EcommerceBytes-Update, Number 154 - November 06, 2005 - ISSN 1528-6703     2 of 8

Auction Software FAQ: How can I tell if I'm being phished?

By Andy Geldman

Email This Story to a Friend

In this column, I will answer some common questions about software for online auction users. Some of these questions are ones I have been frequently asked, while others address areas that are not well understood, or have myths to dispel. If you have a question you would like to see answered here please contact me at the email address below.

Today's question is "How can I tell if I'm being phished?"

Phishing is a fast-growing type of Internet fraud. The first stage of the scam is when you receive an email that appears to come from a trusted institution such as eBay, PayPal, or your bank. The email subject and text vary, but the fraudsters often pick an angle that scares users into taking action quickly, such as warning your account may be suspended or that unusual logins have been made. Other hoax emails look like eBay second-chance offers; invitations to become an eBay PowerSeller; or emails announcing you have won an eBay contest.

Phishing emails contain a link that you are instructed to click. This leads to a web page that looks just like the business the email supposedly came from, but has really been set up by the fraudster. The page requests your username and password, which, if you provide them, will be used for criminal purposes such as identity theft or fraud.

A year ago, phishing emails were easy to detect. The spelling and grammar were often awful, and the designs just didn't look right. Still, they worked often enough for the fraudsters to make money and improve their game. Their emails are much more convincing now - subject lines vary widely, email layouts are identical to the real thing, and link URLs are cleverly composed to mock the real site.

There are various ways of detecting a phishing email. It's possible to do it manually, but you must have your wits about you, and all of us can suffer errors of judgment when we're tired or stressed out. Still, if you rely on the manual approach, here's how I recommend you do it:

  1. - Check the address that the email was sent to, as many of us have multiple email addresses. Is your account actually registered at this address? Phishing emails are sent using spamming techniques - they don't know that you have an account with this email address; it's just a random guess.
  2. - Don't rely on your knowledge of prior phishing emails. Much as we detest these fraudsters, we shouldn't fall into the trap of thinking they are stupid. They are constantly changing and improving their attacks, and phishing emails can now look identical to the real thing - and different to all the ones you have seen before.
  3. - Without clicking on the link, find out where it points. The way to do this varies between email programs, but if you hover your mouse pointer over the link it will normally show up in a tooltip or the program status bar. Find the first forward slash in the URL after "http://". There may be a lot of text before that first forward slash, but just ignore it - the fraudster is trying to fool you. Work backwards from the forward slash, and note down everything up to the second period you find. This is the real domain name of the website. If it doesn't match the domain of the business the email is supposed to be from then it's probably fraudulent.

Manually identifying phishing emails is not easy, and there are other options. First, anti-spam programs can filter out a lot of unwelcome emails, so that you never have to see them at all. The weakness of anti-spam software is that it only guesses if email is good or bad, and will make mistakes. Don't rely on it as your only protection.

The next line of defense is your email software. Some programs have anti-phishing features built-in, such as Eudora's ScamWatch. Eudora, a free program from Qualcomm, displays a warning if the URL you are about to visit is suspicious. Microsoft has recently released an anti-phishing update for Outlook 2003, or there are add-ons such as Cloudmark Desktop for Outlook and Outlook Express, which is priced at $39.95.

Finally, if you open the link in your web browser, look for "https://" at the start of the address and the "secure site" icon (often a padlock or key), and then check out the URL as described above.

There are free browser add-ons such as the eBay toolbar and Cloudmark's Anti-Fraud Toolbar for Internet Explorer, and the Netcraft Toolbar for both Internet Explorer and Firefox. These are useful tools, but the web browser is your last line of defense, and you should aim to weed out the scams before you get that far.

The bottom line is, you should always manually type in a web address you know to be genuine, or use your favorites (bookmarks) menu. Never click a link in an email to log in to a website or to sign up for a service.


Eudora's ScamWatch

Microsoft Outlook Junk Email Filter Updates

eBay Toolbar

Cloudmark Desktop

Cloudmark Anti-Fraud Toolbar

Netcraft Toolbar

Editor's Note: Some people don't like toolbars, use your best judgement. Also, you can post alerts of phishing scams on the AuctionBytes online fraud forum:

About the author:

Andy Geldman is a freelance ecommerce and IT consultant, and webmaster of Web Retailer, a guide to eBay software and services Andy lives in London, England and can be emailed at andy.geldman @

You may quote up to 50 words of any article on the condition that you attribute the article to and either link to the original article or to
All other use is prohibited.