Protect yourself from spoofs

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
September 18, 2008

In my last post I had mentioned about email spoofing and its impacts. These tricks may help you to recognize spoof emails and block them to some extent.

In spoof emails you might notice abnormal urgency asking you to reply back. They can send spoof emails in the name of PayPal and ask you to reply as soon as possible or your account gets banned. They may also deceive you saying that some unauthorized transaction occurred in your account and therefore ask you to feed your personal details.

If it is a spoof email, you can find a number of false links there. Hover your mouse over the links to see the URL which the link points to. If the link does not point to a relevant site, you can easily recognize that it is a spoof. Do not click on such links because they might collect your personal data and may also install spywares on the system.

Some emails may ask you to enter your personal information. Companies like Pay Pal never ask you to enter your personal details. So ignore such mails.

If you get an email asking you to enter your account information or update your account and give you a suspension warning don’t hurry. If you get any email from eBay check for the same message in My Messages inside your eBay account too. In My Messages you only receive emails that are genuinely from eBay. If the emails in your personal email account do not match the email inside My Messages, then be sure that it is a spoof.

You can check if the link really goes to The URL where it is supposed to go to. This is used to see if the real URL matches the address URL. Copy and paste this javascript code in the address bar of your browser and see the results. This can also help you recognize spoof emails or sites.

javascript:alert(%22The real URL is: %22 + location.protocol + %22//%22 + location.hostname + %22/%22 + %22\nThe address URL is: %22 + location.href + %22\n%22 + %22If the server names do not match, this may be a spoof.%22);

Sites where you enter your personal information must be preceded bye https where “s” stands for secure. If there’s no https, you are not in a secure session.

Spoof emails often contain misspelt spellings, horrible grammar and typos. Reputed companies are conscious about spellings and grammar. This can also help you recognize spoof emails.

Sometimes you can easily recognize spoof emails just by seeing the header. Amateur spoofers may not be able to fake the email address. You can see the headers in the following ways:

Outlook: select View/Options.

Outlook Express: select Properties/Details.

Pine: type H.

Eudora: click on the “Blah Blah Blah” button.

Yahoo! Mail: select “Full Headers.”

Hotmail: go to Options/Mail Display Settings/Message Headers and select “Full.”

Netscape: select View/Headers/All.

Check the header and tally the sender’s name and email address and check if it is matching. But only amateur spoof mailers will make such mistakes. Then look at the “received” filed. It’ll look something like: received from John Harvey(123.456.789.1). The number suggest the IP address. Now go to command prompt and type nslookup 123.456.789.1 ie nslookup (ip address), then hit enter. This will show you the SMTP server. Check to see if it is the one that matches with the SMTP server of a trusted company. But remember, professional spoofers can change IP address as well.

Take note of files attached to your emails. Remember trusted sites like PayPal, or sites of Banks never send such attachments. Don’t download such attachments, they might contain virus, trojans, spywares or malicious softwares.

Sites that provide security while adding personal information do not have pop ups. Neither do they look much flashy. This way also you can recognize spoof emails.

You may also like...