Tuesday, December 19, 2006

Dealing With Phishing Emails - By Mark Kenny

While organisations such as eBay and Paypal are attempting to stop fraudsters sending out phishing emails, the reality is they are losing the battle. Phishers are a growing problem, with no signs of slowing down. There are a few things you can do, to ensure your not a victim of a phishering attack.

1) Always check who the email is addressed to.

Most phishing emails are not addressed to you personally so this should be the first thing to look for. Remember that eBay and Paypal emails always include your real name in emails. Fraudsters who send the emails do not include this, because the majority of the time they don't know who they are sending the emails to.

2) Use a devoted email address

By using a devoted email address for eBay and Paypal you'll know immediately that any emails sent to other email accounts are phishing emails. If possible do not include the email address in any of your ebay listings, as the more visibility your email address gets, the more likely it is for the phishers will find it out and you'll receive on of their messages. Phishers regular view the eBay sites to collect the email addresses of users.

3) Mailscanner

Mailscanner is a script installed by hosts that protects against viruses from the server. One major advantage of mailscanner is it includes anti-phishing measures. Any url contained with an email which is disguised, hidden or different from the anchor text is highlighted by the mailscanner script as a possible phishing attack. Therefore you always are aware of what your clicking on before you visit any sites contained within the emails. If you are receiving emails though your own hosting account, as oppose to though a web based account (yahoo or gmail for instance) ask your host if they support mailscanner.

4) PhishFighing.com

PhishFighting is an ingenious site that turns things around on the fraudster. The site was setup to flood phishering sites with fake information, both usernames and passwords. When you receive your next spoof email simply visit the site and enter the web address of the phishering site into PhishFighting.com. Every twenty seconds, a fake entry is submitted to the site making any genuine details of victims hidden between the hundreds of fake entries.

5) Forward Emails

Forward any suspicious emails to spoof@ebay.com or spoof@paypal.com and the relevant department will attempt to get the phishing site shut down. This is normally done, by eBay contacting the datacenter where the phishing site is hosted & asking them to remove it.

Overall, stay alert and do not respond to emails in a hurry as this is when your most likely to be caught off guard. Stop and examine them to ensure they are genuine first. Additionally, any emails which are genuinely from eBay will always appear in your messages folder within My eBay.

Mark Kenny, runs the http://www.AuctionCUT.com forum where users regularly discuss various aspects of eBay, Spoofing and Online Auctions. Register at our Dropship And Auction Forum today and receive a free exclusive report after making ten posts.