Fake or SPOOFED email Detection
Internet Scams
BBB Phishing Email
Blocking Popups
Worst Email Scams
Email Scams of 2007
Nanny Sites
FBI Surveillance Email
Advance Fee Scams
Auto Dialers
Chinese Quake Emails
Counterfeit Money Orders
Craigslist Scams
eBay Scam Tips
Fake Escrow Sites
Identity Theft
Internet Fraud
Lottery Scams
Nigerian Email Scams
Nigerian Check Scams
Online Auctions
Online Dating
Phishing
Spear Phishing
Phishing Schemes Getting Sneakier
Harry Potter Scam
Spoofed Email Detection
Spyware Delisting
Internet Security
What is a Firewall?
What is Adware?
What is Spyware?
You are at: Home Internet fraud Fake or "SPOOFED" email Detection

Fake or "SPOOFED" Email Detection

Several methods you can use to identify a phishing attempt before you become a victim

When the e-mail address in the FROM field is not that of the sender you have received a "SPOOFED" email. These emails come to a lot of individuals quite frequently and appear to be coming from legitimate companies like eBay, Paypal or a major bank. It is also referred to as "PHISHING". It is really easy for con artists to send spoofed email, but there are ways it can be detected.



Before we take a look at these methods, tip #1 is that your bank or eBay or PayPal will never ask you for your personal information through an email. If you do get an email from one of them asking you to send personal information you know that they already have it's a safe bet the email is not genuine.


Let's take a look at email 101:

First, your e-mail program (e.g., Eudora, Outlook, Hotmail, etc.) sends mail to an SMTP (Simple Mail Transport Protocol) server, a computer that relays your e-mail from from SMTP server to SMTP server across the Internet, until it arrives at its final destination, the recipient's mailbox. The mailbox stores this e-mail until it is fetched by an e-mail program, so the recipient can read it.

Every e-mail contains a hidden component known as a "header" that details the transmission route it took to your inbox. By viewing the header and doing a little investigating of suspicious e-mail you should be able to detect the sender's email address.

Here are some ways to check the headers in some well known email sources. If yours is not listed here you can check the help file for information on how to review the headers.

Outlook: select View/Options.

Outlook Express: select Properties/Details.

Eudora: click on the "Blah Blah Blah" button.

Pine: type H.

Hotmail: go to Options/Mail Display Settings/Message Headers and select "Full."

Yahoo! Mail: select "Full Headers."

Netscape: select View/Headers/All.

Look for any differences between the friendly name and the e-mail name. If the friendly name is "BIG BANK of US" but the e-mail address is jimmy@con_artists.com, or if the e-mail name is missing entirely, the e-mail may be spoofed. The sophisticated spoofer won't make this mistake though.

Then look at the Received fields. Each time the mail gets relayed through an SMTP server, a new Received field is added, and you read them bottom-to-top. The bottom one might look like this:

Received: from HarryPotter ([1234.1234.1234.1234]) by HarryPotterMail

(MyMailProgram v3.7) with SMTP id 9-2-7-1-6HarryPotterMail@Theaters for < Bobby Jones >; Sun, 24 Apr 2004 08:23:47 +3251 This is supposed to detail the original sending of the mail from the sender's mail program to their ISP's (or company's) SMTP server, although it can be forged. If the mail purports to be from HarryPotter.com but you see names like "con_artists.com" you have reason to be suspicious. It also pays to look up the sender's IP address, the four numbers separated by dots in the "Received:" line.

If the sender's IP address is 1234.1234.1234.1234 then at the Windows command prompt (Start, Programs, Accessories, Command Prompt) type:

Nslookup 1234.1234.1234.1234

This should tell you the name of their SMTP server. You can also use:

Tracert 1234.1234.1234.1234

Tracert will show the network route from your computer to the IP address indicated. Look for suspicious server names or clues to geographical locations (e.g., SFO for San Francisco). Again, you're looking for discontinuities. (Don't be surprised if the spoofer does some Internet magic to make the IP address useless to you, though.)

You can continue with this sort of detective work up through the different "received" fields. If you are lucky you can track down the e-mail address and ISP of the true sender and at least get them kicked off their ISP. If, for example, the e-mail comes from the ISP provider bored.com, send complaint e-mail to them at postmaster@bored.com.

Given today's e-mail infrastructure, there's not much that can be done to prevent spoofing. Companies and organizations can tighten up their mail servers and some have. If you are in a situation where the authenticity of the sender must be established and it is someone you are already in communication with, you can agree to use PGP (Pretty Good Privacy) which is available as freeware at http://web.mit.edu/network/pgp.html or other encryption programs when exchanging e-mail. Encryption protects messages from tampering and will positively identify the sender.

Good luck with your detective work and be very careful of "Spoofed" email.

Web Sites Related to Email Spoofing and Phishing Scam Detection

PGP (Pretty Good Privacy)




Car & Auto   |   Lemon Laws   |   Consumer   |   Investment   |   Internet   |   Telemarketing   |   Taxes

Home | Tip of the Day | Privacy | Site Map | Contact Us

How to report fraud and scams in your state

© 2008 Fraudguides.com. All Rights Reserved.
This site is protected under both U.S. Federal copyright law and international treaties. No part of this site,
including text, layout or images, may be reproduced or copied in any form or by any method.