Click to Return to Webby homepage
Home

Help

Hosting

Privacy

Software

Contacts

Map

About

Humor
You have a friend
@Webby !
 
CTRL + zooms fonts
Toolbox
Pay For Renewals
Software for your own posty site Get Your Posty Site
Privacy Policy
Marketing FAQ
Hosting FAQ
Tools
Babelfish Translator
Recognize a spoof
Random Picked Clients
Cards For Fun.com
Lessontutor
Angel Winks
Stonecarver.com
Condo Fees
Poor Clare Nuns
Angel Eyes
http://www.?????
Look for an available domain name
We Use and Recommend

Click here for a FREE
30 day trial

This is the Mail Washer that I use and have used for over 10 years. I have tested many others, but Mail Washer is still The Best spam control.
Fun Stuff
Humor Letter
Top Posty Sites
The Right Posty
for that special client or friend
Useful Tools
Converter
Babelfish
Tools
Virus Hoaxes
OpenScrolls.org, the best free academic resource for college students. We will teach you how to write impeccable introductions and conclusions for your term papers, as well as show you how to conduct research for your term papers.
Transatlanticstudies.org, free assignment writing help
vital homework tips for high school students
 
Why NOT UPS You get ripped off, if you ship across the border with UPS


Terms and conditions

How to recognize a spoof email

Spoof (email related): An email disguised to look like it had been sent by a legitimate company, but is actually just a forgery intended to spread a virus or obtain private information from you.

Spoofs are counterfeit pages or emails and often look quite authentic. They usually have help and information links that actually go to the site that they try to impersonate. Don't get fooled by those peripheral links! And don't complain to those peripheral links. That's like writitng to Elvis Presley to complain about the Elvis impersonator at your Bingo Hall singing off-key.

You can forward spoofs to
spoof@paypal.com
spoof@ebay.com
spoofs@mypostcards.com
spoofs@webby.com

But please just make it a plain forward. If it is a plain forward, then those spoofs will be sent on to Spamcop.net and dealt with.

However, if you rant and whine at tech support, or accuse them of being involved with the spoof, or demanding to be taken off their list, you may amuse a tech, but just be filed under "Moron calling Elvis".

There is no need to comment or tell the techs, that you think it is a spoof. They just need the original, untouched spoof, so that they can paste it to Spamcop.net. You can, of course, do that yourself too.

There are two main types of spoofs:
"Phishing" type spoofs pretent to be from PayPal, eBay or certain banks and "phish" for user names, passwords and other private information.

"Phissing" type spoofs pretend to be from a postcard site or other legitimate site and try to con the reader into downloading a virus or trojan, or let a malicious site transfer nasty stuff to anybody, who clicks on the link.

Postcard spoofs are phissing spoofs. They try to phiss a virus or trojan into your computer.


"Email Address" components: Each email address has a Title or Name, and a URL
Example:

Title / Name URL
Charlie Brown charles-f-brown@peanuts.com

The better email programs show both the title (name) and the URL, but some show just the title.
However, many will reveal the URL in the status bar, when you hover the mouse over the title. A few,
like Outlook and Outlook Express, are not quite up to standard, and won't let you easily see the
underlying URL.

Examples of spoof email addresses:

Visible (phony) Title Actual URL showing in status line Outlook / Outlook Express status line
"dgreetings.com" eaqv@swisinsurance.com  
"Paris Hilton" betty-sue97456@aol.com 
"uce@ftd.gov" marvin.snively@yahoo.com 
Elvis Presley leroybubba@aol.com  
Mypostcards.com iexak@exas.ne.jp  


"Web Site Address" components:
Examples of spoofs:
Visible (phony) Title / Name Actual URL showing in status line
Click here to verify your PayPal Information http://fr.ebayobjects.com/6k%3Bh=http://3641828500:82/..
eBay http://207.137.42.220
mypostcards.com http://71.204.226.27
Hallmark.com http://71.232.210.250/?790c08a823e96272575cbc689
https://www.paypal.com/us/cgi-bin/webscr?cmd=complaint-view http://fr.ebayobjects.com/6k%3Bh=http://3641828500:82/..
https://signin.ebay.com/ws/eBayISAPI.dll ftp://Administrator:password@64.105.135.30/Originals/...
ggcinc.org (adsl-065-013-241-249.sip.bna.bellsouth.net
Please follow this link to confirm your account access information : https://www.paypal.com/us/cgi-bin/webscr?_cmd=login-run
http://www.lewmoorman.com/albums/index.php

Below is how MailWasher alerts you to a Spoof

Status Line (Except Outlook and Outlook Express)
Click here to Change Your Password [links to nv-71-52-43-68.dhcp.embarqhsd.net/ws2/index.html] nv-71-52-43-68.dhcp.embarqhsd.net/ws2/index.html
You have recieved a Hallmark E-Card.
To see it, click here [links to http://www.themusicnetwork.co.uk/notes/card.exe]
http://www.themusicnetwork.co.uk/notes/card.exe

If the visible email address or the web site address is different from what you see in the status line, then you are dealing with a spoof. Don't click on anything, just dump it!

Additional tips:

Type of mailer:

PayPal, eBay, MyPostcards, CitiBank and other legitimate companies do NOT use a Windows machine and Outlook Express to send emails to clients. They use big servers and UNIX Sendmail or Eudora.

If you reveal the header of a suspect email, and you see "Outlook Express" or "Outlook" in there, then you instantly know, that mail is NOT from a big company, but just a spoof that had been sent from an infected home computer. Dump it.

Type of request:

PayPal, Ebay and MyPostcards NEVER ask you in an email to fill out any private details or verify an account. If you didn't have a valid account, they would not have mailed you in the first place.

