Experts at Sophos have warned users about a new phishing campaign which tries to get innocent computer users to fax their credit card and bank information directly to the phishers, rather than visit a bogus web site.
The emails, which claim to come from PayPal (the payment system used by the popular eBay auction web site), tell users that someone tried to reset their password. The email urges the user to fax back information which will assist in the investigation into the alleged security breach.
The emails point to a Microsoft Word document hosted on a Polish web site, which the recipient is instructed to download and complete with their bank account details (including PIN information), credit card numbers and login details before faxing back. Sophos has confirmed that the telephone number mentioned in the emails is hosting an active fax machine.
Sophos have provided a screen shot of the email and the fax-back form users are being sent.
Graham Cluley, senior technology consultant for Sophos said,
"In the last few days we have seen a number of attempts by phishers to use this technique, and it's possible that some people who know that they need to be careful about entering their confidential information on a bogus web site may think that completing and faxing back such a form is somehow safer. It's important that no-one is lax when it comes to their Internet security, and keep their critical banking and credit card details close to their chest.
Interestingly, the phishing gang may have made a huge blunder by including the fax number in their scam. PayPal and the authorities are sure to follow that lead when investigating this matter further."
If ever you receive an email purporting to be from PayPal, but are not sure if it is genuine or not, forward a copy of the email to spoof@paypal.com who will verify the email and get back to you.
|
|
Reader Comments: 0
