Occasionally you may have come across a page on a web site that asks you to log in using a network password (example). You type in your user name and password and click OK to gain entry. There is a way to avoid having to enter your user name and password. You add your user name and password to the beginning of the internet address. http://my_name:[email protected]/passwd_protected/ is a good example of this.

The scammer’s email gives you a link to ki54ft.worldispnetwork.com/i.cgi, but it includes a user name and password for a password protected directory, and the user name happens to be www.paypal.com. This is the same cute trick used recently by a browser hijacker to fool people into thinking they were loading msn.com.At the web page linked in the email, there is a login form. If the victim fills in their password, they give this scammer their Paypal password, and his script combines that with their email address. After submitting the form, the cgi script redirects the user to the real Paypal login page. This is done in hopes that the victim doesn’t notice anything suspicious. The victim may not realize that anything is wrong until they get the email receipt of the scammer cleaning out their account.

Please, pass this warning along. Too many people fall victim to these scams, and this one is very convincing.