Another fine Phishing Scam Letter, Annotated for Education

[britechguy]

I got the letter, below, this morning. When I get what I consider to be quite convincing ones, if you're not paying attention, that is, I tend to take a screen shot and annotate it for client education. I did that here. If anyone finds it might be useful, use it.

 

[ThatPlace928]

The SCAM logo is the correct one. I just pulled out my PP card and double-checked. I'm sure people will fall for the email, however, because they don't bother to double-check.

 

[britechguy]

Well, it's not what's on the PayPal website, which is where I got the one I used.

It would not shock me if there's been a slight change or that two exist, for use on different backgrounds.

 

[Larry Sabo]

Edit: Oops! Brian beat me to it.
Here is the PayPal logo that shows beside the search result when I search for PayPal: Here is the one when I click on that link:

 

[ThatPlace928]

Edit: Oops! Brian beat me to it.
Here is the PayPal logo that shows beside the search result when I search for PayPal: View attachment 17593Here is the one when I click on that link: View attachment 17594

Definitely 2 different shadings on the logos. I wonder if one is personal PP and the other is business PP?

 

[britechguy]

It also makes the scam a bit more sophisticated that it is using an actual variant of the PayPal logo as opposed to a mock-up.

In this case, I'm fine with both being "real" as my main point is to have people pay attention to logos. I've seen more than my share of, "close, but nowhere close enough to get a cigar" variants on logos that the unobservant could be tricked by.

 

[ThatPlace928]

It also makes the scam a bit more sophisticated that it is using an actual variant of the PayPal logo as opposed to a mock-up.

In this case, I'm fine with both being "real" as my main point is to have people pay attention to logos. I've seen more than my share of, "close, but nowhere close enough to get a cigar" variants on logos that the unobservant could be tricked by.

I agree with you. I can usually spot a scam right off. If I think something's hinky about an email, I'll read through it, close it, and re-read later to see what I might have thought was suspect about it.

 

[ThatPlace928]

There are at least 2 logos. Biz on the left, personal on the right. I never even noticed, until you brought the subject up.

 

[Markverhyden]

The attached PDF being populated by a single image has pretty common for a few years. The scam about recording one “pleasuring” had the entire email as an image for several years. Most anti-malware won’t parse an image for text

 

[britechguy]

@Markverhyden

We're saying the same thing, but coming at it from opposite angles.

Scams have used image scanned PDFs for quite a while, and that's their hallmark. Legitmate messages from PayPal and other entities do not, and absolutely do not when what are clearly supposed to be hyperlinks are involved.

I'll tweak the image to say no *legitimate* letter like this would be an image-scanned PDF.

 

[ThatPlace928]

This one is from one of my emails from PayPal. They must have different color & shading combos for all the stuff they put their logos on.

 

[Rosco]

This is a good idea! I might use it on my Facebook page this week. Thanks a lot.