Social Engineering

I've long been interested in the social engineering techniques used by virus authors to get people to open attachments. The mother's day bill for the pearl necklace was brilliant, as was the one urging users to open the attachment to protect them from viruses.

Phishing is really starting to scare me, the phishers are getting better and better. I am very concerned about my family and other non-geeks out there[1]. Take for example this one I just received:

First is the obvious trick that they include tips on how to protect your account info on the right, such as how paypal will never ask you to enter your password in an email (after all, it's not in an email even in this case). They also have a link to the securitytips on Paypal's site, but it isn't an easily clickable hyperlink. If you were to type in that URL manually, you would see the following in Paypal's tips:

Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member". Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account.

Type in the PayPal URL: To safely and securely access the PayPal website or your PayPal account, open a new web browser (e.g., Internet Explorer or Netscape) and type in the following: https://www.paypal.com/

[1] Or, I must admit, anyone at all who's had a long day and isn't paying attention. I almost got snagged by a phisher a few weeks ago. It was the end of a long week and a long day and I was exhausted. I had recently made a change to my paypal account and got a phishing email that same day saying they had some problems with my account, could I pretty please log in to the website to update my data? Fortunately I snapped out of my fog before doing anything dangerous, but the experience really made me nervous for the safety of my family's data online.