I don't usually write about anything other than food issues on Syrup & Tang, but I want to alert my readers to a phishing email which almost got me.

I receive relatively little spam, due to the use of advanced filtering techniques and careful distribution of email addresses (though you can't stop others from exposing your address to viruses, etc on their computers, of course).

My email client (program) is pretty good at identifying scams too, but for some reason today's email was neither caught by my email system nor flagged by the email client: the email is claiming to be a PayPal alert identifying multiple failed login attempts on my account and asking me to login within 72 hours to verify certain details. It was only as I hovered my mouse over the link to click on it that I noticed a URL discrepancy.

The page that the link goes to (I tested it separately, without any personally identifying content in the URL) is a complete copy of an English-language PayPal login page with active real links to other parts of the PayPal (Germany) site.

The phishing site has been reported by me to a number of security filters, but as none of my browsers identified it as a phishing site, this is a threat which some people could still fall foul of.

I've only clicked or almost clicked on a phishing link twice in the last ten years, but that's twice too often. Both times my guard was down because I had been doing something with the site/subject in question in the days previously (once PayPal, above, once contact with a friend whose name was then used in a scam email the next day).

Keep your browsers (and kill Internet Explorer 6 please), antivirus (I recommend Avira or AVG), malware scanners, firewalls and the like up to date, but also just remain vigilant.

Return to top of the page