Sunday, January 06, 2008

Scraping in spamming

I got a spam mail claiming to be from paypal and asking me to verify some information about my paypal account.

Gmail did not mark it as spam. Looking at the mail id from where it came it was clear that the mail did not come from The mail was asking to click a link (text was of but the link was pointing else where) and verify some information by logging in. I knew it was spam but went to the site and looking at the url suggested that there was some scraping happening. so went and checked it out.

The content was being scraped from paypal page and very few changes were made to the content. The form submission url was changed and some image urls. Rest of the content was from the paypal page with actual links. This is not a fake page which you can make out by looking at the page. The content was scraped so it was exactly like the original one. The verisign logo was also pointing to actual paypal site so you would get a proper verified page when you click it. As the form submission url is changed, the spammer can happily capture the user information.

The page was same as the original paypal page exception for the form url and the actual page url.

Always check the url in the address bar to be sure what you are visiting. Check the spelling properly and also the site security certificate to be sure.

No comments: