Spoofing and fake email alerts

First, detailed and easy to understand post on spoofing by Consumer Fraud Reporting. I have also attached a few common examples of spoof email (below) intended to get unsuspected user to a hijacked (possibly infected) website where his / her account credentials or personal information gets exploited by a 3rd party.

As you can see this particular email looks legitimate to an unsuspecting eye - this is what most emails I get from PayPal look like, and I bet emails from any financial institution, insurance or brokerage firm can be made to appear as convincing as this one... You can easily envision something similar coming from eBay, Bank Of America or E-Trade.

However, lets take a look at this email more closely (click on the picture to enlarge it)...

Let start from the email header on top of the message  (1) . If we take a closer look at our sender (From) line we see that sender email address originated from different domain he claims to belong to. Each domain name is unique and despite similarities between  paypal.com and update-paypal.com domain names, these are two different domains hosted on two different servers, possibly located thousand miles apart.

Check  (2)  is more critical... This is actual URL link embedded within email body responsible for directing user to a hacked or infected website. Again, this link appears to have legitimate PayPal address, but when look closely we see that programmed URL link will send us somewhere else (picture below).

Some newer email clients (Outlook or Live Mail) and web browsers (Internet Explorer or Firefox) will show actual URL link as soon as cursor placed over the link... Pay close attention to your web browser status bar on the bottom left corner where actual URL address will be displayed before you actually click on the link... However, some older web browsers or stand-alone email clients do not have this capability... If unsure, right-click on the link and left-click (normal click) to copy it. You then can open notepad or any other text editor and paste the link to see if it's legitimate. And if you did accidentally clicked on the link opening a web page look at your web browser address bar to see actual URL address you've been sent to.

At this point you should have pretty good idea if you have been spoofed - close your web browser and  delete email message in question immediately.

Added December 22, 2011

Be aware of end of the year scams - pay attention to sender's email address!

Here is another good (possibly easier to understand) tutorial on spoofing at eBay.com


Another BIG NO-NO... If you need to make sure always go directly to a website, www.paypal.com in this example, and DO NOT click on the links withing the message body.