How to See and Stop Email Spoofers

In my email box this morning was a message from…myself. It looked like this:
I quickly hit “forward” and sent it to spoof@paypal.com, their designated mailbox for issues like this.

Obviously, it was sent from someone other than me. Let’s take a look at the most obvious clues, and one way to stop those messages from showing up in your mailbox.

The first sentence is fraught with spelling and grammatical errors.
If that’s not enough of a clue, the message is entirely vague and almost nonsensical.

They give you a link to click to “verify” your account. Don’t ever do that! If you click it, you will be taken to a ghosted PayPal site – a fraudulent site that looks like, but is not, PayPal. When you enter your account information on that fraudulent site, you are handing your PayPal account over to the criminals.

Sadly, you can’t stop these creeps from obtaining your email address and spoofing, but you can stop them from filling up your email box.

Check the Source Code

Every email program has an option to view the source code. In my program it is at the top right of the email screen and looks like this:

Sometimes you have to hunt to find the “view source” option. Don’t give up! I have to scroll all the way to the bottom of the list to click on the “View Source” option.

Once you do that, you will see the email message in its raw state, and you can determine where it originated.

In line three of the source code for this message, it was clear that it originated from “masterhost.ru.” Yup, it came from somewhere inside Russia. The actual account from which it was generated is masked, but now you know one place to start in order to block the spoofers.

Block the Domain

Every email program I’ve ever used has the option to block senders and block domains. You’ll have to hunt around in your email program to find it, but once you do, simply add “*@masterhost.ru” to the blocked list and you will no longer receive emails from any accounts related to that server.  The “*@” is shorthand for “any name at.” This means that if the sender is “Spoofer1” or “spoofer45” it won’t matter. All that counts is the “masterhost.ru” part.

It is up to each of us, individually, to keep the spoofers at bay, so that we can all enjoy email, social media, and electronic business without fear.  It can be time consuming to dig into the code and add email addresses to our blocked list, but the peace of mind it brings is worth the while.

 

Holiday Scam Emails

It’s a happy holiday season… until you get an email saying there’s a package waiting for you when you know you didn’t order anything. But it’s the holidays! Maybe someone sent you a surprise?  Here’s a quick look at how you can tell a message is bogus:

The first clue that this is Phishing (say “fishing”) is in the “From” line.  Why would Costco be sending out an email from some other company’s email account? It pays to look closely here.  Sometimes the hackers fake an email that is similar to the real one (like “orders@costcoo.com” – see the extra “o”?)

Clue #2 and #3 are grammatical.  The first one should be “…recipient coincides with yours.” The second one – well, no one in America would use that phrasing.
Clue #4 is that the message is vague. There is no purchase ID#, no indicator of the content of the order, not a single identifier of anything.

If you were to click on any of the links in this message, you would be taken to a fake Costco site, asked to fill in personal info, and within minutes of clicking “enter” or “next” or whatever button they have created, your bank account would be emptied or your credit card used for who knows what.

Have Happy Holidays – pay attention to every detail of the emails you receive, and never, ever click through without checking into it completely. In the example above, if I had indeed ordered something from Costco (and this message wasn’t so blatantly a scam) I would have phoned Costco to check it out, not click through on a message that was so vague.

Most large retailers have a Fraud Department, where you can report Phishing attempts like this. Click Here to see Costco’s Fraud page.