Paypal and Paypall
A friend of mine received an email from 'Paypal' in which he required to re-enter address and credit-card details after login in via a site (http://paypall.com), immediately.
Apparently, email was from service@Paypall.com, but in the address box was pretending as firstname.lastname@example.org. With current web-based email and even Outlook, ordinary users are barely recognized the difference, hence we should check the original/header from the email.
The nature of the scam were:
- use different email name in the "from address" and the "reply address". The difference could be very slight: paypal.com (single L ~ or the true PayPal) and paypall.com (double L ~ or the fake Paypal).
- in header check, the true Paypal uses Domain Key and SPF signatures while the other don't.
- a redirected link of the forfeited Paypal will provide http (unencrypted protocol), while the real PayPal will provide https (encrypted protocol).
- the https protocol provided by the true Paypal will have a green colour on the address bar of Google Chrome and Firefox as a sign of verified certificate.
- any email that requires immediate response should be double checked for its authencity as I described above.