Thinking that you know how to protect your privacy and security on the Internet? Take a test.

Read the following e-mail message and determine if it is safe:

Test Message

 From - Sun Nov 07 18:58:46 2004
 To: ---------
 Subject: Security Measures
 From: PayPal <billing@paypal.com>
 Date: Sun, 07 Nov 2004 19:12:09 -0600

https://www.paypal.com/en_US/i/logo/paypal_logo.gif

Dear valued PayPal^® member:

It has come to our attention that your PayPal^® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension. Please update your records on or before November 15, 2004.

Once you have updated your account records, your PayPal^® session will not be interrupted and will continue as normal.

To update your PayPal^® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Thank You.

PayPal^® UPDATE TEAM

Accounts Management As outlined in our User Agreement, PayPal^® will periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions. http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside

Answer

(NOTE: due to the wiki system's security measure, I cannot spoof the URL. The http://www.paypal.com/cgi-bin/webscr?cmd=_login-run link should have linked to http://209.67.214.140/secure/ instead (HTML code <a href="http://209.67.214.140/secure/">http://www.paypal.com/cgi-bin/webscr?cmd=_login-run</a>)

The example is an actual e-mail message (slighted modified). The message is fake. The link "http://www.paypal.com/cgi-bin/webscr?cmd=_login-run" actually points to "http://209.67.214.140/secure/". To see this, move your cursor over the link and look at the status bar (the bar at the bottom of your browser window).

This message employees multiple methods of "spoofing". First, the sender falsified the sender address as from PayPal (which can be easily done). The message is well-crafted and contains an urgent message that most people will respond to. The signature, which includes a name, a statement explaining the message, and the PayPal privacy policy link, makes the message look legitimate. The main body contains only one link. This link uses a full (but false) URL (Web location) as its link text. To make this link look more real, the sender also uses a full (and true) URL as text for the privacy policy link.

Recommendation

To protect yourself, it is recommended that you check the URL before following any link. If you move your mouse pointer over the link (and you have not changed the default Mozilla/Firefox security settings), the status bar should show the destination URL.

You can further protect yourself by showing all messages as plain text. If you do, the message should appear as:

 <http://www.paypal.com/cgi-bin/webscr?cmd=_home>

 Dear valued **PayPal^® * *member: 

 It has come to our attention that your *PayPal^® * account information needs
 to be updated as part of our continuing commitment to protect your account
 and to reduce the instance of fraud on our website.  If you could please take
 5-10 minutes out of your online experience and update your personal records
 you will not run into any future problems with the online service. 
                                    
 However, failure to update your records will result in account suspension.
 Please update your records on or before *November 15, 2004*. 

 Once you have updated your account records, your *PayPal^® * session will
 not be interrupted and will continue as normal.

 To update your *PayPal^® * records click on the following link:
 http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
 <http://209.67.214.140/secure/>

 Thank You.  
 *PayPal^® UPDATE **TEAM*                                    

 Accounts Management As outlined in our User Agreement, *PayPal^® * will
 periodically send you information about site changes and enhancements.

 Visit our Privacy Policy and User Agreement if you have any questions.
 http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside

Note the http://209.67.214.140/secure/ address is shown (and not obsecured).