Don't Get 'Phished' In

Look closer: Is that e-mail for real, or a clever scam?

by staff writer
- Jan 22, 2010

Search Google News for "phishing scams" and you'll come up with hundreds of articles on the topic. Unfortunately, it seems these bogus e-mails designed to "fish" for Internet users' personal information are becoming more frequent—and more sophisticated.

In June alone, more than 49,000 unique phishing sites were detected, according to The Anti-Phishing Working Group, an educational organization devoted to eliminating phishing scams. That's the second-highest number recorded since the organization began keeping count.

You may think you'll never fall for one of these e-mails—and we certainly hope that's the case—but we'll show you what clues you can look for to safeguard your information.

Generally, anytime you receive an e-mail urging you to click on a link to verify your account information, a red flag should instantly go up.

In fact, the best course of action in that case is to go to your account by typing the URL in your browser's address bar or using your bookmark, log in and check your account for any alerts. Yet, everyday, people get taken in by phony e-mails that look frighteningly real.

The best option is always to go directly to a site by typing the URL in your browser's address bar or using one of your bookmarks

Phishing schemes have become so sophisticated that recently Robert S. Mueller, the director of the FBI, told Congress about a man who almost fell for one of these scams.

"[The e-mail] looked perfectly legitimate, and asked him to verify some information," Mueller reports. "He started to follow the instructions, but then realized this might not be such a good idea. It turned out that he was just a few clicks away from falling into a classic Internet phishing scam. This is someone who spends a good deal of his professional life warning others about the perils of cyber crime. Yet he barely caught himself in time… It was me."

Identifying a 'phishy' situation

One way you can prevent yourself from falling prey to such scams is to understand the technology behind these unsolicited e-mails. We'll break it down for you.

From addresses: The "from address" on suspicious e-mails can be a clue to whether an e-mail is on the up and up, but it shouldn't be your only clue. These can be faked, but it's still a good idea to look at the address carefully to see if it matches "from name," or the organization that is supposed to be sending you the e-mail. For instance, if you receive an e-mail from Auctiva, the from address should be or

From time to time, Auctiva also sends e-mails from, or With the exception of BuyShield, these addresses are subdomains of A subdomain is a unique site that is part of a larger domain, and is always identified by a prefix—that is, a name to the left of the main domain, separated by a dot.

If it differs even slightly—for instance if the from address is or (note the hyphen)—you're not dealing with a legitimate e-mail from Auctiva.

Mouse over the link to see where it would take you, or right-click and view the properties to find out the true address of the link

It's also a good idea to compare the from address with other e-mail communications you've received from the company in the past that you know for a fact are legit. If you don't have any previous e-mails from the organization, open a new browser window, navigate to the company's site and look up the Contact Us or About Us page to find its e-mail address.

"It's a bit of a cat and mouse game," says Auctiva Development Manager Shawn Crossley. "A good hacker can even spoof a from address."

Links: You'll get another clue about whether you're dealing with a fake organization from the links included in the e-mail. But use caution. Phishing sites can infect your computer with malware, so don't click on any links unless you're certain they're safe. And don't trust the link's display text, either. It could read one thing, but clicking the link might take you elsewhere.

The best ways to detect a phishing link are to mouse over the link to see where it would take you, or right-click and view the properties to find out the true address of the link, notes Auctiva IT Manager Shawn Horswill. When you place your curser over the link, you'll be able to see the link's true Web address displayed as floating text or at the bottom of your browser window. Inspect the displayed address carefully. Does it look correct? Does it look like a subdomain? Is it an alias or "shortened" URL, such as ""

Hackers commonly employ a technique known as "typo squatting" or "cyber squatting." This involves using a Web address that resembles the name of a well known company, but with slight modifications, according to Microsoft Corp., which has done extensive research into identifying and preventing phishing attacks. A Web address might have missing or transposed letters, or appear to be a subdomain (e.g., Remember, a subdomain is always to the left of the primary domain, separated by a dot— not a dash, underscore or other punctuation. So it's essential to carefully examine the address that displays when you hover your mouse or examine the properties.

If it's not a Web address you recognize and trust, don't click on it. But if you do click a link, make sure it takes you to an address you recognize. If you're taken to a login screen, be sure the URL in the address bar starts with "https," which denotes a secure site, Horswill recommends.

Phishing scams typically have generic greetings such as "Dear Valued Customer," or refer to you by your e-mail address

Greetings and solicitations: Now it's time to look at the actual text in the e-mail. The first thing you want to do is to glance at the greeting. Phishing scams typically have very generic greetings such as "Dear Valued Customer," or they may refer to you by your e-mail address since they don't have access to your account information.

If you see such a generic greeting, be cautious. The organizations you have accounts with know your username, business name, etc., and will usually use one of these in their greetings. For instance, when customers receive e-mails from Auctiva, Auctiva Commerce or other Auctiva products, users are addressed by their account username, not their e-mail address.

Also be wary of e-mails that ask you to verify information without first logging into your account. Companies will not typically ask you to confirm sensitive information, such as your credit card number, your social security number or account password in an e-mail. Legitimate organizations want to safeguard your information, and will usually ask you to log into your account before you input any sensitive information. You should also notice a closed padlock in your address bar, or a URL beginning with "https," indicating that your information is indeed safe.

A common scammer's ploy it to convey a sense of urgency to get you click on a link. If you receive an urgent-sounding message that claims to be from your bank, eBay, or even Auctiva, open a new browser window and check your account to verify the information by accessing it as you normally would—not through a link in the e-mail. And keep an eye on your account to make sure you don't see any suspicious activity.

Grammar: Read over the e-mail you receive carefully. This can be one of the simplest ways to tell if that e-mail is legitimate. Professional organizations take all their communications with customers seriously, so their e-mails are punctuated properly and you shouldn't find spelling errors. If you find typos, you may be dealing with a scammer.

But if after going through this checklist you're still unsure whether that e-mail is phishy, the safest bet is to not click any of the links contained in the e-mail and don't reply to the e-mail you were sent.

"If the e-mail appears to be sent from Auctiva, please contact our support department to make sure that the e-mail is legit," Horswill says. "Better safe than sorry."

Or when in doubt, go directly to the site in question by typing the address into your browser bar, or by using one of your bookmarks.

Don't let scammers hook you. For more information on how to avoid phishing e-mails, visit

About the Author

Auctiva staff writers constantly monitor trends and best practices of those selling on eBay and elsewhere online. They attend relevant training seminars and trade shows and regularly discuss the market with PowerSellers and other market experts.

Other Entries by this Author

Follow Us