|
|
How to recognize a spoof email
Spoof (email related): An
email disguised to look like it had been sent by a legitimate company, but is
actually just a forgery intended to spread a virus or obtain private information
from you.
Spoofs are counterfeit pages or emails and often look quite authentic. They usually
have help and information links that actually go to the site that they try to impersonate.
Don't get fooled by those peripheral links! And don't complain to those peripheral
links. That's like writitng to Elvis Presley to complain about the Elvis impersonator
at your Bingo Hall singing off-key.
You can forward spoofs to
spoof@paypal.com
spoof@ebay.com
spoofs@mypostcards.com
spoofs@webby.com
But please just make it a plain forward. If it is a plain forward, then those spoofs
will be sent on to Spamcop.net and
dealt with.
However, if you rant and whine at tech support, or accuse them of being involved
with the spoof, or demanding to be taken off their list, you may amuse a tech,
but just be filed under "Moron calling
Elvis".
There is no need to comment or tell the techs, that you think
it is a spoof. They just need the original, untouched spoof, so that they can paste
it to Spamcop.net. You can, of course, do that
yourself too.
There are two main types of spoofs:
"Phishing" type spoofs pretent to be from PayPal, eBay or certain banks
and "phish" for user names, passwords and other private information.
"Phissing" type spoofs pretend to be from a postcard site
or other legitimate site and try to con the reader into downloading a virus or
trojan,
or let a malicious site transfer nasty stuff to anybody, who clicks on the link.
Postcard spoofs are phissing spoofs. They try to phiss a virus or trojan into
your computer.
"Email Address" components: Each email address has a Title
or Name,
and a URL
Example:
The better email programs show both the title (name) and the URL, but some show just
the
title.
However, many will reveal the URL in the status bar, when you hover the mouse over
the title. A few,
like Outlook and Outlook Express, are not quite up to standard, and won't let you
easily see the
underlying URL.
Examples of spoof email addresses:
Visible (phony) Title |
Actual URL showing in status line |
Outlook / Outlook Express status line |
"dgreetings.com" |
eaqv@swisinsurance.com |
|
"Paris Hilton" |
betty-sue97456@aol.com | |
"uce@ftd.gov" |
marvin.snively@yahoo.com | |
Elvis Presley |
leroybubba@aol.com |
|
Mypostcards.com |
iexak@exas.ne.jp |
|
"Web Site Address" components:
Examples of spoofs:
Visible (phony) Title / Name |
Actual URL showing in status line |
Click here to verify your PayPal Information |
http://fr.ebayobjects.com/6k%3Bh=http://3641828500:82/.. |
eBay |
http://207.137.42.220 |
mypostcards.com |
http://71.204.226.27 |
Hallmark.com |
http://71.232.210.250/?790c08a823e96272575cbc689 |
https://www.paypal.com/us/cgi-bin/webscr?cmd=complaint-view |
http://fr.ebayobjects.com/6k%3Bh=http://3641828500:82/.. |
https://signin.ebay.com/ws/eBayISAPI.dll |
ftp://Administrator:password@64.105.135.30/Originals/... |
|
ggcinc.org (adsl-065-013-241-249.sip.bna.bellsouth.net |
Please follow this link to confirm your account access information
:
https://www.paypal.com/us/cgi-bin/webscr?_cmd=login-run
|
http://www.lewmoorman.com/albums/index.php |
Below is how MailWasher alerts you to
a Spoof |
Status Line (Except Outlook and Outlook Express) |
Click
here to Change Your Password [links to nv-71-52-43-68.dhcp.embarqhsd.net/ws2/index.html] |
nv-71-52-43-68.dhcp.embarqhsd.net/ws2/index.html |
You have recieved a Hallmark E-Card.
To see it, click here [links to http://www.themusicnetwork.co.uk/notes/card.exe] |
http://www.themusicnetwork.co.uk/notes/card.exe |
If the visible email address or the web site address is different from what you
see in the status line, then you are dealing with a spoof. Don't click on anything,
just
dump it!
Additional tips:
Type of mailer:
PayPal,
eBay, MyPostcards, CitiBank and other legitimate companies do NOT use a Windows
machine and Outlook Express to send emails to clients. They use big
servers and UNIX Sendmail or Eudora.
If you reveal the header of a suspect email, and you see "Outlook
Express" or "Outlook" in
there, then you instantly know, that mail is NOT from a big company, but just
a spoof that had been sent from an infected home computer. Dump it.
Type of request:
PayPal, Ebay and MyPostcards NEVER ask you in an email to fill out any private
details or verify an account. If you didn't have a valid account, they would not
have mailed you in the first place.
Postcards:
Legitimate postcards NEVER come from a vague, unidentified sender like "Classmate",
"Family Member", "Friend", "Worshipper", "Neighbor",
etc. Legitimate cards come from a properly named and identified sender, and a
legitimate email
address.
By the way, Mypostcards.com provides
postcard SOFTWARE, but does not send postcards. If a mail pretends to be from
Mypostcards.com,
then it is a spoof. Dump it. Mypostcards.com has NO outgoing mail. Tech
support and billing is handled under different domain names.
