The Fine Art of Phishing, Or Suckers In Love

Email scams seem to be getting more and more sophisticated. I got two this weekend that I hadn’t seen before: One nearly fooled me into trotting off to Paypal and giving up practically all my personal data, the other almost convinced me I was being pursued for love.

The Paypal scam, according to Codefish, is ‘exceedingly well done’. The email looks and feels authentic, and, most interestingly, uses a slightly different technique to shield the link from the wary (such scams try to lure the user into entering their password into a website they believe is the legitimate one, so the link to this website in the email needs to look authentic). This email, rather than hiding the real link inside lots of meaningless characters, uses Javascript, so that hovering the mouse over the link will make it look as if the link is www.paypal.com. I hadn’t seen that before and it took Daniel McNamara, who runs the Codefish website on scamming, to explain to me what was happening.

Oh, and if you do go to the website in question, which looks like a PayPal website, the scammers will ask for your Full Name, Address, Phone contacts, Credit Card information, Bank account information, Social Security Number, Card PIN Number, Date of Birth, Mother’s maiden name, Driver Licence Number, Email address and PayPal Password. As Daniel puts it: “What we’re looking at here is nothing less than full on indentity theft. The information the phishers would glean from victim with this scam would more or less allow them to do anything as that person. I’ve not seen a phishing scam go to such lengths before.”

The second scam was weirder:

YOU HAVE RECEIVED A LOVE COMPATIBILITY TEST

Greetings,

You have received a love compatibility test, see how compatible you are by
answering the 20 simple love compatibility questions.

The link was to a page on a website www.lovecompatibilitytester.com and so looks harmless enough. At worst, you think, it’s spam; at best someone really cares about you… But no. Daniel’s taken a look and says going to the link will actually try to install a virus — possibly one called Pinfi — which is probably a password grabber. What surprised me with this is that scammers would go to such lengths in social engineering to lure the unwary. My guess: Just like the lovebug worm, there’s no sucker like a sucker in love. Be warned. Scams are getting smarter.

19. January 2004 by jeremy
Categories: Malware | Tags: , , , , , , , , , | 3 comments

Comments (3)

  1. Receieved love compatibility test email and opened it and tried to run the test, does this mean my computer is infected with something and if so what should i do about it. AVG Virus scanner doesnt pick up anything.

  2. Also received the email, and stupidly, stupidly clicked on the link from the email. Does this mean that my account will now receive spam? Cos it’s my uni email account and I won’t be too impressed if it is. Darn.

  3. On closer inspection lovecompatibilitytester does not install a keylogger. It is however, a pretty nasty piece of spyware. I’ll post something on this soon, but in the meantime those concerned should check out Daniel’s website: http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=100&mode=thread&order=0&thold=0