They're Trying to Hack Your Account: Analyzing a Real Phishing Email
A DZone MVB was recently the target of a phishing attempt. So, like any good dev, he broke it down and is sharing the knowledge he gained from the experience.
Join the DZone community and get the full member experience.Join For Free
From a quick glance at my email inbox, it seemed that something bad happened to my PayPal account. Was it hacked? Was it compromised? Did someone guess my password?
Before panicking, I decided to take another look at the email - something just seemed off about it. Let's take a look at its screenshot and start analyzing it.
The following assumptions are numbered according to the numbers in the screenshot:
The email address I got this email from is firstname.lastname@example.org, which seems legit. But, following that address, you can see the real address behind it, which is UpdateAppleDUsers.....@live.com. That doesn't look very promising, as live.com emails are free accounts from Microsoft's emailing service.
Whenever you receive an email with a title that starts with "RE" (which is added by email clients when someone replies to an email), you should ask yourself whether someone is actually replying to a conversation you were a part of, or maybe someone is just trying to fool you that you were a part of it.
The email starts with "Dear Customer." PayPal has all our financial information, so they don't even have the courtesy to address me with my name? Why do they address me as "Customer" and not "Dear First & Last Name"? Maybe the hacker just doesn't know my name and he's trying to fool me?
Then, the email continues with "We emailed you a little while ago" - that just doesn't sound like something a large organization will approve in an official email. It also just doesn't sound like something a professional writer would write.
The first sub-headline in the email is "What's the problem?" - does that sound like something PayPal's support team/security team would write?
The second sub-headline is, "How can you help," without a question mark, which seems odd because the first sub-headline contained a question mark at the end of the question. Again, doesn't seem like this email was written by a pro.
"We just need a little more information" - PayPal will probably never ask you for information. It would be extremely rare for them to do that, especially if you don't know what it's about. Also, they'll probably never ask for "a little" more information.
PayPal, or any respectful organization, will probably never ask you to "log in and ..." They will just ask you to perform an action on the website. When someone asks you to "log in and...," you should suspect that they are trying to steal your login information and hack your account.
"Please contact at the bottom of any PayPal page" - why is there no contact link/button? Looks strange. It seems like they are trying to focus you on the "login..." button, instead of providing more distracting options as links.
The links at the bottom of the page are shortened, so you can't tell which website is behind them without visiting them. This is something a respectful site won't be doing.
If you dive deep into this email, I believe you'll find more suspicious elements, other than the 10 I listed above. My point with this post was to expose you to the dangers of phishing emails - don't just click anything someone sends you by email, as you might end up being hacked too.
If you're not sure about an email you received, my tip would be to start with googling some of its content. For example, if you would have googled some of this email's content (example: "We emailed you a little while ago to ask for your help resolving an issue with your PayPal account"), you would have found this discussion and several others, which mention a potential fraud attempt.
Keep your eyes wide open and watch out. Remember, hackers are always trying new and creative ways to get your sensitive information.
Opinions expressed by DZone contributors are their own.