Postcards:

Legitimate postcards NEVER come from a vague, unidentified sender like "Classmate", "Family Member", "Friend", "Worshipper", "Neighbor", etc. Legitimate cards come from a properly named and identified sender, and a legitimate email address.

By the way, Mypostcards.com provides postcard SOFTWARE, but does not send postcards. If a mail pretends to be from Mypostcards.com, then it is a spoof. Dump it. Mypostcards.com has NO outgoing mail. Tech support and billing is handled under different domain names.

The spoof postcard notices are sent by the W32/Zhelatin.gen!eml virus in the computer of one of your friends or relatives, who has your email address in their Outlook Express address book.
If you see X-Mailer: Outlook Express, it's a spoof. Dump it.
If the sender claims to be an
admirer
class mate
class-mate
colleague
family member
friend
mate
neighbor
neighbour
partner
school friend
school mate
worshipper
then it's a spoof. Dump it.

Real postcards properly identify the sender.

Spamcop:

Reveal the header of a suspect email and paste it to the Spamcop (Practise checking the status line when you hover the mouse over a link!)
The Samcop will analyze your mail and show you exactly where it came from. It only takes a few seconds and it's a free service.

To reduce frivolous reporting of legitimate phone company or utility invoices, SpamCop requires that you register. Registraion is free, but necessary. After that you can
-- Forward spam and spoofs to Spamcop
-- Paste spam and spoofs to Spamcop
-- Connect MailWasher to SpamCop for reporting by simply putting a checkmark onto suspect emails

Reveal email headers:

Each email has information about it's origin and routing embedded in a normally invisible header. That information is not secret, it is just hidden because with legitimate email you don't really need to see all that weird looking stuff.

When you do want to see the header information, it's usually just a few clicks to do that.
The most complete collection of instructions for all different email programs is at the Spamcop site:
Reveal Headers

After you have seen a few headers, and have seen a few Spamcop mail analysis reports, you will be able to spot a spoof instantly.

McAfee Malfunction:

If you use Outlook Express or Outlook, then McAfee alerts are VERY misleading.
They don't show the URL part of an email. They make you look stupid and
incompetent and encourage you to bark up at the wrong tree. McAfee is currently
NOT compatible with Outlook Express and Outlook.


Even though McAfee has been repeatedly told that their messages are misleading,
they don't seem to be competent enough to point out that the forged name/nickname/title
in a spoof is forged and not in any way responsible for the spoof.

In the example below, "mypostcards.com" is forged by the spoof sender to make the
spoof APPEAR legitimate. Just like IBMTM is not involved in much forwarded AOL virus
hoax alerts that claim "IBM has announced a new virus", MyPostcardsTM is not in any
way involved with the fake postcard pick-up notices. MyPostcardsTM sells postcard
SOFTWARE, but does not send postcards.

For example:

People with a reasonably good email program see this:
McAfee VirusScan E-mail Scan has detected a potential threat in this e-mail sent by
"mypostcards.com" - iexak@exas.ne.jp - with the subject
You've received a greeting card from a Mate!.

This e-mail has been quarantined.

We strongly recommend that you report this suspect activity
to "mypostcards.com" - iexak@exas.ne.jp -
Most people realize that they are dealing with a spoof, because a site URL should have
http://  in front and not an @ in the middle, and that the underlying URL should be the same
as the visible one.


People with Outlook Express see this:
McAfee VirusScan E-mail Scan has detected a potential threat in this e-mail sent by
"mypostcards.com" with the subject
You've received a greeting card from a Mate!.

This e-mail has been quarantined.

We strongly recommend that you report this suspect activity
to "mypostcards.com"


Another example:
People with a reasonably good email program see this:
McAfee VirusScan E-mail Scan has detected a potential threat in this e-mail sent by
"Elvis Presley" - leroybubba@aol.com - with the subject
Renew your account

This e-mail has been quarantined.

We strongly recommend that you report this suspect activity.
to "Elvis Presley" - leroybubba@aol.com -

People with Outlook Express see this:
McAfee VirusScan E-mail Scan has detected a potential threat in this e-mail sent by
"Elvis Presley" with the subject
Renew your account

This e-mail has been quarantined.

We strongly recommend that you report this suspect activity.
to "Elvis Presley"

Don't let McAfee stampede you into barking up at the wrong tree
and complaining to Mypostcards or Elvis!





Summary:

DO DON'T
Hover the mouse over links and addresses and watch the status line Whine at eBay, PayPal or MyPostcards about spoofers pretending to be them.
Reveal the headers and study them Reply to spoofers
Report spoofs to Spamcop

Reply to ANY addresses mentioned in a spoof.
Often they mix in legitimate addresses. There is no point in writing to them and whining about wanting to be unsubscribed. Remember, you got mail from a spoofer, not from the legitimate company, that the spoofer was trying to imitate.

Teach your friends how to recognize spoofs and how to deal with them. Don't hit Reply or Bounce on a spoof. That just verifies that your address is live.


For additional information you can write me at DearWebby@webby.com,
but please don't ask me to unsubscribe you from PayPal, eBay, Mypostcards, CitiBank
or the IRS.



DearWebby
2002
(the mugshot will show whatever my most current one on the server is, not the one from the date, when I wrote this page.)

For a daily newsletter with clean humor and tech tips, you are invited to subscribe to the Dear Webby Humor Letter.
You can read it on-line at http://webby.com/humor without subscribing. There is an archive of old Humor Letters at http://webby.com/humor/blog



Google PageRank 
Checker - Page Rank Calculator