Defending against a phishing e-mail message

Who sent that e-mail message? Where is the link in the message really taking you?

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

Disclosure.

See full bio

Michael Horowitz

Oct. 29, 2007 8:39 a.m. PT

I previously made the case that Windows users should use Thunderbird for email. When I got a fraudulent e-mail message on Saturday claiming to come from PayPal, Thunderbird offered two lines of defense.

The first was the big warning that the message might be a scam. Indeed it was.

"="">

The body of the message was a pretty standard phishing scam, with the usual typos and the true destination of the link hidden.

"=""> Please Update Your Account
Dear valued PayPal member:
It has come to out attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online services.
However, failure to update your records will result in account suspension. Please update your records on or before Nov 02, 2007.
Once you have updated your account records, your PayPal session will not be interrupted and will continue as normal.
To update your PayPal records click on the following link: https://www.paypal.com/cgi-bin/webscr?cmd=_login-run