Each day we hear about new phishing attacks being carried out by hackers or scammers and despite the continuing awareness from multiple sources and media platforms regarding these attacks, there are still people who continue to fall victim to such attacks.

For this very reason, in this article, we will be providing you with all the possible ways you can verify an email to ascertain whether it has come from a legitimate source or from a scammer.

PayPal Phishing attacks demonstration

We will take an example of a suspicious email received by a user which said his PayPal account would be banned if he didn’t complete necessary verifications. So, by analysing the email he received on whether it’s genuine email or not?

Sender’s email

Let’s first look at the sender’s email which in this case is paypal@inc.com which obviously is not an email used by PayPal. A regular email reader from PayPal will quickly spot this as they would know PayPal emails are mostly from info@paypal.com. Here one can clearly see the email domain is, in fact, inc.com instead of paypal.com, which should make the fraudulent nature of the email very apparent.

Content errors

Most people don’t check the sender’s email id so not to worry if you missed that. You should, however, check content and grammar of the email as often you will be sure to find some grammatical errors which are very uncommon from legitimate businesses as they usually have proofreaders and editors who comb over  content to ensure its error free.

learn-how-to-identity-and-protect-yourself-from-phishing-emails
One can only LOL at this content
Hyperlinked Buttons

Another indicator for a scam mail could be a button hyperlinked inside the email like “Update profile link” or “Login into your account”.  Often there would be a text link provided by a legitimate service if they want to send the user to a required place and obviously, scammers won’t provide the text links because the user will then identify the spammy URL and will quickly delete the email.

2-1

Further analysis

Now let’s click the “resolve now button” and see what’s stored there. For even a basic user can quite clear identify the button is not taking one where it should be i.e. to an unknown host.

 

But, here the story gets interesting. Although hough it’s an unknown host it has PayPal’s original page login which really tricks the user into inputting their login details and for the sake of revealing what’s stored after the login details we input the fake details and it logged in. After it asked for some personal details like address, phone number and birthday and credit card number. 

3-1

And it goes on…

Once done with verifying all the details it asks for “Verify your identity” this is the clever and devious part on behalf of hackers. On the page, they ask for adobe flash player update which is, in reality, a bloatware which they want to leave behind for manipulating the user in future.

4-1-side

End note: Be very careful!

So, be very careful in following instructions on any emails as hackers are getting very creative these days and if you find anything suspicious, do verify with the related authorities because one wrong step on your part could cost you much more than you bargained for.

It is safe and advisable to log in to your PayPal account by entering the web address into your browser’s address bar or via an official PayPal app. The PayPal website has a verified green signature as shown in the screenshot below:

paypal-users-hit-with-asda-order-phishing-scam-2

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.