figby.com

A particular type of spam/scam called phishing is making the news more and more lately. This is a new cute name for the classic impersonation scheme where you get an email claiming to be from Paypal, eBay, or your bank and asking you to verify your username and password.

Right now these scam emails are pretty obvious to the informed–they make spelling and grammar mistakes the real company never would, include obvious fraudulent links, and ask for information no real company would ask for. But eventually one will be professional and subtle, so I thought I would share my strategy to guarantee these scammers can’t reach you. (More inside)

The idea is simple: make a list of critical companies (anywhere you have a password) and for each one, change your email address so that each sender has their own unique address. This is very easy if you have the right tools. Many ISPs will let you use variations of your email address, like me-ebay@example.com or me-paypal@example.com. Or just get a cheap domain name and use things like ebay@example.com.

Now, when you get an email supposedly from any of these companies, check the To: address before you click on anything. This has worked perfectly for me for years, and now that I’m in the habit of using custom email addresses, it takes no time.

As a bonus, this is a very effective way to combat spam. You can whitelist the custom addresses in your spam filter, since only one company knows each one. And if one of them does receive spam, you know who leaked your address–and you can blacklist it.