Best subject ever: “Important message”

Basically, a warning about fraudulent emails is already over at this point, because the subject of an email alone can speak volumes.

And one of those incredibly revealing subject lines, which literally screams “I’m phishing” with big warning lights and loudspeakers, is: “Important Notice”

The email reads in plain text:

Date
December 6, 2015

Hello Jessica […]

During a routine security check, we discovered irregularities with your PayPal account. You can currently only use your account to a limited .
In order to be able to use your account without restrictions again and freely access your PayPal credit, you need to compare your personal data. After successful reconciliation, you can use your customer account to its full extent again. To avoid further restrictions, please observe the following rules of conduct:

• Do not pass on your data to third parties
• If possible, always use the same devices to access PayPal

To verify your account, please visit the following link:

To the PayPal site

Best regards,
your PayPal service

Visually and in its strictness, the email is quite consistent; a few small weaknesses in the spelling indicate that fraudsters are at work here. However, a major danger point in this email is the correct and personal address with first and last name.

---

---

The aim of this email: the recipient should click on the link “to the PayPal site”.

Phish

However, behind this link there is a website created by scammers. An updated protection software quickly shows a corresponding warning:

Without a software warning, you go straight to a fake page that claims to be a PayPal login. A look at the address bar of the browser shows that an attempt was made to recreate an authentic-looking address with the address “paypal.de-checkinfokunden.eu/kunden” , which is intended to give the visitor a false sense of security.

However, the address line also reveals: there is no secure HTTPS connection. We therefore warn against entering data on this page.

In a first step, the normal login details are requested. In the following steps, personal and address details are requested, and at the end sensitive bank details are also requested.

Therefore, it should be made clear once again: please do not enter valid data on these pages under any circumstances!

General phishing warning:

• Phishing emails generally try to appear as if they come from the relevant company . Fraudsters use these to try to get personal data, preferably bank credit cards or other payment data.
• The real “art” of these emails is the story with which the recipient is supposed to trust the email and open the inserted link. Expression, grammar and spelling, as well as plausibility and individuality play a very important role here. Especially in the recent past, there have been an increasing number of emails that shined with individuality: they could address the recipient with the correct name and also provide actual address and personal data.
• However, you can generally note: Banks, payment and purchase portals never ask you to log in to the account using a built-in link! In addition, although a generic salutation is always an indication of phishing, an existing correct salutation is not proof of the authenticity of an email .
• Never log in via a link that is sent by email, but always type the relevant page by hand into the address bar of your browser and log in there. If there are actually announcements of the relevant service, they will be displayed there. In addition, if possible, you should also refrain from carrying out banking transactions via public/third-party WiFi networks , as you never know exactly whether (and in an emergency from whom) these networks are being used be logged.
• Never enter real data in the form fields! Under certain circumstances, the data can even while typing without having to confirm with “continue”.