Hide your secret files INSIDE photos, videos or other files with OmniHide PRO.

Distinguishing fraudulent e-mails


Checked out my spam folder today and an email from PayPal diverted my attention. OK, I’ve been receiving spam mails calming to be from PayPal, asking me to ‘reset my password’ even before I owned a PayPal account πŸ˜€ But this one was better than the simple textual ones I used to get. This was an exact look alike of the original PayPal emails.. Complete with CSS formatted right infobar !

Sender : <service@paypal.com>

Fake paypal email
Fake PayPal email

PayPal original mail
An authentic PayPal email

What I mean from this is that scammers and phishers are trying their level best to deceive you. Mail service providers do help a lot with phishing mail warnings. Browsers too display phishing site warnings the moment you enter one. But it’s always better to know your stuff.

original_mesage.jpg

Gmail had already found it to be a ‘spoofing’ mail and hence marked it as Spam. All the hyperlinks in such emails will be unlinked. I was curious to find out the phishing site and desperately wanted the link πŸ˜€ ..

Anyways, here is a way to find out if a mail is fake or not. View the original message header.
For gmail, just click on “show original”.

Find out the “Received” field. Check if the domain from which the mail was sent is actually the domain in the ‘from’ address of the mail..

Received: from server7.techplanetindia.com ([66.90.103.81])
        by mx.google.com with ESMTP id f6si31844636pyh.2007.07.12.19.07.06;
        Thu, 12 Jul 2007 19:07:06 -0700 (PDT)
Received-SPF: neutral (google.com: 66.90.103.81 is neither permitted nor
denied by domain of nobody@server7.techplanetindia.com)
Received: from nobody by server7.techplanetindia.com with local (Exim 4.63)
 (envelope-from <nobody@server7.techplanetindia.com>)
 id 1I9AYk-0000f9-6z

The mail was actually mailed from <nobody@server7.techplanetindia.com>
For Yahoo! mail, you’d need to enable email headers as it is disabled by default. Sign into Yahoo mail, Options > General Preferences > Scroll down to Messages and choose ‘Show all headers on incoming messages’

yahoo_mailoptions.jpg

Now, you can see the original email header on all your mails. E.g:

Authentication-Results: mta485.mail.mud.yahoo.com from=hotmail.com; domainkeys=neutral (no sig)
Received: from 65.54.246.162 (EHLO bay0-omc2-s26.bay0.hotmail.com) (65.54.246.162) by mta485.mail.mud.yahoo.com with SMTP; Fri, 13 Jul 2007 10:05:41 -0700

The next time you get a mail and feel the least bit suspicious about it, don’t forget to check out the headers.

cheers !

 
Discover upcoming movies
 

10 responses to “Distinguishing fraudulent e-mails”

  1. Juegos says:

    I report these mails to spamcop.net, maybe they can do more to protect us in the future.

  2. dave says:

    Read Notify is also good software. Check its potential at stopping fake paypal emails too. i have a guide on stopping these emails

    The ebay scam that gets you hundreds off a car

  3. Abhi says:

    Re: Hi my fairyTuesday, 12 May, 2009 12:28 AM

    From: "Katya3" View contact detailsTo: pramila_ra@yahoo.co.inHELLO MY DEAR ABHI!!!

    I'M SO SORRY FOR LONG TIME NO WRITING!!!

    THAT HAPPENED BECAUSE I'M IN MOSCOW AND I HAVENT GOT MY OWN COMPUTER HERE.

    IT IS REALLY EXPENSIVE INTERNET ALL OVER THE MOSCOW BUT NOW I'M IN ONE INTERNET CAFE

    WHERE I SHOULD PAY ABOUT 10 EURO PER HOUR FOR THE CONNECTION.

    PLEASE TELL ME HOW ARE YOU?? HOW IS EVERYTHING?

    I HAVE REALLY GOOD NEWS FOR YOU!!!

    TODAY I WAS AT THE EMBASSY AND I HAD AN INTERWIEW THERE. THEY ASKED ABOUT EVERYTHING,

    AND NOW I HAVE ALL COMPLETE OF MY DOCUMENTS!!! IT IS REALLY WONDERFUL!!!

    NOW I'M STILL WAITING FOR MY COUSIN'S HELP ME TO GO TO YOU MY LOVE!!!

    HOW DO YOU FEEL??

    I FEEL REALLY HAPPY BECAUSE VERY VERY SOON I WILL SEE YOU AND BE CLOSE TO YOU MUCH TIME!!!

