BlogHer - What to do if you get spoofed - Comments

I use a Mac

Laura Scott — Mon, 20 Aug 2007 13:18:55 -0500

Mail.app will reveal the url if you just hover the mouse over the link for a second or so. In Thunderbird, as I recall (and it has been a while), the URL shows up in the status bar at the bottom of the window (if the status bar is enabled).

Laura Scott
BlogHer Contributing Editor for Technology & Web
design, snap, blog

No tool tip on a Mac

Virginia DeBolt — Wed, 15 Aug 2007 08:24:09 -0500

Good point about the mouseover, but you don't get a tooltip with the destination of the link like that on a Mac. Since most people use Windows, this is a great idea, however.

http://www.webteacher.ws/
http://first50.wordpress.com/

Blogging and Phishing

FeliciaDonovan — Tue, 14 Aug 2007 19:03:37 -0500

Thanks, Virginia, for the welcome.

Laura, you're right, of course, about the mouse hover trick, though they're even gettng more clever these days about that. I would still recommend not even hyperlinking within an e-mail.

Virginia, my books fall into the mystery genre, however they're rather light-hearted, fun-flled novels about four women from all different walks of life who work together to come to the aid of other women with grace, humor, camaraderie and chocolate.

Felicia Donovan
www.feliciadonovan.com
www.blackwidowagency.com

Great pointers

Laura Scott — Tue, 14 Aug 2007 14:05:26 -0500

One thing always helpful to remember, too, is that the mouse exposes the phish. ;)

Laura Scott
design, snap, blog

Great input

Virginia DeBolt — Mon, 13 Aug 2007 19:26:44 -0500

Felicia, thanks for the great input. Excellent suggestions. I am particularly happy to learn about reportphishing@antiphishing.org.

You've probably made a new fan of me too, since I see you write mysteries: my favorite fun-time reading.

http://www.webteacher.ws/
http://first50.wordpress.com/

Spoofing and Phishing

FeliciaDonovan — Mon, 13 Aug 2007 18:42:09 -0500

Virginia, thank you for this posting. To answer several questions here, one has to understand that most e-mail addresses eventually end up along with millions of others on lists that are readily traded on the Internet and used in these spoofing or "phishing" attempts. Computers are programmed to make millions of these attempts an hour, often through the use of hijacked computers whereby the user doesn't even realize their computer is being used.

Spoofing e-mails such as those Virigina described can be forwarded directly to reportphishing@antiphishing.org. This is a legitimate organization that tracks and tries to stop attempts. Some popular on-line venues like eBay have their own security personnel that will investigate these phishing attempts. I have been sending e-mails to spoof@ebay.com for years. They do appreciate the information, but the problem is that the proliferation of these "social engineering" attacks is pervasive.

Virginia made some very good suggestions. Here are a few more:

1) Make sure your e-mail client does not preview e-mail by automatically opening it up. Outlook Express by default, is setup this way and the settings are easily changed. You should always review e-mails prior to opening them.
2) Never click on a link inside of an e-mail that requires personal or account information. Assume it is a phishing attempt and act accordingly. Open a new session in Internet Explorer and type the real address (i.e. www.ebay.com or www.paypal.com) and then log in.
3) Use a strong virus program like McAffee or Symantec AntiVirus in case the e-mail contains a payload.
4) Never, ever respond in frustration or anger to a spoof attempt or spam e-mail because that will validate your e-mail address.
5) Spell out "dot" if your e-mail address is published and make it more difficult to be swept up into a spamhouse. For example, my e-mail would be felicia_at_feliciadonovan_dot_com making it much more difficult to be scooped.
6) When going to a site like eBay or your bank, the http: part of the address in the URL should be https: once you get to the part that requires a log in. That indicates you are in a secure, encrypted area.

Thanks again for a great article. Knowledge is power. As the characters in my books say, "We ARE the World Wide Web."

Felicia Donovan
Author, THE BLACK WIDOW AGENCY
www.feliciadonovan.com
www.blackwidowagency.com

It's like shredding

Virginia DeBolt — Mon, 13 Aug 2007 07:28:35 -0500

It's like shredding paper. You make sure you don't let anything with your sociial security number go unshredded. Email requires the same vigilance.

With email, it can SOMETIMES be harmless to open it, but if the email is trying to pry info out of you with some half-baked story about your account information or something like that it's important not to respond.

http://www.webteacher.ws/

http://first50.wordpress.com/

Confusion is a clue

Virginia DeBolt — Mon, 13 Aug 2007 07:22:58 -0500

If your reaction to a piece of mail is confusion, that's probably a sure sign that something is not right about it.

http://www.webteacher.ws/
http://first50.wordpress.com/

You know, I've wondered

Birdie Jaworski — Mon, 13 Aug 2007 00:41:56 -0500

if I've deleted important emails because I'm terrified to open anything that even might be spoofed emails these days. I guess being careful is the way to go.

Virginia, thanks so much for the information. I'm going to send it to my sisters tonight. : )

Birdie
Birdie's BlogHer Blog
La Pajaro

Thanks Anyway, Virginia!

Cary — Sun, 12 Aug 2007 23:05:18 -0500

If you do come upon any useful info about this, it would be great content for a new post :-)

I wish I had a good answer

Virginia DeBolt — Sat, 11 Aug 2007 21:17:05 -0500

because I've received the same sort of thing. I've reported it to my domain host, my ISP, and spam cop, but I never hear back with any sort of information about it. Be sure to include the Internet headers when you report your own address being used in a spoof.

http://www.webteacher.ws/
http://first50.wordpress.com/

A Corolary Question

Cary — Sat, 11 Aug 2007 19:54:35 -0500

Is there anything that can be done when it's your *own* e-mail address that's been used by the "spoofer"? On several occasions I have had mail I never sent (clearly mass-generated spam messages) "bounce back" to my actual address. It was horrifying to think that someone might believe I had actually sent those messages. On both occasions it seemed to be short-lived -- the spammers must have moved on to using some other unsuspecting person's address instead. Other than reporting it to my own provider, is there anything else one should do in those circumstances?

I actually stopped using Comcast e-mail

Mrs.Micah — Sat, 11 Aug 2007 19:53:48 -0500

Because I got way too many of those. It was frustrating trying to find any valid e-mails amidst the spam and spoofing and such.

Very useful post. I remember my first spoof. Fortunately, it confused me but I knew not to answer it. It's good to know ways of dealing with it, too!

-MM

That's how it goes

Virginia DeBolt — Sat, 11 Aug 2007 15:34:49 -0500

when great topic ideas just seem to drop on you from the sky, right, Denise?

http://www.webteacher.ws/
http://first50.wordpress.com/

comcast

Virginia DeBolt — Sat, 11 Aug 2007 15:33:00 -0500

I use Comcast, too. I've reported at least a hundred emails I've received addressed to gabino to them as spam. I still keep getting them. But I also see dozens of pieces of mail going into my screened mail folder every day without me ever having to touch them, so whatever they are doing does help a lot.

http://www.webteacher.ws/
http://first50.wordpress.com/

What to do if you get spoofed

Virginia DeBolt — Sat, 11 Aug 2007 08:41:11 -0500

Spoofed or forged email is a common problem these days. Here's how it works. The spoofer changes the settings in his or her email program to a fake name and "return to" address. When mail from the spoofer lands in your inbox, you see the fake name and email address. It may look legitimate, for example, it might be something like imablogger@blogher.org or imacrook@paypal.com. It might seem to be from your bank or some company where you have an account.

If it looks at all strange, delete it without opening it. This is because some spoofed emails contain worms that send more spamming emails to everyone in your address book once you open them.

If you do open the mail, you may be asked to click a link to a bogus website and supply some sort of sensitive information such as a PIN number, account number, social security number, or password. Don't do it! If it's a request for you to send money somewhere in order to receive big bucks in return, don't do it. Hit delete.

As for BlogHer, there are very few people who could send you email from blogher.org, and I think you know who they are. Even if it's a name you know, if the request sounds fishy, it IS fishy. No one at BlogHer is going to ask you to reveal anything like an account number, threaten you with suspension if you don't supply some sensitive bit of information, or do anything even slightly off kilter.

You can report these spoofing violations to the real organization that is being spoofed in hopes that they can figure out who the culprit is. If you do that, you need to include the Internet headers. The headers give every single hop the mail made along the way from the spoofer to you. Sometimes it can be traced back to where it originated.

Different email applications have different ways of revealing the headers to you. Some have it in the View menu as View > Headers. Some have an option like View Source that will show them. You'll know you found it if you see a bunch of odd looking text like that in this image.

That's from a real email, so I greyed out a few bits of it, but you get the idea.

In addition to letting the real organization know what's going on and providing them with the Internet headers, there are some pretty technical preventative measures. These measures should be taken by a mail system administrator, not by you individually. You can see some preventative steps at The CERT Coordination Center at Carnegie Mellon University. A Windows Security article on email spoofing supplies similar technological solution ideas. If you're getting a lot of fake email, you might check with the account administrators to see if these technical measures are in place for your system.

A habit of mine is to look over my inbox each time mail arrives and delete everything that doesn't look right before I start reading anything. Then I don't accidentally open something because it was the next piece of mail in my inbox once I start reading mail.

Yahoo!, Gmail, Comcast, Roadrunner and all the other mail service providers out there are doing their utmost to catch spam and keep it out of your inbox. But sometimes things get through. You are the last line of defense. Be ready.