Checked out my spam folder today and an email from PayPal diverted my attention. OK, I’ve been receiving spam mails calming to be from PayPal, asking me to ‘reset my password’ even before I owned a PayPal account 
But this one was better than the simple textual ones I used to get. This was an exact look alike of the original PayPal emails.. Complete with CSS formatted right infobar !
Sender : <service@paypal.com>
Fake PayPal email
An authentic PayPal email
What I mean from this is that scammers and phishers are trying their level best to deceive you. Mail service providers do help a lot with phishing mail warnings. Browsers too display phishing site warnings the moment you enter one. But it’s always better to know your stuff.
Gmail had already found it to be a ’spoofing’ mail and hence marked it as Spam. All the hyperlinks in such emails will be unlinked. I was curious to find out the phishing site and desperately wanted the link ..
Anyways, here is a way to find out if a mail is fake or not. View the original message header.
For gmail, just click on “show original”.
Find out the “Received” field. Check if the domain from which the mail was sent is actually the domain in the ‘from’ address of the mail..
Received: from server7.techplanetindia.com ([66.90.103.81])
by mx.google.com with ESMTP id f6si31844636pyh.2007.07.12.19.07.06;
Thu, 12 Jul 2007 19:07:06 -0700 (PDT)
Received-SPF: neutral (google.com: 66.90.103.81 is neither permitted nor
denied by domain of nobody@server7.techplanetindia.com)
Received: from nobody by server7.techplanetindia.com with local (Exim 4.63)
(envelope-from <nobody@server7.techplanetindia.com>)
id 1I9AYk-0000f9-6z
The mail was actually mailed from <nobody@server7.techplanetindia.com>
For Yahoo! mail, you’d need to enable email headers as it is disabled by default. Sign into Yahoo mail, Options > General Preferences > Scroll down to Messages and choose ‘Show all headers on incoming messages’
Now, you can see the original email header on all your mails. E.g:
The next time you get a mail and feel the least bit suspicious about it, don’t forget to check out the headers.
cheers !
Read Notify is also good software. Check its potential at stopping fake paypal emails too. i have a guide on stopping these emails
The ebay scam that gets you hundreds off a car
Re: Hi my fairyTuesday, 12 May, 2009 12:28 AM
From: “Katya3″ View contact detailsTo: pramila_ra@yahoo.co.inHELLO MY DEAR ABHI!!!
I’M SO SORRY FOR LONG TIME NO WRITING!!!
THAT HAPPENED BECAUSE I’M IN MOSCOW AND I HAVENT GOT MY OWN COMPUTER HERE.
IT IS REALLY EXPENSIVE INTERNET ALL OVER THE MOSCOW BUT NOW I’M IN ONE INTERNET CAFE
WHERE I SHOULD PAY ABOUT 10 EURO PER HOUR FOR THE CONNECTION.
PLEASE TELL ME HOW ARE YOU?? HOW IS EVERYTHING?
I HAVE REALLY GOOD NEWS FOR YOU!!!
TODAY I WAS AT THE EMBASSY AND I HAD AN INTERWIEW THERE. THEY ASKED ABOUT EVERYTHING,
AND NOW I HAVE ALL COMPLETE OF MY DOCUMENTS!!! IT IS REALLY WONDERFUL!!!
NOW I’M STILL WAITING FOR MY COUSIN’S HELP ME TO GO TO YOU MY LOVE!!!
HOW DO YOU FEEL??
I FEEL REALLY HAPPY BECAUSE VERY VERY SOON I WILL SEE YOU AND BE CLOSE TO YOU MUCH TIME!!!
I HOPE THAT YOU ARE HAPPY AS I AM!!!
PLEASE REPLY ME, I WILL WAIT YOUR LETTER VERY MUCH!!!
You have sparked some of my interest and I am going to do some additional research. Feel free to check out some my blog in the near future… as I just posted a great blog about the 36 Best Wordpress plugins for 2009. thanks
Received: (qmail 22481 invoked from network); 12 Oct 2008 23:46:05 -0000
Received: from nic.ira.sch.gr ([194.63.237.132])
by mail-cluster.att.sch.gr (qmail-ldap-1.03) with QMQP; 12 Oct 2008 23:46:05 -0000
Delivered-To: CLUSTERHOST nic.ira.sch.gr alexand@sch.gr
Received: (qmail 12447 invoked by uid 207); 12 Oct 2008 23:46:06 -0000
Received: from 72.14.204.168 by nic (envelope-from , uid 201) with qmail-scanner-2.01
(sophie: //.
Clear:RC:0(72.14.204.168):SA:0(-0.0/5.0):.
Processed in 1.658166 secs); 12 Oct 2008 23:46:06 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on nic
X-Spam-Status: No, score=-0.0 required=5.0 tests=HTML_MESSAGE,SPF_HELO_PASS,
SPF_PASS autolearn=failed version=3.2.4
X-Spam-Level:
X-Envelope-From: mtheodoros6@gmail.com
Received: from qb-out-1314.google.com ([72.14.204.168])
(envelope-sender )
by nic.ira.sch.gr (qmail-ldap-1.03) with SMTP
for ; 12 Oct 2008 23:46:03 -0000
Received: by qb-out-1314.google.com with SMTP id e16so1300254qba.18
for ; Sun, 12 Oct 2008 16:46:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:date:from:to
:subject:mime-version:content-type;
bh=2A148Fek7eHj8UznsRJNAXJaR+CMHip56LVxguUzVns=;
b=V/e9kAQBRoi66XqdKCroxG5sr8Xvq7ky58zisngoxXeS8+LMt7f0WZ8oSI+uLA5jcY
F0ECE4teIdLwy1iElfnALYqi4ss3BvLlovxJ0LUgVXzXfdVj4ik6CgDIGMst5ZR4YA4Z
qLwrS/TlQCe8Dps7orQnAPgFW83F9/7/uDiNE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:date:from:to:subject:mime-version:content-type;
b=SHJ8RLEOpxxtRHNrPmJHtMZnoELRXRZYH50P6NoXw8deoDQPGXh3cKanLvgq43aufn
MKTkF34EyxWg7gteZ5iABNlAWuYTmzM0m5Hw0qAB2ts42DN4jxVzbtDX/yWheJtd9CeT
RpW7nOns8BpilgIn+s8++A7szEuiyojXHXir8=
Received: by 10.210.24.7 with SMTP id 7mr4543666ebx.98.1223855160932;
Sun, 12 Oct 2008 16:46:00 -0700 (PDT)
Received: by 10.210.120.8 with HTTP; Sun, 12 Oct 2008 16:46:00 -0700 (PDT)
Message-ID:
Date: Mon, 13 Oct 2008 02:46:00 +0300
From: “martakis theodoros”
To: alexand@sch.gr
Subject: =?ISO-8859-7?B?0NHP09nQycrP?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”—-=_Part_34947_11727234.1223855160939″
A-one post ..
RAD POST. thanks for the gmail tip. very very helpful.
EXCELLENT post .helped. thankyou
nice post.. i always wondered how to get full headers in yahoo..