    I HOPE THAT YOU ARE HAPPY AS I AM!!!

    PLEASE REPLY ME, I WILL WAIT YOUR LETTER VERY MUCH!!!

  4. affiliate.solutions says:

    You have sparked some of my interest and I am going to do some additional research. Feel free to check out some my blog in the near future… as I just posted a great blog about the 36 Best WordPress plugins for 2009. thanks

  5. aaa says:

    Received: (qmail 22481 invoked from network); 12 Oct 2008 23:46:05 -0000

    Received: from nic.ira.sch.gr ([194.63.237.132])

    by mail-cluster.att.sch.gr (qmail-ldap-1.03) with QMQP; 12 Oct 2008 23:46:05 -0000

    Delivered-To: CLUSTERHOST nic.ira.sch.gr alexand@sch.gr

    Received: (qmail 12447 invoked by uid 207); 12 Oct 2008 23:46:06 -0000

    Received: from 72.14.204.168 by nic (envelope-from , uid 201) with qmail-scanner-2.01

    (sophie: //.

    Clear:RC:0(72.14.204.168):SA:0(-0.0/5.0):.

    Processed in 1.658166 secs); 12 Oct 2008 23:46:06 -0000

    X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on nic

    X-Spam-Status: No, score=-0.0 required=5.0 tests=HTML_MESSAGE,SPF_HELO_PASS,

    SPF_PASS autolearn=failed version=3.2.4

    X-Spam-Level:

    X-Envelope-From: mtheodoros6@gmail.com

    Received: from qb-out-1314.google.com ([72.14.204.168])

    (envelope-sender )

    by nic.ira.sch.gr (qmail-ldap-1.03) with SMTP

    for ; 12 Oct 2008 23:46:03 -0000

    Received: by qb-out-1314.google.com with SMTP id e16so1300254qba.18

    for ; Sun, 12 Oct 2008 16:46:01 -0700 (PDT)

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

    d=gmail.com; s=gamma;

    h=domainkey-signature:received:received:message-id:date:from:to

    :subject:mime-version:content-type;

    bh=2A148Fek7eHj8UznsRJNAXJaR+CMHip56LVxguUzVns=;

    b=V/e9kAQBRoi66XqdKCroxG5sr8Xvq7ky58zisngoxXeS8+LMt7f0WZ8oSI+uLA5jcY

    F0ECE4teIdLwy1iElfnALYqi4ss3BvLlovxJ0LUgVXzXfdVj4ik6CgDIGMst5ZR4YA4Z

    qLwrS/TlQCe8Dps7orQnAPgFW83F9/7/uDiNE=

    DomainKey-Signature: a=rsa-sha1; c=nofws;

    d=gmail.com; s=gamma;

    h=message-id:date:from:to:subject:mime-version:content-type;

    b=SHJ8RLEOpxxtRHNrPmJHtMZnoELRXRZYH50P6NoXw8deoDQPGXh3cKanLvgq43aufn

    MKTkF34EyxWg7gteZ5iABNlAWuYTmzM0m5Hw0qAB2ts42DN4jxVzbtDX/yWheJtd9CeT

    RpW7nOns8BpilgIn+s8++A7szEuiyojXHXir8=

    Received: by 10.210.24.7 with SMTP id 7mr4543666ebx.98.1223855160932;

    Sun, 12 Oct 2008 16:46:00 -0700 (PDT)

    Received: by 10.210.120.8 with HTTP; Sun, 12 Oct 2008 16:46:00 -0700 (PDT)

    Message-ID:

    Date: Mon, 13 Oct 2008 02:46:00 +0300

    From: "martakis theodoros"

    To: alexand@sch.gr

    Subject: =?ISO-8859-7?B?0NHP09nQycrP?=

    MIME-Version: 1.0

    Content-Type: multipart/mixed;

    boundary="—-=_Part_34947_11727234.1223855160939"

  6. J Gutierrez says:

    A-one post ..

  7. JEAHBOYEEE says:

    RAD POST. thanks for the gmail tip. very very helpful.

  8. Umang says:

    EXCELLENT post .helped. thankyou πŸ™‚

  9. nice post.. i always wondered how to get full headers in yahoo..

 
 

We’re on Hostgator and we love it

Use coupon BLOGULATE994 and get 9.94$ flat off from any hosting package of your choice!

We're on Hostgator and are extremely happy with the service. Never down, cheap and powerful servers!
Use coupon BLOGULATE994 and get 9.94$ flat off from any hosting package of your choice!

Search Blogulate

Categories