report your email spoofs using our dedicated
Online Identity Theft
Spoof Email Hoax scams and Fake Web Pages or Sitesby Mat Bright
27th June 2003 (last updated 23rd February 2004)
How do I recognise a Spoof Email?You will hear it mentioned frequently in genuine emails from eBay or Paypal, that they "will never ask you for your user name or password in an email". In fact, eBay UK's most recent statement near the end of their emails is "eBay will not ask you for sensitive personal information (such as your password, credit card, bank account numbers, National Insurance numbers, etc.) in an email."
This means that if...
This sounds like a simple enough rule, but in reality, the best spoof, forged, bogus or hoax email would not do that anyway. The problem is that any email could merely offer you a link to a web page for any reason, and the most convincing spoofs may refer you to a spoof web page where the user information is gleaned from you later instead (see an example of this). This problem is further exacerbated by the fact that users will often receive genuine eBay and Paypal emails offering links to their site for various purposes, it is therefore not the case that they will never ask you to click on a link. It would be better for us if there were never any links in eBay or Paypal emails, but many of us rely on those links to interact with their sites for various reasons. Having said that, a recent email from eBay included 38 separate links, only one of which was a link to http://www.ebay.co.uk!
Please, therefore, do not believe the email to be
genuine just because it does not ask
So how can you really determine if it is a spoof?
This is made difficult by three distinct factors.....
1. the ease with which almost anyone can forge an email and almost all its header information due to a security loophole in the set up of SMPT mail servers (POP3). It is a certain fact with any email that the sender, as shown in your mail program's inbox, is absolutely no guarantee of its true origin,
2. by the way in which URLs (links) can be disguised so that the true destination is concealed,
3. the ease with which genuine web site text and graphics can be used in an email or web page just by including the relevant standard html code.
Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
You can even put the latest alerts on your own web site.
If you see a link that you want to use, first check it for spoofing with our Link Checker, which is a utility which will tell you if any of these null or special characters exist in the link. Otherwise, it is really best that we NEVER click on a link contained in an email just to be sure - almost every site places links to thier pages within their emails and this is gives rise to the potential to fall victim. If there really is any genuine request from any of those sites to communicate information with them, you should enter the site manually (by entering the relevant URL directly into your browser address bar) and then log in and interact with the site by that approach alone. That really is the safest way of doing it, and any urgent request for information should be presented to you once logged in.
Graphics and text
It is very easy to construct a web page or HTML email using genuine graphics and text with fairly basic knowledge in web page design. These files are freely available from their own servers and can be linked to from within the spoof's code by fraudsters. Spoofed emails and web pages can therefore look extremely convincing (see an example of this).
Despite eBay's and Paypal's half hearted attempts to reassure us with their policy on requests for information by email, it does not mean that any other email is genuine and it does not really make it more certain that we will not fall prey to the fraudsters. Fraudsters evolve and work will work with the loop holes that they come across. Instead take this more responsible approach...
First, look for spelling and gramatical errors (some main text in spoofs is written by non-english speaking persons, errors are common).
Second, if the email has a form to complete for any information (including your user name and password, bank details, credit card details, etc, etc.) then it is NOT from the genuine site. None of the genuine sites would do this.
Third, if we find that it requests us to confirm any login information (such as user name, password and any financial information like credit card details), it is most likely not a genuine email. If any site needs you to confirm details, simply type the known URL for that site into your browser, login and interact in that way alone, if there is any genuine need to verify any information, you will be asked to do so by some message when you log into the site.
Fourth, if the email advertises a competition, or tells you that you've been selected for some prize or accolade, don't believe it, and do NOT interact with anything within the email. You can confirm any of that by going to their genuine web site and logging in as described above. Perhaps the simplest way to protect us from the current form of spoof emails is for eBay and Paypal to just stop including any links at all in their own emails.
Fifth, change your notification preferences on sites like eBay and Paypal in order to reduce the amount of email that you receive from them. Keep it to essential information only.
Sixth, check the email header and look for anomolies as previously discussed.
If you are still uncertain and suspect that you have received a spoof, contact the support department of the appropriate site (in the case of eBay and Paypal, you forward the email to their spoof departments - email@example.com or firstname.lastname@example.org). You should copy and paste the full email with header into your query as well (but do not copy and paste for eBay or Paypal, instead you should use the 'forward' function of your mail program and send it without any comment added).
Next, we will look at how spoof emails work to commit fraud...
© Copyright 2003-2005 Oxford Information Services Ltd All Rights Reserved
All other logos and trademarks in this site are property of their respective owner