The spoof postcard notices are sent by the W32/Zhelatin.gen!eml virus in the
computer of one of your friends or relatives, who has your email address in
their Outlook Express address book.
If you see X-Mailer: Outlook Express, it's
a spoof. Dump it.
If the sender claims to be an
admirer
class mate
class-mate
colleague
family member
friend
mate
neighbor
neighbour
partner
school friend
school mate
worshipper
then it's a spoof. Dump it.
Real postcards properly identify the sender.
Spamcop:
Reveal the header of a suspect email and paste it to the Spamcop (Practise
checking the status line when you hover the mouse over a link!)
The Samcop will analyze your mail and show you exactly where it came from.
It only takes a few seconds and it's a free service.
To reduce frivolous reporting of legitimate phone company or utility invoices,
SpamCop requires that you register. Registraion is free, but necessary. After
that you can
-- Forward spam and spoofs to Spamcop
-- Paste spam and spoofs to Spamcop
-- Connect MailWasher to SpamCop for reporting by simply putting a checkmark
onto suspect emails
Reveal email headers:
Each email has information about it's origin and routing embedded in a normally
invisible header. That information is not secret, it is just hidden because
with legitimate
email you don't really need to see all that weird looking stuff.
When you do want to see the header information, it's usually just a few clicks
to do that.
The most complete collection of instructions for all different email
programs is at the Spamcop site:
Reveal Headers
After you have seen a few headers, and have seen a few Spamcop mail analysis
reports, you will be able to spot a spoof instantly.
McAfee Malfunction:
If you use Outlook Express or Outlook, then McAfee
alerts are VERY misleading.
They
don't
show the URL part of an email. They make you look stupid and
incompetent and encourage you to bark up at the
wrong tree. McAfee is currently
NOT compatible with Outlook Express and Outlook.
Even though McAfee has been repeatedly told that their messages are misleading,
they don't seem to be competent enough to point out that the forged name/nickname/title
in a spoof is forged and not in any way responsible for the spoof.
In the example below, "mypostcards.com" is forged by the spoof sender to make
the
spoof
APPEAR
legitimate. Just like IBMTM is not involved in much forwarded AOL virus
hoax alerts that claim "IBM has announced a new virus", MyPostcardsTM is
not in any
way
involved with the fake postcard pick-up notices. MyPostcardsTM sells postcard
SOFTWARE,
but
does not send postcards.
For example:
People with a reasonably good email program see this: |
McAfee VirusScan E-mail Scan has detected a potential
threat in this e-mail sent by
"mypostcards.com" - iexak@exas.ne.jp -
with the subject
You've received a greeting card from a Mate!.
This e-mail has been quarantined.
We strongly recommend that you report this suspect activity
to "mypostcards.com" - iexak@exas.ne.jp - |
Most people realize that they are dealing with a spoof, because a site URL
should have
http:// in front and not an @ in the middle, and that the underlying
URL should be the same
as the visible one.
People with Outlook Express see this: |
McAfee VirusScan E-mail Scan has detected
a potential threat in this e-mail sent by
"mypostcards.com"
with the subject
You've received a greeting card from a Mate!.
This e-mail has been quarantined.
We strongly recommend that you report this suspect activity
to "mypostcards.com" |
Another example:
People with a reasonably good email program see this: |
McAfee VirusScan E-mail Scan has detected
a potential threat in this e-mail sent by
"Elvis Presley" - leroybubba@aol.com -
with the subject
Renew your account
This e-mail has been quarantined.
We strongly recommend that you report this suspect activity.
to "Elvis Presley" - leroybubba@aol.com - |
People with Outlook Express see this: |
McAfee VirusScan E-mail Scan has detected
a potential threat in this e-mail sent by
"Elvis Presley"
with the subject
Renew your account
This e-mail has been quarantined.
We strongly recommend that you report this suspect activity.
to "Elvis Presley" |
Don't let McAfee stampede you into barking up at the wrong tree
and complaining to Mypostcards or Elvis!
Summary:
DO |
DON'T
|
Hover the mouse over links and addresses and watch the status line |
Whine at eBay, PayPal or MyPostcards about spoofers pretending to be them. |
Reveal the headers and study them |
Reply to spoofers |
Report spoofs to Spamcop |
Reply to ANY addresses mentioned in a spoof.
Often they mix in legitimate addresses. There is no point in writing to them
and whining about wanting to be unsubscribed. Remember, you got mail from
a spoofer, not from the legitimate company, that the spoofer was trying to
imitate.
|
Teach your friends how to recognize spoofs and how to deal
with them. |
Don't hit Reply or Bounce on a spoof. That just verifies
that your address is live. |
For additional information you can write me at DearWebby@webby.com,
but please don't ask me to unsubscribe you from PayPal, eBay, Mypostcards,
CitiBank
or the IRS.
DearWebby
2002
(the mugshot will show whatever my most current one on the server is, not the one from the date, when I wrote this page.)
For a daily newsletter with clean humor and tech tips, you are invited to subscribe
to the Dear Webby Humor Letter.
You can
read it on-line at http://webby.com/humor without
subscribing. There is an archive of old Humor Letters at http://webby.com/humor/blog
|