Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

End of phishing emails in sight?

Posted by Michael Bloch in ecommerce (Monday July 24, 2006 )

These days, I don’t even bother opening anything that seems to be from PayPal, my bank or any other company that holds personal data about me without viewing the headers first. If you’re not sure how to view a header without opening the email; it’s very easy in Outlook.

1. highlight the email
2. right mouse button click
3. select options

This will bring up a dialog box with the message headers. Check the second batch of “received : from” lines, ignoring any email address that may be there, but take a look at the mailserver address – that will give you a more reliable indication of the origins of the message.

Most major corporations will have their domain name mentioned in those lines, if not their domain, then one related to to them. For example, PayPal emails will always have paypal.com in the second “receive from” lines – note: using PayPal as an example, be sure it ends in paypal.com not paypal.com.someunrelatedsite.com. You can also run a WHOIS search on mailserver IP’s and domain names to further determine authenticity.

One general rule of thumb to help protect yourself from phishing attempts is to never log into an account interface via an email link if you’re not totally and absolutely certain that the email is actually from the company it claims to be. It’s safer to go directly to the company’s site and log in to your account that way.

Related:

Anti-spam filtering services review and free trial
How viruses and spam wind up in your inbox
Anti-hacking tips for online business

-->

New research from the Carnegie Mellon University is pointing to a more effective solution for filtering out the vast majority of phishing emails possibly being available soon.

The CMU researcher’s work to date states a success rate of filtering over 92% of phishing emails, with only a false positive rate around 0.1%.

This result, claims the researchers, is a better result than SpamAssassin – which is a free, server based (and overall, very good) filtering software package currently used extensively by many ISP’s and web hosting companies.

It’s only early days yet for the solution the Carnegie scientists have named PILFER, but it’s nice to see that perhaps there’s some hope on the horizon for a more effective phishing filtering system.

Download the 16 page research paper “Learning to Detect Phishing Emails” (PDF) for further information on the PILFER system.

Spam filters currently in use can only do so much, if they are tweaked too highly towards paranoid level, legitimate mail is also filtered out – these incidences are called false positives. It’s a fine line between protecting your inbox and losing a lot of real mail; so consequently for most of us, some degree of spam and phishing emails continue to roll in as our ISP’s and hosting providers do daily battle with trying to keep the filters tweaked to optimum levels.

These days, I don’t even bother opening anything that seems to be from PayPal, my bank or any other company that holds personal data about me without viewing the headers first. If you’re not sure how to view a header without opening the email; it’s very easy in Outlook.

1. highlight the email
2. right mouse button click
3. select options

This will bring up a dialog box with the message headers. Check the second batch of “received : from” lines, ignoring any email address that may be there, but take a look at the mailserver address – that will give you a more reliable indication of the origins of the message.

Most major corporations will have their domain name mentioned in those lines, if not their domain, then one related to to them. For example, PayPal emails will always have paypal.com in the second “receive from” lines – note: using PayPal as an example, be sure it ends in paypal.com not paypal.com.someunrelatedsite.com. You can also run a WHOIS search on mailserver IP’s and domain names to further determine authenticity.

One general rule of thumb to help protect yourself from phishing attempts is to never log into an account interface via an email link if you’re not totally and absolutely certain that the email is actually from the company it claims to be. It’s safer to go directly to the company’s site and log in to your account that way.

Related:

Anti-spam filtering services review and free trial
How viruses and spam wind up in your inbox
Anti-hacking tips for online business



 

 
Comments for End of phishing emails in sight?

No comments yet.

Sorry, the comment form is closed at this time.