[X4U] re recent thread on paypal phishing emails

[Linda]

On 3/18/09 7:30 AM, Ed Gould wrote:

> I got an phishing email, so I thought I would report it.
> I went to the banks web site and I looked and looked and looked and
> could not find any contact information.
> The only way I could contact them was *IF* I had an account.
> Now you tell me who should I contact in those circumstances?

There are several email addresses that just about every company has created
in this day and age:

abuse@[insertnamehere].com (or .net, or .info, or .us, or .biz, etc.)
postmaster@[insertnamehere].com
spoof@[insertnamehere].com
spam@[insertnamehere].com

and even if those addresses aren't "live", domains can be set up so that
mail that doesn't come to a legitimate email address is still routed to
another box at the company.

You might get bounces using one of those addresses, or you might not. If you
get a bounce, well, you tried; if the email goes through, well hot dog
you've helped them out a little.

One thing that hasn't been mentioned in the thread so far (that I've
noticed, anyway) is that when forwarding these emails to the proper
authorities, you should if possible include the long headers where the real
info about sending IP, etc., is stored.

You should also forward spam and phishing emails to spam at uce.gov. The FTC
uses the crap that's sent to them to pursue legal action against phishers.

<http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec02.shtm>

And, if you can handle yet ONE MORE forward of the email, that link says you
should also send a copy to your own ISP, so that they can take steps to
blacklist the IP the spammers are using.

~Linda