How to Deal With Phishing Emails

Recently a Phishing email somehow slipped through the net and landed in my inbox. Usually I would just ignore and delete them, but this one was particularly devious and would have tricked someone less vigilant into handing over their peronal details to a thief.

Online abuse such as this really winds me up! So I’ve compiled this guide to help you decide the best course of action to take if you receive a phishing email.

What is Phishing

What can you do if you have responded to a Phishing email

Ways to tackle the problem yourself

Useful sources

What is Phishing?

“Phishing” involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims. Emails may look legitimate and closely resemble those of official companies and organisations such as Ebay, PayPal and online banks. However, clicking through the links supplied will take the user to a bogus site which will harvest their personal information for illegal extortion.

There are several ways to spot a Phishing email. Most notably is that official organisatione never ask for your personal details or account verification in an email! Copy and paste links into a web browser to check if they do actually link to the site in question. Or contact the organisation directly to see if the email did originate from them.

What to do if you have responded to a Phishing email

• Check your accounts immedietly and change your passwords (see my post on secure passwords for guidelines on password security).
• If you notice any unauthorised transactions, or cannot log in, you should contact the organisation immedietly to inform them that you believe your security has been breached. Do everything they tell you to do.
• You should also check any related accounts in the same manner.
• Contact the Police and inform them of all information you have. This may be time consuming and frustrating, but helps to cover your back against further damages. And after all, Phishing is illegal!
• If you entered any personal details such as your date of birth or address, you may also wish to check your credit report to ensure no credit accounts have been falsely opened in your name.

The sooner you act, the easier it will be to stop anything else from happening. If you wait too long to report fraud on your accounts, you may become liable for some or all of the money stolen from you! And this will also give the scammers the chance to lure another unsuspecting victim…

Ways to tackle the problem yourself

Assuming you haven’t responded to a Phishing scam, there are ways to deal with the Phishers to help avoid others from falling prey.

Contact the company involved in the scam immedietly. For example, if you received an email pretending to be from Paypal, send it to Paypal. Many companies have an email address to which you should send such emails, such as:

• Paypal: spoof@paypal.com
• Ebay: spoof@ebay.com
• Citi-Bank: emailspoof@citigroup.com
• Barclays: internetsecurity@barclays.co.uk
• Halifax: onlineemailinvestigations@hbosplc.com
• American Express: Anti.Phishing.Team@aexp.com

Ensure all email headers are visible before you send it (usually you can enable this in the “options” menu of your email software). It is preferable to send the Phishing email as an attachment, though many webmail servers do not allow this function in which case you should simply forward it instead.

Once you have done this, you should permanantly delete the email from your inbox.

If you are feeling more confident, you can investigate the origin of the email yourself. Pay no attention to the “From” and “Reply To” addresses as these are easily forged. Make sure you can see the full headers of the email which should provide information of where the email originated from. It should look something like this:

MIME-Version: 1.0
Received: from ctb-cache5-vif0.saix.net ([165.145.109.216]) by bay0-mc8-f8.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 16 May 2006 09:38:26 -0700
Received: from ctb-cache5-vif0.saix.net (196.25.255.195) by ctb-cache5-vif0.saix.net with SMTP;
Received: (qmail 2374 by uid 753); Tue, 16 May 2006 06:38:28 +0200
X-Message-Info: LsUYwwHHNt1MJ3+SDBjNqWm68AowQ1dA/tvtF+ne7BQ=
Return-Path: anemail@adomain.com
X-OriginalArrivalTime: 16 May 2006 16:38:28.0261 (UTC) FILETIME=[24C7AD50:01C97908]

As in this example, the email may have passed through more than one email server before arriving at its destination. You should look for the oldest server it passed through.

You should then do a WHOIS check on the domain or IP address found here. Urgent Click feature a great IP trace, but you should also check out Arin.net for more detailed information.

If your trace is successful, you should find some contact information for the server or domain from which the Phishing email originated. Now you can send them an email to let them know that illegal Phishing is originating from their server. Include the headers from your email and explain that the sender is not known to you, and that you believe links contained in the email lead to an illegal data mining website. Be brief and polite as administrators may have very many emails to respond to each day!

Reputable companies will act upon your information and hopefully close the Phisher’s account. Be warned, however, that many servers are set up specifically for the purpose of illegal data mining and will ignore any such complaints!

Useful sources

• Anti-phishing.org
• MillersMiles.co.uk
• Federal Trade Commission
• SpamCop