Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Anti phishing information (phighting phishing ?)

Well, after the early week experience with getting a Bank of the West site taken down, I've taken on two more which have come in today. One of these was an ebay spoof, the other paypal. In both cases…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

Well, after the early week experience with getting a Bank of the West site taken down, I've taken on two more which have come in today. One of these was an ebay spoof, the other paypal. In both cases I've emailed the appropriate abuse address on the owners network (this time one is in China, I think the second was as well.) I did find out something neat about paypal and ebays ways of reporting.

One great congratulations to paypal for this nice, clear direction. If you think that you have received a fraudulent email (or fake website), please forward the email (or URL address) to spoof@paypal.com and then delete the email from your mailbox. Never click any links or attachments in a suspicious email.

What I really like about this is that people that CAN identify the URL can go ahead and save them the legwork of researching it. I like that. Some companies tell you to forward it exactly as you receive it and don't want you to do anything else. They also don't let you give any other information, which to me is frustrating.

With ebay, I'm not as enthused with their structure for this, but they do give a web form at their security center ( http://pages.ebay.com/securitycenter/ ). Unfortunately you do have to log in to finalize things. Which means if you're not an ebay user, you're out of luck. They do give three different fields to fill in. 1) Message headers 2) message body 3) comments.

Personally, I have not yet seen it as effective to go after the sending IP's for the phishing emails unless I'm getting flooded from one IP. It seems to be more effective to go after the website address as I've seen several emails refer to the same address.