Phishing Example: PayPal Forgery

January 1, 2016

What makes this a Phishing message?

  • The name of the service, and the look of the message, is intended to fool the recipient into thinking the message is from PayPal
  • The subject line, with the double exclamation points, is unprofessional and meant to incite some quick and heedless action
  • The sender's address is very strange and suspicous
  • The "Check My Account" link directs the user to a webpage containing a malware payload

Original Message:

Subject: Your account on the verge of closure !!
From: =?UTF-8?Q?ppl=2esupport?= <support@ppl.com>
Date: 1/1/2016 5:47 AM
To: noc@nak.berkeley.edu

Pay.service sceenshot

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to consult@berkeley.edu (link sends e-mail) (link sends e-mail) (link sends e-mail).  Be sure to include the entire text of the message, including the email header.