Here, Phishy Phishy

Today’s winner arrives in your emailbox with the title of Message ID – 20169661 and purports to be from PayPal.

Of course, you immediately know the email’s a scam by passing your mousepointer over the link in the email which — at first glance — appears to be

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

It isn’t, of course, as you discover when your pointer is over the link:

Phishing for suckers

Why, look . . . the actual link is to another site altogether. I’ll betcha a bag of cheese that PayPal has no connection whatsoever to system430a.com.

Quick Rules:

1. NEVER click a link in a suspect email.

2. If you’re curious, view the email’s source; look at the code around the fake link(s). In this case, some fancy Javascript was used. Sometimes, the code and text is entirely obfuscated; this is almost always a sign of a fraudulent sender.
3. PayPal notices aren’t the only hooks phishers use. Pseudo-e-Gold emails are popular bait, as are bank and mortgage company notices. If an email asks you to “confirm” longstanding account details — by clicking a handy link in the email, of course — send that sucker to the trash (or forward it to the institution in question . . . or the federal law enforcement folks interested in email fraud).

4. If concerned that your account might be in peril,

a) close the email window (bonus points for shutting down the mail client (Thunderbird, Outlook, etc., if you use one)),
b) bring up a new browser window by clicking on the browser’s icon on your desktop,
c) then TYPE the company’s URL into your browser. Make certain the ‘lock’ symbol . . .

Lock

. . . appears before you enter anything private.
Related reading:

Scams & Swindles: Phishing, Spoofing, ID Theft, Nigerian Advance Schemes Investment Frauds: How to Recognize And Avoid Rip-Offs In The Internet Age McAfee Spamkiller 2006 Version 7.0 Allume icSpyware 4.0 & Anti-Phishing Suite