Spoof/Fishing E-Mails
Greetings!:
I expect that all of us who use E-Mail have, especially in recent years, been the recipients of these messages which preport to be from some legitimate business, usually a bank or online sales outlet, claiming that the information we have on record with such is out of date, etc., and urging, or more frequently it would seem demanding/requiring, that we update said information on pain of losing our privileges with that particular institution or outlet. As most of us hopefully know by now, this practice has come to be called either fishing or spoofing since, if one gives in, the perpetrator(s) have caught the fish as it were, our sensitive personal and/or financial information, and thus can use it to their own perverse ends. It further appears that, since we are being increasingly and rightly advised to expose the full headers of such messages when reporting them to various authorities (such as the FTC's reporting E-Mail address, spam@uce.gov, or addresses such as spoof@ebay.com, spoof@paypal.com or abuse@(variousotherdomains).com), the perpetrators of these scams now often forge these headers, thus making the messages even more difficult to trace. And yet, despite these seemingly-sophisticated "safeguards," they can also appear _EXTREMELY_ stupid sometimes, such as when they ignore PayPal's _CLEARLY_-stated procedure that _ALL_ legitimate messages originating from them begin with the full name of the recipient. For those who know this, the proverbial game is up already, and thus they should not be caught. There is yet another stupidity I have detected sometimes. Certain of these messages, according to their full headers, are said to be from nobody@domain.com. One hopes that _NOBODY_ in their _RIGHT_ mind would fall for a message from such a lame-brained (if I may describe such in that way) nobody! This is an important factor, but what I wish to mainly ask here is what progress, if any, is being made to unmask those who forge their headers? Can we expect any sort of technology in the near future which will make it difficult, if not impossible, for one to get away with forging one's headers, thus allowing for the perpetrators of these scams to be caught? I am glad, if it will help, to continue forwarding on these messages to the proper authorities for hoped-for action, but this sometimes can be tedious at best, and so could someone _PLEASE_ try to come up with some sort of technology which will, at _VERY_ worst, be _EXTREMELY_ difficult for these scammers to circumvent? What say any of you if you have some information you can share without inappropriately breaching any sort of valid security? And while we are about it, I have lately started receiving once again (though I always receive some occasionally) these Nigeria-fee-scam messages. I gather that this scam, in one form or another, has been around since the Middle Ages, and yet is there hope for _FINALLY_ stamping it out, at least on the Internet?
We have been having some moderate temperatures here in our Nation's Capital over the past day or so, so I hope any of you who read this are somehow experiencing the like where you are!
Further hoping this finds you otherwise well,
J. V.
posted by JVaughan at Saturday, July 08, 2006
4 Comments:
I realize what is said about talking to oneself, but these spoof/fishing messages preporting to particularly be from PayPal are becoming _MOST_ nu merous and annoying! I thus, more than ever, hope that someone has something to offer as per my queries in the main post of this thread! There was even one containing active exe controls about which Internet Explorer warned me, and thus, though I wished to send it on to the FTC and PayPal as usual, I _DARED_ not open it for fear of what might happenn to my computer (and this was not the first time this had happened). Our Honourary Patroness says that one function blogs can serve is to provide an outlet, yet I somehow hope this comment and the post I wrote preceeding it can serve as _MUCH_ more!!!
Again I must ask your indulgence should there be any typographical errors.
J. V.
I believe it is phishing (with a P H), not fishing (with an F), but I could be wrong on that.
I get lots of those, too. I ignore most of them. I don't bank online, so I have never fallen for the banking ones. I do get emails from Paypal, but they are very different than the fake ones, so I can easily tell the difference. Also, the URL's that the fake ones give you are not the correct domain name for Paypal.
I still believe "fishing" to be correct since that is precisely what this sort of spammer is doing. Yet I should try to check on this when next I get a response to one preporting to be from eBay.
Yes, PayPal makes it _QUITE_ clear that all legitimate messages from them will begin with a greeting to the member by full name. None of these spoof messages include this, thus giving the game up straightaway. Do they not know that?
J. V.
This is _LONG_ overdue, but our Honourary Patroness is indeed correct about this sort of message being known as "phishing," not "fishing" as logic might suggest. If I gather aright, this differentiation is made so as to not confuse the time-honoured practice of catching fish out of the water from the foul ppractice of phishing for peoples' identity, etc., on the Internet. Yes, this is another manifestation of the evolution, if this Creationist dare use that word, of the language, but this time a good one in my opinion!
J. V.
Post a Comment
<< Home