Computer Help forum

General discussion

6/24/05 How to recognize and avoid phishing scams

A big thank you to everyone who participated in this past week's Q&A on the topic of phishing.

Andrew and others who are new to phishing scams, I hope this week's members' great advice give you all some direction to the issues being raised here. If you do have some time, join us in this week's discussion.

Members, if you any additional advice on this topic or experiences to share on phishing, by all means feel free to post them in this thread below. The more we discuss about these scams, the more knowledge we gain on how we can ultimately avoid them. It?s all up to you as a community to contribute and learn from one another. So keep on sharing.

Take care and have a great weekend!
-Lee Koo
CNET Community


Over the last three days, I've received several e-mail
messages, supposedly from PayPal and eBay. All of them say
that there was some sort of "unusual" activity in my
respective accounts and that to reactivate them, I need to
enter my name, address, debit/credit card number, ATM PIN
number, and so on. What's really weird is this just started
on Sunday and hasn't stopped. The last time I remember seeing
anything like this was back in AOL's 3.0 days, when I'd get
phishing IMs. What can people do to avoid receiving these
spoofed e-mail messages or at least cut back on their
numbers? Also, how can people learn to recognize fake e-mail,
and is there any way to trace it back to the sender?

Submitted by: Andrew H.

(Answers by members are found in the thread below.)

Discussion is locked
You are posting a reply to: 6/24/05 How to recognize and avoid phishing scams
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: 6/24/05 How to recognize and avoid phishing scams
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Miguel K's winning answer

In reply to: 6/24/05 How to recognize and avoid phishing scams


Andrew, it is not unusual for phishing e-mail to arrive in bunches and to keep doing so for a few days or significantly longer. Spam and phishing e-mail (the term "phishing" refers to a type of spam that attempts to fool recipients into supplying confidential information) are sent in HUGE numbers so as to increase the probability of reaching some gullible soul. Increased awareness of this problem, as well as efforts to combat the amount of spam and e-mail scams, have forced spammers to rely on different strategies. Chances are all those phishing e-mails are being sent by the same or a small group of individuals, who sent them through different channels in an effort to stay one step ahead of spam filters and ISPs who shut down accounts once complaints are received. Also, by flooding the Web with new scams or more clever variations of old ones, these criminals increase the probability of hitting pay dirt before the new scam is brought to the public's attention.

If there was a simple way to completely stop or effectively minimize spam and phishing e-mails, someone would've have sold it and by now made enough money to make Bill Gates look like a beggar. The sad truth is that there is very little we can do to stop receiving scam e-mails. Again, these messages are sent in bulk, with randomly generated recipient addresses or those harvested from websites, chat rooms, etc. All it takes is for your e-mail address - or one very close to yours - to appear somewhere in the web, and spam will find you. But just because we are currently unable to eradicate spam and phishing scams doesn't mean we should stop trying, or that we have to give in to their tricks. You can find some useful advice for fighting spam here

as well as by enrolling in the CNET online course I will refer to a bit later.

As for phishing, newer products such as Zone Labs' ZoneAlarm Security Suite ( and Trend Micro's PC-cillin Internet Security ( offer anti-phishing protection. While the latter is hardly a perfect solution, it might be worthwhile if you are getting seriously bombarded with phishing e-mails, or are in the market for comprehensive protection for your PC. You might be able to find anti-phishing freeware on (, too.

The most important thing to realize is that no legitimate business will ever send an e-mail asking for sensitive personal or financial information. Any legitimate company stupid, irresponsible, and careless enough to do so would be essentially giving its customers a heck of a good reason to take their business elsewhere! It's just bad business.

Think about it. A financial institution has your home and work phone numbers, Social Security information, and probably more information on how to contact you than might be found on your own wallet. Even eBay has your phone number. If a serious breach in security were to take place, getting hold of customers as soon as possible would be absolutely essential. Why would a financial institution use standard e-mail - an unsecured form of communication that might or might not be checked daily - rather than contact you by phone?

Then there's the question of how exactly entering account, PIN, credit card numbers and/or your mother's maiden name on a website does anything about "suspicious account activities." Chances are, financial institutions and other organizations will either halt access to an account and call the account holder as soon as anything out of the ordinary is detected, or require that you contact them before access is restored. Why would they e-mail you to ask information already in their possession? Some of these phishing e-mails and websites ask for so many details that they literally scream "identity theft!!!"

It follows that if no legitimate business will ask for sensitive information via e-mail, you should never e-mail any sensitive personal information. Ever. Any e-mail that requests such sensitive information, regardless of how genuine or sophisticated it looks, has to be considered fraudulent and treated accordingly. Period.

(You might run into small, legitimate retailers who sometimes give you the option to remit credit card payments via e-mail. Don't. Call them instead and provide the payment details over the phone, even if they lack a toll-free number. And even these retailers will not send you an e-mail asking for a credit card number or similar information!)

What should you do when you get that "verification" e-mail or one alerting you to some supposed emergency? The Federal Trade Commission (FTC) offers the following advice on an article titled "How Not to Get Hooked by a ?Phishing? Scam," included here in its entirety for your convenience:

? If you get an email or pop-up message that asks for personal or financial information, do not reply. And don?t click on the link in the message, either. Legitimate companies don?t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company?s correct Web address yourself. In any case, don?t cut and paste the link from the message into your Internet browser ? phishers can make links look like they go to one place, but that actually send you to a different site.

? Use anti-virus software and a firewall, and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.

Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.

A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It?s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software ?patches? to close holes in the system that hackers or phishers could exploit.

? Don?t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization?s website, look for indicators that the site is secure, like a lock icon on the browser?s status bar or a URL for a website that begins ?https:? (the ?s? stands for ?secure?). Unfortunately, no indicator is foolproof; some phishers have forged security icons.

? Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

? Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer?s security.

? Forward spam that is phishing for information to and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.

? If you believe you?ve been scammed, file your complaint at, and then visit the FTC?s Identity Theft website at Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See for details on ordering a free annual credit report.

You can learn other ways to avoid email scams and deal with deceptive spam at

(Original source:

I forward all phishing e-mails to as well as to SpamCop (you'll need to register at for the free reporting service). SpamCop will process the e-mail and forward a report to the company, bank or organization impersonated in the e-mail. SpamCop will also try to trace back the message to the original sender. There is really no need to try to trace the e-mails yourself. In all likelihood, doing so will accomplish nothing good.

While most phishing scams stand out like a sore thumb, there are always a few that make even experienced users wonder. If you would like to learn more about the intricacies of identifying phishing e-mails, by all means check out the interesting analysis of one of these legit-looking e-mails in Lesson 3 ("The World of Spam") of's outstanding Combating Spam and Spyware online course. This free course is currently being offered through July 1, and I highly recommend it. (

There are simpler ways to tell if a message is fraudulent, though. You can visit the Anti-Phishing Working Group's website ( and search its Phishing Archives to see whether the message you received is already there. You can also file a report while there, though that should be unnecessary if you have already forwarded the suspicious e-mail to SpamCop and/or the FTC.

Other websites dealing with Internet hoaxes and rumors (e.g., ) might also corroborate your suspicions. Remember, phishing e-mails are essentially Internet hoaxes that strike a nerve and tend to be immediately taken more seriously simply because of the blunt emotional impact the threat of a sudden financial catastrophe has on their readers.

Last, but not least, you can always open a new browser window and visit PayPal, eBay, or your bank's website. Logging into your account without any difficulties should confirm that the warning was bogus.

Hope this helps!

Submitted by: Miguel K. of Columbus, Ohio
Collapse -
Good but telephone calls....

In reply to: Miguel K's winning answer

You advise that legitimate oprganisations would telephone an account holder if there is a problem. You should also warn that there are plenty of fraudulent phone calls, asking for the same phishing information.

In fact, legitimate institutions (and especially thgeir fraud investigation departments) often ask for your password etc when they call you about a problem - catch 22. I refuse to give any personal details unless they can prove they are genuine or I can call back on a number I know is genuine.

I had a voice mail recently, saying ''it's Bethan from the Bank, can you call me on...''. I didn't know a Bethan, she didn't say which Bank and the number wasn't one I knew as belonging to any bank I used. When I rang it, it went to a personal answerphone message which didn't say it was a bank or give a company name. I was convinced it was fraudulent - it was genuine as it happens, but very poor practice.

Collapse -

In reply to: Good but telephone calls....

olowe adekunle

Collapse -
We cannot do it alone

In reply to: Miguel K's winning answer

I have reported this type if activity to ebay and they say they are handling it. I sent them the full header to trace the person and three weeks later they are still in business. I have received a few of these and report them to the company that is named. As yet there is no confirmation that anything has been done such as an email saying they have been caught. The companies need to act immediately in getting this done. People should also realize that ebay will not activate an account with free mail boxes and fortunately these people do not seem to realize this and have sent this information to me at Yahoo not where I do have my account with ebay. These thieves need to been taken off the internet as soon as possible not months later.

Collapse -
phishing e-mail

In reply to: Miguel K's winning answer

I received the Ebay account message also and forwarded the message to Ebay. They said they were going to investigate. Haven't heard from anyone since though. FOrtunately I didn't give them any information.

Collapse -
Phishing - emails...

In reply to: Miguel K's winning answer

An excellant reply. I agree with it word by word. I got these phishing message once, purported to have been sent by my bankers. I immediately dialled the bank and enquired. They denied that they have sent any message to me. Further on my personal enquiry the following day, they said my account(s) are all regular and nothing I should worry. As a word of caution they advised me not to reply to any email messages.
That was my experience with phishing.
I have junk filter in my email - inbox. Only those messages from the approved clients, which I have recorded in the addresses, comes into my inbox, the rest goes into my junk folder. Daily I receive 30 to 40 messages in my junk folder. There I check them and delete. I suggest it is better to have set your JUNK filter.

Collapse -

In reply to: Miguel K's winning answer

Another tip in IE6 is to click on the phishing message, go to Message, Block Sender. This will at least prevent further emails from that address though isn't much help if the 'phisher' uses multiple addresses

Collapse -
Phished! I got hooked!

In reply to: Miguel K's winning answer

I responded to that Ebay email and gave information about one of my credit cards. Fortunately, the password I inserted was not the password for that card. Well, two hours later, I received a call from my credit card company. They were suspicious about an attempted withdrawl of $400 from an ATM in BULGARIA!! Obviously, I responded that I had not made any such visit. They immediately cancelled the transaction and the card that I had used safely for 15 years. After reading all of the previous letters from you informed people, I now know what I need to do next. The next mistake will be SHAME ON ME! Thank you all.

Angelo from San Antonio, TX

Collapse -
Joseph V.'s winning answer

In reply to: 6/24/05 How to recognize and avoid phishing scams


Andrew, I have also received spoof e-mail messages. PayPal and eBay are a couple that come to mind. These scammers are very smart and use fraudulent Web sites to appear legitimate. They will attempt to have you respond with such personal information as a credit card number, a social security number, site passwords, user IDs, and so on. Their intention is to steal your identity, and some have wreaked havoc on individuals' credit ratings. Once they have a credit card number, they run up the tab. The card owner then has to sit down and cancel credit cards, obtain new ones, and deal with credit bureaus to straighten matters out. This is not an experience anyone wishes to have! Below are some methods you can use to help cut down on the number of these messages and protect your privacy.

Be very suspicious of any email you receive asking for personal information. Unless the email was digitally signed you cannot be sure the email is legitimate. To obtain additional information on a digital signature do a web search for the keyword digital signature. The bottom line is if you do not know who is asking the questions delete the email. It is better to be safe then sorry!

You should never use the links in an email to get to any web page. You are better off logging onto the website directly by typing in the Web address in your browser. Also, never enter personal information such as account numbers, passwords or credit card numbers directly into any email.

When submitting credit card or other sensitive information via your Web browser, check to make sure you're on a secure Web server. The beginning of the Web address in your browsers address bar should be "https://" not just "http://".

You should log into any online accounts you have often. Have the links to such accounts close by and periodically check them (I suggest weekly). Do this just to check around and verify that no suspicious activity has taken place. Another thing you should do is reconcile your bank, credit card and debit card statements regularly to once again verify that all transactions made are valid. If you do find a problem notify your bank by phone and in writing. They will assist you and provide guidance as to what steps you should take to correct the problem. It may be an error on their part or perhaps your privacy on the internet has been compromised. The correspondence with your bank or card company is the safest route to go.

Always keep your web browser up to date with the latest versions and fixes. Microsoft comes out periodically with security patches. You can go to to find these patches and you also can register to receive the updates automatically.

There are groups you can report phishing or spoofed e-mails to:

a) Forward the email to

b) Forward the email to the Federal Trade Commission at

c) Forward the email to the ?abuse? email address of the company that is being spoofed ( is an example

d) When forwarding spoofed messages, always forward the entire original email with the original header information. You can do this by using the forward option of your email client.

e) You may also want to notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website which is

Lastly I recommend you install a firewall and antivirus program and keep them up to date. You can do a web search to find each of these and there are some that are available for free.

With regards to email which I am doubtful of I follow the rule: WHEN IN DOUBT TOSS IT OUT! I hope this information is helpful and your personal information is never compromised.
Visit the following websites for more information.

Submitted by: Joseph V. of Highland, New York
Collapse -

In reply to: Joseph V.'s winning answer

A very good reply, but a couple of pieveces of news for you. There's a whole world out there that neither the US government nor the FBI have any jurisdiction over. Therefore the assumption that everyone reading this is American is extremely insulting to the vast majority of the 6 Thousand Million inhabitants of this planet.

Collapse -
PayPal sufferer

In reply to: Joseph V.'s winning answer

I m also suffered from PayPal site, although i have not disclosed my credit card no. etc. but tell me can they harm my system.

Collapse -

In reply to: Joseph V.'s winning answer

If you get a spoofed e-mail from that clames to be from Ebay, forward the e-mail to and they will go after them. John

Collapse -
Pete Z.'s winning answer

In reply to: 6/24/05 How to recognize and avoid phishing scams


What is "phishing" anyhow? Phishing is as fishy as it sounds. Crooks attempt to lure you to their phony Web site, which is usually made to look almost exactly like that of your bank or other financial institution, eBay or PayPal, or any other site where you might have an account and transactions happen regularly.

First of all, recognizing a phish is easy - many times, a no brainer (like when you get a phish from a bank that doesn't even do business in your neck of the woods!) Banks DO NOT use e-mail to discuss security issues with you.
They will NEVER, EVER, EVER ask you to log in, provide sensetive information, etc. The same is true of eBay/PayPal. And when in doubt, CALL and ask them if it's legit. That's what the customer service departments are there for.

As for what you can do about it... There's plenty! First of all, don't delete the message (yet)!

Given the crooks in question are using a purchased (or possibly stolen) spamming list, chances are it's pretty close to impossible to stop getting them by merely treating some crook's phishing expedition as regular spam.

Fight back!

You will have to do a bit of research, but in the end, it's worth it. First of all, you'll have to identify the institution - in your case, eBay and/or PayPal. You'll have to go to their legitimate web site by manually typing in the URL (if you know it, use Google if you don't). Above all, do NOT click on the link! That will not get you to your destination.

Once you're on the site, you'll have to do a bit of detective work to find the company's anti-fraud/phishing unit's email address. It's usually on the "Contact Us" page.

Note: Some banks or institutions don't clearly have it anywhere on their site. In which case, it's time to find their customer service number. It's usually a toll free 800/888/866 number. You may also have to navigate through a bunch of menus to get to where you are talking with a live person.
(Pressing the 0 key sometimes helps expedite things.)

Once you've got a live body on the other end of the line, find out where to forward the phish. Go back to your e-mail program and open the e-mail in question - once again, being careful NOT to click on any link contained in the e-mail.

Since there are a lot of e-mail programs available, you'll have to do a bit of research on how the next step needs to be done correctly. What we're after here is the FULL e-mail header. Most applications give you a "Reader's Digest Condensed" version of what's in the header - usually who the e-mail was from, when it was sent, who was supposed to get it and, of course, the subject. But sometimes e-mail headers can reveal a LOT of interesting forensics - and if you're lucky, the originating system's IP address.

Highlight the entire header and copy it to your clipboard.

Once you've gotten the whole header in sight, copy it and then click the FORWARD button in your e-mail client. Enter the e-mail address the institution provided in the TO box. In the case of E-bay, that would be or in the case of PayPal, that would be Given the two companies are actually one and the same, those address' can probably be used interchangeably.

Usually, a forwarded message will have a bar or a line going across so you can type a quick note that's separate from the forwarded message. Paste the full header of the phish into the body of the e-mail above the line and you should be now ready to send. If you want proof that you sent the message, you can always BCC yourself as well.

Note: Many web based e-mail services do NOT lend themselves easily to finding the full header of an e-mail. The only way to retrieve that info in Hotmail, for instance, would be to use OutLook or Outlook Express.

Unfortunately, MSN/Microsoft has decided to no longer allow new accounts to be accessed via OE. Only older Hotmail accounts can be accessed with Outlook or OE.

Finally, click the send button. You should receive an e-mail from the institution acknowledging the forwarded phish shortly afterward. With a little luck, law enforcement cooperation, and good timing, the phishers in question will be sent packing and off to jail.

The bottom line - as long as you fight back by forwarding phishing expeditions to the institutions they (the phishers) are trying to victimize, at worst, the blighters will be kept on the run - at best, they wind up doing a long stretch in prison where they belong.

As far as avoiding being sent stuff in the first place, that's a bit trickier. Avoid web sites that resell your email address. Get a 'throwaway' e-mail address - like Hotmail, Yahoo or GMail. Use them when you visit a site with questionable ethics - especially when it comes to giving your email address out to others goes. Given the source lists for spam and phishing expeditions is likely the same thing, the odd occasional phish is likely to become a facet of life along with regular spam for herbal viagra, low cost mortgage refis and so forth.

Submitted by: Pete Z.
Collapse -
Pete's answer

In reply to: Pete Z.'s winning answer

Thanks.I recently applied and was confirmed to "Pay Pal". I can not use the service however, because; I have been notified by another company (with which I have been doing business for some time now), that my personal credit records "may have" been compromized.
It appears that a mail delivery vehicle lost files that were being sent to another agency. I have now placed an alert on the credit reporting companies. This is a great inconvienance for me to say the least.
I am greatfull to Pete. This information is much appreciated and an "eye opener". Thanks again.

Collapse -
Honorable mentions

In reply to: 6/24/05 How to recognize and avoid phishing scams


Hi Andrew

There isn't much that can be done about phishing expeditions as I like to call them. Just be aware that they are out there. Always if in doubt, go directly to PayPal, Chase Banking, so on, so forth. Check out their sites, if there is a problem usually you would be directed as to what to do. Once there (at the legitimate site) find a phone number (again usually a toll free phone number) and discuss it with their customer service representative and they should be able to tell you either it is phishing site or where to go to correct anything. All of this is to get the person to reveal their personal card or financial information. The most employed phishing tactic is to pretend to be a financial institution like a bank or PayPal. They will send you an email which appears to come from PayPal, and ask you to "update your account" and warn you that your account is about to be suspended, frozen or closed, creating a sense of urgency. A person clicks on the link which the phisher has given in the email, the site to which it takes you "looks" like the real PayPal site, but it is not. And when you type your account information in at that site, they have your account information, got you! They now have your account information and of course with that they have access to all other kinds of information about you, that can include your other accounts from other places. Because these phishing sites look so realistic! As a rule of thumb, when a letter from a financial place of business out the blue, never respond to the email. Because of the problem of phishing scams, most business' do not send emails anymore. And if they do, go to the site, either type it in or if you have it in your favorites/bookmarks and click on that. Login, more then likely if the email is legit, when you do login it will alert you to update your information at that time.

There are methods to detect if it is a phishing site, such as; does the whole letter act as a link? That is no matter where you put the cursor on the letter, does it show as a link (cursor changes to a hand or some other kind of icon)? Another is, when using Internet Explorer, does the address show up with something other then what is in the warning letter? If it does then this is an indication that it is a phishing site. Again with I.E. or for that matter any browser that shows you the address before you click on the link, does a series of number, rather then a readable site name come up? This is also an indication of a phishing site. Understand that now there is a way to do what is referred to as a malformed address and have the address look legitimate. So in essence if in doubt, go to the real site, if you are still not satisfied, do some telephone calling. There are also some excellent sites that will keep a person abreast of the latest phishing scams and email scams. Here are some sites that one can go to, to find out if it is a scam or phishing site:

U.S. Government;

About Site;

Anti-Phishing Working Group;

Scambusters; (I know because I personally subscribe to this publication)

Institute for Spam and Internet Public Policy;

Aunty Spam's Net Patrol;

These are just a few of the sites that one can go to get further information and most will let you subscribe to a news letter to keep one informed of the latest email scams, shams and phishing/pharming scams. Also some of the on-line email companies, at least yahoo does anyway, if you click on a suspected phishing link, yahoo will tell you that and give you the option of canceling your click. That is if Yahoo! knows about the scam or it may even be able to detect malformed address'. I don't know how Yahoo! detects it, but Yahoo! does!

Hope this helps, Andrew.

Submitted by: Rick B. of Warren, Michigan



Pay Pal emails etal.
These are major phishing exercises going on. I have received numerous ones also. These are coming in also in very convincing format from credit companies and banks. Whatever you do, DO NOT REPLY, or provide any personal information "as requested".

These phishing attempts are often filled with valid logos, and enough information about you to make you think they are real.
If you become unnerved, and begin to think that these may be valid, access the financial site only by your own independent initiation from a clean link in your browser. Do not use any forwarding link arriving by an email into your in box.

I have had only a single prompt from an institution which actually was valid. I provided significant feedback to them about how I felt their contact methods were not longer appropriate in the Internet society we now live in. Hopefully if others do the same these few institutions will get the message also.

Quicken was a good example. I had to eventually do what the email suggested, however I had to initiate the process on my own terms before I had confidence the request was valid. I scolded Quicken the best I could after several months of these emails.

PayPal confirmed to me that they do not contact their users in this manner. And, these institutions appreciate the information of this phishing activity going "in their name". Some banks have even set up
addresses in some kind of format of spoof@(bank name).com etc to
forward this garbage directly to them for review.

