The other night I received an email from PayPal that made all my alarms go off. Everything about the email made me think it was a phishing attack. The common wisdom is that when a site you normally trust sends you an email prompting you to log in to “verify” something, you should be cautious. Can you spot anything suspicious in the email below?
Try hovering your mouse over the image and it will reveal the URL that the “View mobile” link points to paypal-communication.com. Now, this domain looks like it belongs to PayPal, but anyone can register a domain with paypal in the name and this is a common trick used by attackers to make the recipient believe the email is legitimate.
All the links in the email point to paypal.com we trust, except for the two topmost links that point to paypal-communication.com that we’re in doubt about. Fortunately, both sites use SSL so let’s take a look at their respective SSL certificates. Both are Class 3 certificates issued by VeriSign.
Based on the certificates, it appears we that should be able to trust paypal-communication.com, but you can’t expect the average user to perform this type of investigation and draw the right conclusion. It is strange that PayPal chose to introduce a new domain in their email outreach, especially considering that they their customer base is a regular target for phishing attacks. This just shows that you have to be very aware whenever you enter your credentials online.
Enterprises should be equally worried and we have recently seen several examples of spear-phishing attacks where specific organizations or individuals are being targeted. Solutions like OneLogin can drastically reduce the number of passwords in your organization and thereby minimize the risk of being employees phished.