Unknown web browser says phishing email
There were a few contenders for the phish of the day. The competition was fierce, but the PayPal entrant won us over. What swayed us was the advice given at the foot of the email in regards to phishing emails. Jokes aside, the PayPal phishing email we present is realistic, and features a mix of genuine and malicious links. This is becoming the de facto standard of phishing emails.
Figure A is the phish of the day. The subject line of the email is long: “We need you to verify your identity for further use of your account”. The sender of the email is shown as “PayPal”. There is a copy of the PayPal logo in the left hand corner of the email. No greeting is present.
The email opens with the heading “Your account has been limited because it was used by another web browser”. There are six links in the body of the email. Five of the links are to the genuine PayPal site. The sixth is to a malicious site. The link in question is the button with the text “Verify Now” inscribed.
This reason for this email is to warn the user of a breach of their PayPal account. The trick used by the criminals is to pick a date and time. The probability that the user will not have accessed their PayPal account at that particular time is high. Details of the browser used and the operating system are provided. In any case, the email implies that the user’s PayPal account has been compromised.
The user can resolve the issue by clicking on the link. This is a scam. If the recipient of the email is in doubt of the veracity of the email, they can read the second last line of the email. This states that
“Spoof or ‘phishing’ emails tend to have generic greetings such as ‘Dear PayPal member’. Emails from PayPal will always address you by your first and last name.”
The other sign this is a phishing email is the link “Verify Now”. This link does not lead to the genuine PayPal site. It leads to a phishing site. This is another PayPal phishing email.