I rather enjoy using accessory email filters in addition to those provided by my ISP. This gives me the ability to set some specific filters to trap incoming mail before it come from the server onto my computer. It is amazing how many variations of the same garbage email are being sent as attempts. Software like this gives the user a chance to review what is to be killed automatically before it actually happens. Occasionally something valid from a "wild card" filter is something I want, and I have manually rescue it from being earmarked for trash.

An example of a wild card filter might be one which looks for emails which include "Dear (email address)". If they don't know my name, I don't know them either..... You will also notice that most of this garbage is coming from foreign domains. However, the spoofs are using what appear as "valid" domain names also. I try and only accept specific, known senders using domains like, hotmail, aol, etc. Cell phone domains have been used for attempts as well, so be initially suspicious. The old saying, "don't believe anything you hear, and only half of what you see" may not be applicable anymore. I think that it has to be way less than half now. "You can't get blood out of a stone"
may be better today!

Submitted by: Dale D.



>What can people do to avoid receiving these spoofed e-mail messages or at least cut back on their numbers?

In my experience, there is little that you can do to cut back on phishing e-mails. You can chose to receive e-mail only from known sources, but that is going to limit you. You can try anti-spam programs, but phishing e-mails are pretty efficient at getting past those programs, particularly since they appear to come from a legitimate source. I suggest that you just ignore them. I have created a special e-mail address for each service that I use, such as PayPal and eBay.
Granted, not everyone has this ability or the desire to do so, but when e-mail arrives from "PayPal" addressed to the wrong address, then it is easily recognized as bogus and I trash it. Of course, you cannot use those email addresses for anything else - only for that specific account
- and you need to have an e-mail program that keeps your received e-mails separated by account.

> Also, how can people learn to recognize fake e-mail, and is there any way to trace it back to the sender?

First thing to do is to read the privacy statements for PayPal or whatever company you are dealing with. Almost without exception, companies like this will state that they will NEVER ask for your personal information in an e-mail. Right away, if you get an e-mail asking for this kind of information, you know it is bogus.

The "easiest" way to recognize fake e-mail is to look at the headers and source of the e-mail. This will usually reveal that the sender was not the company it claims to represent. The word "easiest" is in quotes, however, because sometimes it is difficult to interpret all the information in a header, but the information is there if you take the time to try to understand it.

Also, if an e-mail tells you to click a link to reactivate your account, or to otherwise submit your personal information, always look at the link's address before clicking on it (you may need to look at the e-mail's source to see this). If it does not have the name of the requesting company in the last place before the "dot," then it probably is not legitimate. In other words, "" is not a legitimate PayPal address, whereas "" could be. The best solution? NEVER click on a link sent in such an e-mail. If you think that there may be a legitimate problem with your account with a company, go directly to that company's website by typing their address into your browser and logging in as you normally would. (Yes, your computer may have been infected in such a way that your browser could send you to an address other than the one you typed in, but the odds of that are pretty slim.)

Able to trace it back to the sender? Why bother? Look at the header and you will see the path that the e-mail has taken, but there is absolutely no guarantee that the path info hasn't been faked, or that it wasn't relayed through an "innocent" computer. What are you going to do if you trace it back? Write them a scathing e-mail? Want to be laughed in your face? By the time you trace it back, if you can, they will be long gone.
These are "hit-and-run" operations, only existing long enough to get a few suckers to submit their info, and slipping away into the night.

If you want to "do something" about a phishing e-mail, check with the company from whom the e-mail appeared to have come to find out where you can report suspicious e-mail. They usually have an e-mail address to which you can forward scam e-mail. They can do more with the e-mail than you can, as they have greater resources and have a greater stake in the issue.

In the end, you have to use your own head to spot these e-mails. Suspect every e-mail and you will be much safer, and NEVER submit personal information to a web site you went to from a link in an e-mail.

Submitted by: Ray M.



Andrew, you've hit upon one of the big problems for all users of email - unsolicited email or "spam". Phishing is simply another variation - one of dozens of twists, but these intrusions can all be boiled down to a single definition - spam. And the solution is not an easy one. Prevention would be the simplest - get an email box and don't let the spammers know you have it - but if you ever give your email address out just once, even to an organization you trust, you're caught. Even if you never give it out, eventually the auto-name-generators will probably get a hit on your account.

A lot of folks would like the government to step in and do something about it. While it's not impossible that Uncle Sam may someday look at the problem, if we think about it, I don't think any of us want the feds poking around our email - any more than they already do! So then, it's really up to you. And you can mitigate the spam - maybe not eliminate it entirely, but shave it down to a level you can live with and laugh at, instead of fume and fuss at. Don't bother to try and track down the senders. Even if you could uncover the ultimate address of a spammer, there still isn't much you can realistically do - legally or otherwise. And don't forget the horror story of the guy who did find one of them, and then tried a little spamming of his own. I believe the story goes that he ended up with more spam than ever, and never did really find out who the spammer was. Today's expert spammers are behind double-blind remailers that are usually outside the US, and you simply cannot penetrate that veil. Try it yourself if you like - just open the header of a spam mail and get the IP addresses shown there. Use one of the "whois" services or go to a site like and plug in the IPs you got from the header. Most likely you'll find they trace back to a host in Hungary, Brazil, Russia, China or some other impossible location.

To slow down spam, if you want to let someone else handle it, go with an email provider that has built-in spam and virus filtering. Earthlink, AOL and the other biggies all have some level of email scanning that helps to cut down on the spam. But not entirely. You'll still get cleverly constructed ads that are designed specifically to evade the heuristic logic used by the filters. Whether you go with a service that provides filtering or not, by all means, purchase a copy of Firetrust's Mailwasher Pro ( ), or one of the other filters that have a "whitelist" or friends list. It takes a little time to get all your friends, acquaintances and other trusted senders into the list, but once they're all in, the spammers are completely locked out. If the sender is not on the list, the mail is tossed out - simple as that. And there are adjustable levels of automation to the process. If you're like me and can't bear to not know whose mail is about to be dumped, you can review what's about to be sent to the bit bucket before you commit to it.

If you're behind Microsoft Exchange, as in a corporate computing environment, the problem is up to your IT folks, because products like Mailwasher are ineffective when installed on an Exchange client machine. But there are very powerful solutions to spam at the corporate level too, but you can't personally do much to help. The most effective anti-spam measure for the near term to have and use a whitelist. You'll be totally insulated from spam until the spammers figure out how to emulate someone on your "friends" list (and I don't doubt that there's some misguided phisher out there working on the problem at this minute).

Good Luck!

Submitted by: Phil B.
Collapse -
Mailwasher Pro 5.0 Discount

In reply to: Honorable mentions

Collapse -
Other advice from our members

In reply to: 6/24/05 How to recognize and avoid phishing scams


First thing!: NEVER answer to such a message! Don't even click on any link they may contain. If you click a link from such a message, you may confirm to somebody that they have a live address.
How to recognize spoofed messages: you may not be a client of the other entity, the message tells you that you need to confirm your info, or that your account has been suspended and that you need to reactivate it.
Have a close look at any link, does it contains a long string of "random" text?(Y) Does it contain any misspellings?(Y) Look at the source of the message, does the actual link the same as the effective
link?(N) Is the address a bunch of numbers?(Y) Those are indices of fake message.
If in doubt, issue a challenge to the emitting institution using the address you have: in your correspondent list or on paper or from the actual site. Never issue the challenge by replying to the message.
There's very little you can do to prevent those messages. Check with your correspondents and have them check their computers for a virus infection, Trojan and spywares and do a cleanup. Maybe one of them got highjacked and made into a SPAM spewing zombie computer.

Submitted by: Alain



Re Fake e mails:-

First of all, paypal and e bay do not send such e mails.

