Printer Friendly

Phishing fax lures the lax.

Sophos are warning users about a new phishing campaign which tries to get innocent computer users to fax their credit card and bank information directly to the phishers rather than visit a bogus website. The emails, which claim to come from Paypal (the payment system used by the popular ebay auction website), tell users that someone tried to reset their password. The emails urge the user to fax back information which will assist in the investigation into the alleged security breach:

Dear Paypal Customer,

Unauthorized person tried to reset the password from your paypal account. We would like to ensure that your account was not accessed by an unauthorized third party. Because protecting the security of your account is our primary concern, you have to complete the affidavit form. Click here to download the form. Please send a fax in the next 24 hours to [number removed] with affidavit form completed.


The emails point to a Microsoft Word document hosted on a Polish website, which the recipient is instructed to download and complete with their bank account details (including PIN information), credit card numbers and login details before faxing back. Sophos has confirmed that the telephone number mentioned in the emails is hosting an active fax machine.

In the last few days we have seen a number of attempts by phishers to use this technique, and its possible that some people who know that they need to be careful about entering their confidential information on a bogus website may think that completing and faxing back such a form is somehow safer.

Interestingly, the phishing gang may have made a huge blunder by including the fax number in their scam. PayPal and the authorities are sure to follow that lead when investigating this matter further.
COPYRIGHT 2005 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Security News
Publication:Software World
Date:Sep 1, 2005
Previous Article:Employees store data on unencrypted USB keys.
Next Article:Top ten viruses reported in August.

Related Articles
As e-mail blocking increases, watch your subject lines.
Hook, line and sinker: life insurers and their policyholders could be the next targets of online phishing scams.
Managing e-business risk to mitigate loss: along with the speed and convenience of e-business come new risks, such as identity theft and...
"Malware evolution: January - March 2005".
Widespread Gmail phishing email lures with $500 cash prize.
Avoiding the 'phishing' hook: new online scares and virus attacks undermine your business.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters