July 12, 2007

High Alert!! - New PayPal Scam. A fraudulent mail, claims to be from PayPal. GMail can't find it.

I am stunned this morning when I opened my GMail. There is a mail from 'service@paypal.com'. The subject line reads 'Paypal Account Security Measures'.

Normally, GMail will alert us when there is a fraudulent mail that claims to be from Paypal. This time, this new scam beats GMail too. The mail looks absolutely stunning. Here is the screenshot:

paypalclick to enlarge

When I click the link, it took me to a paypay look-a-like site. It was my mistake not to watch out for the URL in the address. The trap has been very well planned not to trigger any doubt on the users. This is how the screen looked:

paypalclick to enlarge

The home page of 'http://www.news-play.com/' greets us with joomla open source softwares. Here is the screenshot of the homepage of the site:

paypalclick to enlarge

I entered the user ID and password of my Paypal account. And within seconds, I realized that I was trapped. I immediately logged in to the PayPal site and changed the password.

How I could find the trap?

1. I always use Firefox for secured sites. The NoScript plugin showed me 'blocked' symbol. Normally, for paypal.com it shows 'scrips open' icon, as I have already opened Scripts for paypal site.

2. The site advisor showed 'gray' which means site 'not rated'. It will obviously show 'green' for paypal as it is a well known site.

These two great tools helped me realize.

I have reported to the Gmail team and to the PhishTank team. Hope the site gets banned soon.

Please help us spread this alert to everyone. Please digg it, reddit or share it wherever you can.

Digg it.