You only go to the official e bay website sign in under your user and check for messages.

Do the same for paypal. Only sign in on the paypal website.

I for one have spoofstick installed for both my internet explorer and for Firefox.

It shows whether the site if real or fake.

They also have such protection for Mozilla Thunderbird at

You can use Mozilla Thunderbird instead of outlook express.

Best regards

Submitted by: elinorann978



When in doubt, forward any suspicious emails to or
I tried to login to my eBay account on Thursday morning 6/16/05 and was told that my 'sign-in information is not valid'.
I then received an email from eBay telling me that my account had been suspended and all of my auctions removed due to possible unauthorized activity. I'm a high feedback seller (610 FB ratings, 100% positive), and am apparently considered to be a good target. It took most of the day (both on the phone with eBay personnel and with the 'live help'
system at eBay) to have my account reinstated. For the previous few days, I had been getting email questions from supposed eBayers asking questions about items that I was NOT selling (and a search using the supposed item numbers showed 'invalid item number').

While I should have become more than suspicious at that point, I pretty much ignored them.

What had happened was that somehow someone had gained access to my eBay and email passwords, and began sending hundreds of email 'offers to sell items off of eBay'.

eBay then suspended my account, and when I did an advanced search by sellername, I found that I was listed as 'no longer a registered user'.

While I didn't TOTALLY freak out, I of course changed my passwords on my email account(s) and then (after explaining the above situation to the eBay 'live help' guy and being told: "That's it"!) was given a temporary password for my eBay account, which I then changed to a much more secure one.

In the meantime, anyone who had been bidding on my items was sent a notice by eBay that the item had been ended by eBay due to the 'suspension of the seller's eBay account'.

That's NOT a good thing for current business, and it has the potential to hurt one's eBay reputation in the long run as well.

That sort of thing can really put a crimp in your day; I'd suggest that EVERYONE change their important account passwords on a regular basis, and forward anything which has links in it and looks suspicious in any way directly to both companies for investigation.

There are a LOT of people out there who are trying constantly to do this sort of thing, and even though I KNEW that, I had never had a problem before, so I thought I was safe!

Submitted by:
Dave Y. of Depew, NY



When you recieve such emails you should look at the following things to decide wether it's fake or not:

1. Compare it to any real emails from PayPal/eBay. If it's significantly different, it might be fake.
2. Click "Show Full Headers", "Show Original Message", "Options" or something of the type to see the header of the message. If the address it was sent from ("Sender") doesn't end in, it's probably fake.
3. Put your mouse pointer over the links to other sites (in Internet browsers only). It will display the target of the link in the bottom status line in your browser. If the target is not or, it's fake.
4. Finally, go to to by typing the full URL in your browser's address bar. This will take you to the real site, where you can check your account for whatever the email said is going on. If there's nothing there, the email was fake.

If you determine that the email was fake, you should report it to the correct site by going to either or to If the email appears to be from PayPal, you should forward it to

If you've determined an email to be fake, mark it as spam or report it to your email provider or anti-spam software. Be sure to look at your spam folder every couple of days, as a real email might be accidentally be sorted into that folder by your email provider or software.

Submitted by: Ilya S.



Hi Andrew,

There are simply a few steps to avoid "phishing":

First of all, something you have to keep always in mind: Anytime you receive any email which is asking you for personal banking of financing information, don' t reply to this message because there is no on-line banking system which uses this method for verifying information about you. They usually tell you simply that there is an issue with your account and that should go to their website, the one which web address you have been using all this time. In this case you type in the "address" bar of your web browser the full bank's URL which you already know and nobody will be able to access your bank info. Anyway the best thing you can do if you have time is tell your bank or whoever this e-mail supposedly comes from that someone is trying to get information about their customers. The other day I received one of these messages asking me for my credit card number, PIN code, etc. so the first thing I did was go to the bank and give them a copy of this e-mail. In the following few hours a warning was placed on the bank's official website so that everyone knows. You should do the same if you have free time.

I hope I was helpful.

Submitted by: Samuel from Spain.



I just did a research paper on identity theft and I found a great site dedicated to these annoying phishing emails:
They have excellent information and sample emails with screen shots of the sites you're taken to if you click on the email.
I get tons of these from eBay and PayPal, along with some from Citibank and other companies I've never even done business with. The first thing I do is send it to "spoof@ ..." (,, etc). They will normally send an email right back saying the email never originated from them. I will then report it as spam to my ISP. That's about all you can do. also lets you report these bogus emails.
Just remember NOT to click on the links in the email and NEVER give out that information! If you are concerned about your account, use caution and contact the institution directly either by going straight to their website without using links or by phone.

Submitted by: Jessica G.



Andrew although the pages look very real and bear all of the pictures and trademarks appearing on the official E-bay and
Pay-Pal sites there is one clue which gives it away instantly, and that is the address. If you look at the address bar
in your browser you will notice that it does not say "" The address in the address bar will usually have
some ip adress;123.45.666.07/ebay which is the address of the owner of the website running the phishing scam.
When I receive these I usually forward them to Pay-Pal so that they can notify the proper authorities and try to
trace not only the origin but the person behind the scam. The best way to stop this kind of illegal activity is by
finding them and putting them where they belong, behind bars!!

Submitted by: G.G.



E-bay has had a big problem with this very thing. E-bay assured me that they would never e-mail you and ask for that information. E-bay was also hacked a couple of years ago and my account was one of those that was stolen. They got in and changed my password so I couldn't use the account, and apparently did some transactions and I was getting e-mails saying my account would be closed if I didn't pay some fee that I owed. I ended up abandoning my e-mail address and my e-bay account and had to start all over. Bottom line is, don't answer these e-mails. Delete and forget. As for reducing the number of them that you get. I assume it is the same as any spam. There is only so much you can do. Use your filters or get a new e-mail account. It's a shame that we have to run away and hide. There is evidently no privacy. I got an e-mail account strictly for friends and family. So far I have had very little e-mail of an unfriendly sort. It's amazing to me that they somehow manage to get to you even when you are extremely careful to keep that e-mail address a secret.

Submitted by: Doyle S.



The only real way to cut back on phishing emails is to not publish your email address on the internet, anywhere, ever, which is obviously difficult, so you may have to live with them. To recognise a fake email it will always have a link, supposedly toa reputable company, asking you to input your user information. Everything else on the email is to try and convince you to click on that link and enter your user name and password - trying to sound important, and trying to make you rush into it. What the scammers can do when they have your username and password, I will leave to your imagination. I'm not sure about tracing the emails back to the sender, but the anti-phishing working group would like to know about any new emails - they keep an archive to try and stop it happening to others - see
I have a whole web page with more info. See Hope that answers all your questions Jo

Submitted by: Joanne H. of UK



My answer is to automatically forward spoofs to PayPal, Citibank etc security dept. often, by the time I've gotten the spoof, the web site linked to the spoof has already been shut down. In the case of the Nigerian diplomats who want to share their millions, the FBI has a site to which you can foreword those spoofs. I think they've jailed about 1500 of those turkeys in Nigeria with help from our FBI. I read somewhere that you'd be far better off as a detainee at Guantanamo than in a Nigerian jail!!!

Submitted by: diandted of Jupiter, FL



Dear Fellow Phish Targets:

ALL of those bogus-looking email messages that report "suspicious activity," "X has been added to your credit account," "Y has accessed your account" are nothing but Phishing activity. PayPal has a site to report "suspcious email messages," which I used regularly when the last wave of smelly email arrived. As for eBay, let them know about such activity also.

Previously, I'd look up the address of suspicious email and found some came from Puerto Rico, one was from a page "under construction," and another was a Spammer. I should mention that I'm using a Macintosh PowerBook under OS X, which shoulders malware aside or isn't affected by virii. (Knock on wood, now that Apple itself is switching over to Intel processors!) The usual advice is: "If it looks too good/bad/odd to be true, report/ignore/trash the email message/offer."

Let me close by saying: DEATH TO ALL SPAMMERS! DISMEMBER ALL CRACKERS! INCINERATE ALL PHISHERS! Thank you for reading this email, which contains nothing more than far too much text.

Submitted by: PEA



also have been receiving many emails requesting information in order to ?correct? or ?activate? my accounts. My personal rule about these types of emails is to always say ?no?. Come to find out, this really is the best policy. Reputable companies will not send you emails asking you for any information. Additionally, because these emails appear to come from companies that I do business with already, I usually have the company?s web site saved as a favorite already. Never follow a link from an email asking you for information. Instead, I go to the web on my own and use the link I have saved already for that company. And more often than not, these companies are aware of the problem already and have a message on their home page or a link to a fraud department within their company. They usually provide an email address that you can forward the fraudulent email to so they can investigate it themselves.
Once you identify the senders of these fraud attempts, it?s easy to create a rule within your own email that automatically forwards the email to the correct company?s fraud department, and then deletes the email, thus removing the temptation of opening it or looking at it going forward. If for some unusual reason you actually receive a ?good? email that you ignore or delete, keep in mind that these are companies that you more than likely do business with. If they really need to contact you, they know how and will do so legitimately through other means if necessary. And remember, there isn?t anything wrong with actually calling a company and asking them what they need from you.

Submitted by: Christopher E. of St. Petersburg, FLorida



I am looking forward to the answers that come in on this one.

My first reaction would be that this is phony. I would continue to delete them and report them to Also the Federal Trade Commission at which is a complaint center. Also send a copy of this unwanted or deceptive messages to

Never give out that kind of information on the Internet or when contacted by phone. Always expect the worst because that?s exactly what these things are. DO NOT RESPOND to them at all. If they get a response from you they will continue.

Submitted by: mskrugel



There are two ways to check on these emails.
One is to go to the site, eBay, etc, and deal directly with them. Or (which is what I like to do) you can check the background of the email to see if it came from that company or not. Just check the preferences and full headers of the email. If it does not look right, then copy it and send it to the company directly so they can follow up with fraud charges.

I believe that following up with the company is the best strategy, even if there is a wait. Never respond to these phishing letters as they will send them to you again.

Just my 2 cents worth.

Submitted by: Jackie M.



When you get one of these fake emails:

1. Go to the top of the browser page (different with each one; I use
Netscape) and turn the header option to all. You will see a bunch of goobledegook (my grandma`s word!)

2. Forward the email to the appropriate place: (for fraudulent emails...this is a consumer site, I

If the email claims to be from your bank, you can generally call the bank and find out how to have it investigated.

3. Delete it!

If you forward emails with the complete routing information, often it can be traced back to the ISP. Ebay and Paypal take these seriously, as does Earthlink.

Submitted by: Julie D.



On the phishing email attempts pertaining to Ebay and Paypal, I have gotten my share too. As you know, when sent to Ebay , they thank one for reporting, claim to intend to look into the matter and that is it.

I delete the emails now after checking the email properties, open a browser that I had not been using, and I check my account with paypal activity. Thus far, nothing has been wrong.

I think one is expected to change there info for paypal often-user name and password. Also, as I am sure you have been told by Ebay, to open a separate browser when checking paypal info.

I use qurb for extra spam usage, but have not found a way to stop the phishing emails as it would toss all paypal emails that came in , and I would have to check the delete folder anyway.

Changing names and passwords used on Ebay and in paypal seem to be the way to cut down and never clicking on the phishing emails.

It is unfair that thieves make life so complicated such as having to change passwords and user names, but it seems a wave of crime that is not waning.

Ebay and paypal seem to only send emails to entice more buying from favorite sellers', offer credit cards, and try to get one to be a seller, however, I always check - at some point-when I get a phishing one to make sure nothing has happened.

Again,one can check the email properties and see where the email originated and tell by that it not really a authentic email. That makes you know quicking that nothing has been sent by Ebay and paypal and saves you time in checking.Click on the mail to just highlight, go to properties, go to details, if using outlook express, and one can see all info of where the mail originated.

I know this has not said how to stop them, but changing the user info will slow it, checking proerties save time in having to check paypal accounts right away, and good luck to us all going thought the internet crime wave attempts.

If anyone know how to stop them completely and forever, I would be interested big-time.

Submitted by: Page



I've been getting these phisher emails almost daily for several years now. Actually fell for the first of them--before the scam became public--and very nearly lost $4,500 in one fell swoop. Fortunately the good folks at Paypal, my bank and credit card companies took immediate action to block the withdrawals--but it was too close for comfort.

When I receive such emails now--and they are cake to spot, being poorly written and coming out of nowhere--I immediately forward them to those who can take appropriate action: spoof@ebay,com or, etc. It doesn't help to block the sender because email blocker will also block legitimate emails from those agents, e.g. eBay and Paypal. Remember that no agent will ask for personal information via email.

Although this behavior on the part of some virtual dirtbags is infuriating, there's no reason to panic or run for the hills. Forwarding and then deleting all that's required to get a potential crook out of your hair. But there are two VERY important things to remember each and every time such an email appears in your inbox:

1. NEVER EVER RESPOND! It'll only further identify you.

Be alert. Be smart. And remember that curiosity killed the cat.

Submitted by: Julia B.



It is quite easy and I thought most everyone knows about this. In Outlook Express, click on the File tab in the top left toolbar. Go down to "Properties" and click on "Details in the box that comes up. There you can see all of the addresses that it went though to get to you. If you don't see the address that it was supposed to from, PayPal, Ebay, etc don't reply to it. Delete it!

Submitted by: wmartel



I?ve also received this e-mail several times, and you are right. It is most likely a phishing scam.

PayPal states in their user agreement and privacy statement that they would never ask you for personal information in such a way. In fact, most service providers on the internet, whether messaging, e-mail, payment, or banking services, will never directly solicit your password or any such information. It?s hard to understand because how else would they contact you, right? However, in today?s world of identity theft and information theft, it never hurts to be too careful.

What I do is forward the e-mail to, close and delete the e-mail, and then go to PayPal on my own (not using the link in the message) to login and check the activity myself on the account. I haven?t found any unusual activity that actually coincides with the receiving of the e-mail (in fact, I haven?t found any unusual activity at all in the years that I?ve had PayPal), so clicking on the link included in the message is most likely a bad idea.

With any service online, it?s best to check their spoof mail information. Online Banks, PayPal, Yahoo, and several other popular online services have been spoofed many times in the past in phishing scams such as this. Most of them have some sort of policy on how they want their customers to treat suspected e-mails, which usually includes forwarding the complete mail (with headers) to a special address before deleting and ignoring it. Whenever I receive these e-mails, I close the e-mail and then research the targeted service so I know where to send the offending piece of mail. I don?t even have accounts with certain banks and I?ve received e-mails asking to confirm my information. For a while, I had Citibank in my address book despite not being a customer because I got tired of typing in four times a day. And I made sure to send every e-mail I got to them. Every little bit helps as they try to locate the sources of these scams, find out what?s involved in creating the mails, and stop them from happening.

Submitted by: Jessica S. of Yaphank, NY




The FIRST thing you want to do is Save the fake-suspect-spoof e-mails for submission to the proper authorities,make sure you run a virus scan on the e-mail and don't save or open any attachments if there is any with it. You can also do some digging on your own with the original. Second immediately Contact E-Bay and Paypal ,the links to their sites and Help with suspect e-mail is available for,EBay at and for Paypal at You can also forward the entire e-mail to for E-bay and for Paypal,remember do not change anything in the email.More info is available at each website above.Another option is they're some really Great IP Trace Programs out there and Cnet Downloads has some of the Best available for download.These allow you to back trace the IP address of the email sender.There is WhereIsIP 2.2, Whois 1.8, has a bunch of Great Programs, Also Quis Lite 1.1.1 and Who Is Web Pro.the list goes on. These are all available at the Cnet site just enter IP trace in the search downloads box. Some are free, most are free to try.The nuts and bolts are in the spoof email "if your using Outlook, Outlook Express ect." click on file then on Properties, then at the top Details, then down at the bottom Message Source. A new box opens with all the info about the e-mail, about 5 or 6 lines down is the Message Source which lists an e-mail address then the IP address of the sender. With one of the above downloaded programs you can Back Trace the IP address to the sender. Usually it lists the email address of the Service Provider for you to Report Abuse too, which I recommend you do! One thing to remember though is that spammers and in your case spammers that are trying to steal your personal information are committing a Felony, A Federal Crime so most use fake e-mail addresses,and are therefore hard to backtrace and identify!! E-bay and Paypal can do a better job than you can really.Last but not least are the Spam Blockers also available for download at Cnet's off the shelf. These are perfect for spam But one of the problems with your case is that the spoof E-bay and Paypal e-mail's look so good that if you block them you probably will block real e-mail from the legitimate parties so this option may not work. The number one choice is report them and send a copy of the e-mail to the real companies,not by forwarding but with a new e-mail that you type the address in, Really they have the resources to identify and prosecute the offenders. Hope this Help's?

Take Care

Submitted by: Ganash



The main thing to remember is to not be faked out by these spoof phising emails. PayPal, banks, Ebay, etc., will NEVER ask you to enter any sensitive account, personal or password information via email. When I receive these (usually from PayPal or Ebay or even a credit card company I don't even do business with) I immediately forward them to or (or the appropriate email address) so they are reported and can be investigated. If you have any questions, always call the entity involved and ask if the email is legit or not.

Another thing to remember is NEVER to click the links in the spoof emails. Open a new browser window and then type in the website address before going in and checking your account information.

Submitted by: Maddiecakes in Texas



One of the best things I ever did when I first got PayPal was find a way to report spoof emails. The address is I was aware that someone might try to gain my PayPal information but wasn't sure how far they would go. Now comes phishing and with it a whole new way to try to pry your private information from you.

PayPal just sent me an email how to detect whether or not PayPal is sending these messages.

Mainly remember that PayPal will never ask you for private information through an email. Spoofed emails use generic greetings, have a sense of urgency and use fake links to direct you to a "pay pal" site. If you mouse over [place your pointer or arrow over] the link and look at the status bar you will see that the link might say it takes you to PayPal but the site is far from it. They will even go so far as to put PayPal in the address somewhere so it could possibly be from PayPal.

Using a little common sense with your personal information and reporting these emails to PayPal will help them help you in the future. Oh, once you've sent an email to PayPal about the spoofed email use your spam blocker to block all other correspondence from this email address.

Submitted by: Wayne N. of Etna, Wyoming



One way I found to eliminate some of these scams is your email address
and cut down on the number of bogus email advertisements is to.
thread them through another server and here's what I like a gem!
Get free disposable email addresses, and a spam blocker!
Now, I maybe get 1 a week that leaks through to my INBOX - wow this is great!

Submitted by: Sherry R.


99.9% of the time, these emails are fakes, designed to lead you to a site which will then ask you to enter personal information and disclose your password. When you do actually receive a legit email from either Paypal or eBay, the message will address you by your full name - the name you registered for these accounts. The fake emails never address you by name (i.e. "To George Smith") and another clue is that they typically have some misspelled words included in the text. The best way to confirm that the email you received is a fake is to forward it to either or After you send it, you will receive a response (usually within a few minutes) which will confirm that the message you receive was not sent by the source you believe it had come from (Paypal or eBay), and they will then take over in investigating who is sending these notes and take action against them.

Unfortunately, there is no effective way to block these emails because they do appear to come from legit sources, and you certainly don't want to risk blocking real email from either Paypal or eBay. So just keep in mind that if you don't get a message that addresses you by name, it is more than likely a fake and you should absolutely not click on any links in the email, but simply forward it to the appropriate place to verify that it is indeed a spoof. The senders are, of course, phishing for info and will continue to send these messages until they are caught. While it is certainly annoying to have your inbox filled with these messages, there is no danger that you will compromise your account as long as you do not click on any of the links and just forward the email to Paypal or eBay to deal with the situation. Once you've forwarded a few and are on to the scam, then just use your "delete" key to trash all these emails that you now know are fakes.

Submitted by: Lisa S. of New York, NY



I?m always getting malicious email from the maggots that put out the eBay warning. I never open the mail. I always Forward these letters to eBay to investigate the source. Their investigative address is A recent response from eBay is included below.


Thank you for writing to eBay regarding the unsolicited email you

It is impossible to determine exactly how your email address was
obtained as there are many ways. I have done some checking and let me
tell you what I have found.

It appears that you have put in a direct link to your email in your
auction. I am sure you did this for better customer contact on your
part, however, it allows anyone (including spammers) to use a spider to
"read" the html of the webpage and harvest your email address. At this
point, I can only suggest that you remove this from your auctions and/or About Me page.

Unfortunately, it appears your email address has been harvested and just by changing your email address or removing it from your auction pages
will not stop the spam from coming to your inbox. One option you may
need to consider is obtaining a new email address solely for eBay use.
You should save your ISP email account for personal usage and do not use it for registering on websites, entering contests or for downloading. If you do receive spam through the new email address, it can be more easily removed, filtered and ignored.

In addition, you might want to take the time to familiarize yourself
with the junk mail filters of your email program. Often times you may
block specific email addresses, emails containing certain text or even
entire domain names. This should help to prevent the majority of
unwanted emails from entering your email inbox. We would also like to
suggest that you do not reply nor unsubscribe to the message because
this can sometimes generate even more unwanted email.

Again, thank you for your efforts to help keep eBay a safe place to


eBay SafeHarbor
Investigations Team
eBay Inc.
The World's Online Marketplace
Collapse -
Tip for slowing the bad guys down...

In reply to: Other advice from our members

Have you ever gotten questionable mail from a trusted contact? Here's why...
Some of the address used by these folks are gotten from unsuspecting user's address books via cookies, trojans, worms, and other malicious means.
A trojan, worm or otherwise harmful code will be sent and may have no noticable effects on your computer. It can easily be attached to an email, file or even appear to be a legit email from a trusted contact.
Some of these will clone your address book, contacts list (ie MSN or Yahoo Messengers) or other stored contacts. Once attained, they simply send them out or make them available to the nasty people who use them or sell them... Once again, you may never notice anything different about your computer.
One simple way to prevent someone from exploiting your contacts list is to simply add a fake entry.
Make it FIRST on your list and be SURE it's not a real address... The easiest way to assure this is to type it in and see if it goes anywhere... lol
I use ''AaronAardvark@htk.con'' The bug or hacker in question will attempt to verify the address, it WON'T work and they will abort. Fast in, fast out is how they work to avoid getting caught.
With luck, none of your contacts will receive any phish or otherwise nasty stuff from ''you''.
This WILL NOT prevent YOU from getting any questionable email, but it WILL make it harder for hackers/scammers to exploit your contact list.
It's a very easy step to take to help slow the bad guys down.
I DO agree with everyone else on the firewall/anti virus thing. An UPDATED version of either or both is a very efficient tool in preventing serious problems.
Nothing is fool proof unless you totally avoid connection to the 'net.
I know it's a bit off topic but I have gotten one of those nasty emails from people who asked why I sent them a virus, nasty eamil, or other spaminals.
It could help pervent you from being associated with these folks or having to answer questions that need not be asked.

