Wednesday, April 26, 2006

Spoof Emails

If one has email access, chances are that at some time or another he or she has received a spoof email. A spoof email is one that appears to have come from one source, when actually it has come from another. Spoofing is usually done in order to obtain sensitive information, such as passwords, credit card numbers, and so on. A prime example of a spoof email is one I received this morning which claimed to be from Ebay. It claimed that my account could be suspended if I did not verify or authenticate the information in my account. It even included a link which would take me to a place where I could "verify" or "authenticate" my information.

I must admit that this spoof email may have been convincing to someone else, but it did not fool me. The link through which I could "verify" or "authenticate" my information was a dead giveaway. EBay never includes links to pages where one can "verify" or "authenticate" one's information. Another dead give away is that nowhere did it include my EBay ID. In its emails EBay almost always includes one's Ebay ID. Another clue that the email was spoofed was its address--it did not sound to me like anything that would actually come from EBay. Here I should point out that if anyone receives an email claiming to be from EBay, they can always go to "My Messages" on the EBay website. If it is an official email, then it will be there. If it's a spoof email, then it won't.

One should never respond to any email that claims to be from an official site (EBay, PayPal, Yahoo, and so on) and demands that one provide personal information, particularly through a link conveniently provided on the email. And when at all possible, one should forward the offending email to the company from which the email claims to have come. Both EBay and PayPal have email addresses to which one can forward spoof emails. Spoofing is a very serious problem. While it is not that difficult to detect a spoof email, many people still fall victim to spoofing each year.

No comments: