Avoiding phishing scams

Filed under: — 4:26 am

A particular type of spam/scam called phishing is making the news more and more lately. This is a new cute name for the classic impersonation scheme where you get an email claiming to be from Paypal, eBay, or your bank and asking you to verify your username and password.

Right now these scam emails are pretty obvious to the informed–they make spelling and grammar mistakes the real company never would, include obvious fraudulent links, and ask for information no real company would ask for. But eventually one will be professional and subtle, so I thought I would share my strategy to guarantee these scammers can’t reach you. (More inside)

The idea is simple: make a list of critical companies (anywhere you have a password) and for each one, change your email address so that each sender has their own unique address. This is very easy if you have the right tools. Many ISPs will let you use variations of your email address, like me-ebay@example.com or me-paypal@example.com. Or just get a cheap domain name and use things like ebay@example.com.

Now, when you get an email supposedly from any of these companies, check the To: address before you click on anything. This has worked perfectly for me for years, and now that I’m in the habit of using custom email addresses, it takes no time.

As a bonus, this is a very effective way to combat spam. You can whitelist the custom addresses in your spam filter, since only one company knows each one. And if one of them does receive spam, you know who leaked your address–and you can blacklist it.

2 responses to “Avoiding phishing scams”

  1. Franko says:

    Perhaps an easier way is to make a folder and filter for each official company you do business with. For example: in Eudora you have a Paypal folder where you tell Eudora to filter anything coming from paypal.com and has your correct To: address and put it into that folder.

  2. slander says:

    There is a free online service called sneakemail which greatly simplifies this technique. After logging in, you create disposable addresses (e.g. the one I’m posting with this comment) which forward to a ‘real’ address. While the disposable address is a random number, mail sent to it arrives at your inbox tagged with identifying info in the subject. When you hit ‘reply’ in your mailer, all correspondance is routed back through sneakemail making it appear to Paypal (or whoever) that the reply came from the disposable address. Now you don’t need to whitelist, as you can destroy a spammed address completely (or use greylisting, as described on their site).

(c) 2001-2007 Michael Moncur. All rights reserved, but feel free to quote me.
Powered by WordPress