Saying no to PayPal Phishing Attacks

Tuesday, August 09, 2005

Users on my mail server, well at least the ones with domains subscribed to the filtering service, no longer receive PayPal spoofs unaltered! The trick to catching this vermin is both simple and accurate.

An e-mail is certainly a phishing attack when all three of the following conditions are met:

  • The From address claims to be paypal.com
  • The Received header, which indicates the address of the computer from which the e-mail was actually received, is not paypal.com
  • A paypal.com URL is mentioned in the body of the e-mail
Similar rules can be applied to ebay.com, suntrust.com, and any of the other brands that are spoofed. The code has already been written and these rules are easily implemented with SpamAssassin and available at http://www.rulesemporium.com.

Instead of the offending message being delivered unmarked to users who may be tricked by the scams, the users receive an e-mail stating that the message is suspected spam, giving enumerated reasons. Users can of course still see the original e-mail that is attached to the explanation message.

I wonder why the "Anti-Phishing Working Group" does not provide useful information like this. I suspect the next useful feature would be automatic reporting to spoof@paypal.com or similar addresses that may be maintained by organizations who are victims of phishing scams.

Posted by Frank Rietta at 11:33 AM

Comments

Post a Comment

Links to This Post

Create a Link

<< Home

"Whenever you find a man who says he doesn't believe in a real Right and Wrong, you will find the same man going back on this a moment later."
-- C.S. Lewis, The Case for Christianity

Recent Posts

Archives

April 2005 / May 2005 / June 2005 / July 2005 / August 2005 / November 2005 / April 2006 / June 2006 / August 2006 / September 2006 / November 2006 / December 2006 / January 2007 / January 2008 /

My Photo
Name: Frank Rietta
Location: Atlanta, Georgia, United States

I am a software developer who has been marketing on the internet since 1999. I hold an MS in Information Security from the Georgia Institute of Technology, from where I previously earned a BS in Computer Science in 2005. I ran an Atlanta-based web hosting business from 1999 until I sold it in 2005.


Home | Product List | Privacy | Contact