the actual PayPal security page.
Taking a look at the raw source code for the message revealed that, unfortunately for them, this was the only link that was spelled out. The rest of their links went to numerical addresses, which is kind of a giveaway that something isn’t quite right.
With just a few simple tools, like the whois command, I was able to find that the address leads to this:
HAMBAEK GIRL HIGH SCHOOL 185 SINDONGRI JEONGSEONEUB JEONGSEONKUN KANGWON phone: +82-33-378-0022 e-mail: kwip@kornet.net
Ok. It’s pretty obvious at this point that PayPal isn’t involved. Unless they’ve somehow started operating out of a girl’s high school in Korea. Most likely, someone has taken control of a machine at the school and is using it to run the scam remotely.
I’m sort of half-heartedly contemplating following the link and filling up their database with useless drivel, but that’s probably too much work. I’ll just forward the message to the real PayPal security folks and to the contact guy at the high school so that he knows he’s got some compromised machines on his network.