Oh, another thought...
If you have DSL, cable, or broadband... If you're not usting it, TURN IT OFF!
Idle computers are a hackers dream.

Just a thought I wanted to pass on.

Scootertrashtx, Inna middle of Texas

Collapse -
A Case History

In reply to: Other advice from our members

I got many messages from a company called Worldwide Marketing Services LLC, asking for payment for information about on-line jobs. First I noticed that the domain name of the sender was ''. I looked up the WMS LLC in Google and there was no info about such a company, secondly I looked up which happened to be an Internet Service Provider (ISP). I thought it is the wrong business for WMS to be in the ISP domain. I found 'ureach' to be a dubious company which is not doing enough in controlling suspicious accounts and asked them to shut down WMS account which they did. Besides that, because I have a blog, I made a posting describing my experiences. Since then I got a few hits through Google and other search engines from people who were trying to find things about WMS. You can do the same: google around the company (if it is not eBay or PayPal) the ISP of the email you get and if you find something, act on the info. Try to get the account suspended, write about it if you have a blog, open a blog (it is free!) and write about it. This way you can help keeping the Internet clean of the phishers.

Collapse -
phishing detection

In reply to: Other advice from our members

I've found that the grammatical errors made on phishing emails are so obvious, it's a wonder anyone falls for them. That and the fact that paypal is purportedly emailing me on my MSN account instead of the hotmail account that is set up specifically for paypal transactions. I have a hotmail account that is used specifically for certain kinds of transactions just so that I can keep control of them for security reasons. If we ever run across spammers who actually speak english, I guess I'll have to be more careful, but in the meantime...

Collapse -
9 of 10

In reply to: phishing detection

I just tried the phishing iq test and got 9 out of 10 correct! Interesting that I erred on the side of caution and selected a legitimate one as a scam, too...

be careful out there!

Collapse -
More Info

In reply to: 6/24/05 How to recognize and avoid phishing scams

I won't cover the already excellent advice given in the previous answers. I just wanted to add a little more information. All online accounts that require a user name and password to log in are potentially targets of these scams. Even though I don't pay my bills online, I created accounts for my mortgage, credit cards, cable provider, wireless phone service, paypal, etc. It is easier to view recent activity, make changes to accounts and even print recent policy changes online than over the phone. However, I have received phishing e-mails from almost every account at one time or another. It is important to let them know when you receive these e-mails. I found that every account has a place to report them. I just go to the site (not by using the e-mail link), look under the help section and find where to report a suspicious e-mail. Many of the sites even have a recent hoax area where you can see the current scams. I always report them, If enough people do, it is in their best interest to track down the phishers. No business out there wants to lose members or waste valuable time trying to straighten out unauthorized charges or changes made to somebody's account. I usually include a note in the letter telling them I know it is a fake but, I am just forwarding it so they can be aware of any new scams circulating.

Collapse -
Anyone ever reply to the phishing?

In reply to: 6/24/05 How to recognize and avoid phishing scams

Did you ever reply to any emails and give phony data? What happened? I'm curious, and furious too because I no longer trust any email from ebay, paypal, or my bank!

Collapse -
PayPal Phishing

In reply to: Anyone ever reply to the phishing?

I did receive a PayPal phishing e-mail. It really did look offical. Of course I knew immediately it was phony, in fact I knew it was phony before I openned it, because I do not have a PayPal account. I have bought exactly one thing through eBay, a NIC, but that was no through auction process, didn't use PayPal. I could not have replied to the attack even if I wanted to, what made the Phishers I was a viable target?

Collapse -
Phishing PayPal

In reply to: PayPal Phishing

The 'phisher' doesn't know if you have a PayPal account or not; they don't care! They cast their net far and wide hoping to catch the unsuspecting person.


Collapse -
Here is an actual paypal phishing example...

In reply to: PayPal Phishing

Collapse -
Never reply to spams

In reply to: Anyone ever reply to the phishing?

Although I've come close at times due to the official look of the email, I've never actually responded. I check my email through Yahoo before storing it on my PC, then add the spammers' domains to the list of blocked addresses right away and phone the bank, eBay, PayPal customer service to report the spam. Whenever possible, I kick my bf off his Mac and check my email there. He actually clicks on spammers' links and has fun trying to find out where they go. Claims Macs are totally immune. :o)

OTOH, I check my mother's email daily for spammers, etc. and have never found anything in the year she's been online. However, she had a long list of viruses on her PC, and, on a recent visit, I reformatted her hdd, reinstalled all of her apps (which basically consists only of AOL and printer software), and downloaded a firewall, virus scan app, adware/malware blockers, etc. Looks like this will be a yearly project - luckily manufacturer provided CDs that ghosted her system when we purchased, making the process really simple.

Collapse -
Phishing / Spam

In reply to: 6/24/05 How to recognize and avoid phishing scams

Today companies are losing approximately $2,000/year/employee due to these malicious attacks. One of the things which most software/hardware spam/virus filtering companies DO NOT PROVIDE is a defense against are imperceivable tags imbedded in HTML that gives spammers the ability to monitor end user activity and obtain certain information about them. Most companies believe they are protected and most don't even know how open their to network is breached. Their are solutions to this out their through managed services that can mask the IP addresses giving a ''false'' or dead link back to spammers; however, even most IT people are unaware of the right questions to ask or review in their product analysis. Without saying, most private users of ISP services are totally exposed as providers are not filtering for these items.
Jim Strunk
MX Logic

Collapse -
Phishing scams - the companies aren't helping

In reply to: Phishing / Spam

I just took the MailFrontier Phishing IQ Test, which is a great tool for educating people on what to look out for. I scored 80%. The two I got wrong were ones I thought were scams, but were in fact legit. First, it doesn't bother me much that I got those wrong, since I was erring on the side of caution. However, the reasons I was wary of those messages is what concerns me about the practices of these companies.

The two test emails I mistakenly flagged as phishing scams had bogus-looking URLs: Bank of America used the domain "", and the CapitalOne message had a link to the domain "". The test answers even pointed out that thest were suspicious looking.

What concerns me is that if companies continue to use such odd-looking domains to conduct legitimate business, people will get used to seeing them, so they won't raise the red flags that the should. I'm sure the phishers love this, since these companies are conditioning people to fall for their scams.

I understand that companies need to load-balance their servers, or track the responses to various messages. However, there are many other ways to do that without creating new domains.

Collapse -
Why do the banks make it hard to be a "Good Guy"

In reply to: Phishing scams - the companies aren't helping

What drives me to distraction is when one tries to report an attempted identity theft, the banks involved make it very difficult to find a simple, normal email address to which to forward the offending spam. Often they want you to fill out HTML forms, then to add insult to injury, the forms are often character limited, so when you try to copy/paste the neccessary information it won't fit!
If all the affected finacial institutions would simply establish a standard "" or "", they'd get a great deal more feedback on a timely basis. No doubt many folks just give up and delete the spam.

There is an organization, clearing-house, as it where, collecting phishing spam. Be sure to copy/paste the FULL HEADER when forwarding the email:
Send to: Phishing <>

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.