It's become great sport for spammers and evildoers to spoof people in e-mail in an attempt to extract personal information. This method of spamming is known as "phishing." These spoofs are of great concern to organizations like banks, online auction houses, credit card companies, and many other businesses.
Almost everyone has gotten one of these e-mails and been temporarily or permanently fooled by them. The e-mail will look like it came from a legitimate organization such as eBay, contain eBay's graphics, and duplicate eBay's default e-mail links and buttons, but contain a single action item in the form of a link that takes you to a bogus Web site. Go to that Web site and your e-mail address is verified and you become the source of future spoof attempts.
Typically these spoofs inform you of some account issue and provide you a link to follow to fix the problem. Of course, once there, you will be asked to log in. Once they acquire your login or, even worse, your identification information such as social security number or challenge response question (your mother's maiden name or name of your pet), they have all they need to charge up your credit card. The key to recognizing this kind of e-mail attack is to verify the location the link is sending you to and to identify the true address of the sender.
To most admins this is a trivial task, but make sure your users are educated as well.
Move your mouse over the link to observe the actual URL. Be extremely careful about following any URL that contains a referenced script such as CGI, and decline to go to any domain other than the one that contains the domain of the business being identified. These URLs can be rather tricky; to hide the true location you may see something like http://ebay.com:169.43.25.107:8080. That address isn't going to eBay, but to some other server at the address listed using a port of 8080 (which is Microsoft ISA Server's native port. A CGI script is capable of many more tricks such as displaying the true site for a while, then switching to a mock site for input.
You also want to carefully inspect the header of any e-mail message that is suspicious. Many e-mail clients hide the header so that you don't have to wade through a lot of extraneous nonsense to read your message. You need to turn the view of the header on. For Outlook or Outlook Express, you can open the message and select the Properties command from the File menu. In Eudora you would display the message and then click the Blah Blah button (literally). However you get there you want to look for the sender. A really professional spammer or scammer will do a mail relay where the mail is forwarded to another server in another domain and that server forwards the mail. So don't just look at the sender line, look also if the message from the sender was based on a message that it received. There are many tutorials on this topic on the Web, along with instructions on how to blacklist these folks. One example may be found at: http://www.panix.com/e-spam.html.
Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
