Anatomy of a scam
The other day a client of mine called and asked about an email they received from PayPal.
The email stated that PayPal had seen some unusual activity on their account and needed them to verify their information.
A link to a login page was given in the email. (Red Flag One - PayPal will never direct you to their site concerning sensitive information with a link. The will instruct you to manually go to www.paypal.com and login there.)
window.(Red Flag Two - hides the fact that you are not on a secure page.)
The page also contains code to alter the address bar to display what seems to be the PayPal address.(Red Flag Three - the address for the page begins with http:// instead of https:// as it should for an ssl page.)
Right click is disabled and displays a copyright warning. (Red Flag Four - The are attempting to hide their malicious code)
Many will not notice these discrepancies and enter their emaile address and password to login. They are then taken to a page requesting credit card and checking account information (Red Flage Five- your back button no longer works)
At this point they have your PayPal email address and password and can access your account.
If you go back to the original email and start over you will find that any email/password combination will work to login(Red Flag Six)
Upon further investigation, I was able to find the actual address of the scam and access the site and directory containg the scam. The site is located somewhere in Asia and the home page appears to be an Asian company. The directory also contained a similar Ebay scam all neatly packaged complete with graphics and server side scripts. There was even a zip file which containd all the necessary components to run the scam.
Believe it or not the form action in the initiating script sent the information to a site operated here in the US. The scary part is that it could be your neighbor running this type of scam and you wouldn't even know it.
Hope the has been enlightening for some.