One of the most offensive and disgusting aspects of the modern Internet is multiple ways thief's try to separate you from your money while posing as a trusted company.  The most common method this is accomplished is by a email technique called 'phishing.'  This is where you are sent a email from a well known company such as your bank or PayPal, and told in this proper looking email that there is problem with your account that requires you to look in to your account to fix it.  The simplest way to spot this is when the email is from some financial company you do not do business with.  But what if the email is from a financial company you do have an account with.

First, NO financial institute is going to use email to tell you there is a problem with your account.  If you get such an email, it is absolutely fake.

Second, even if the email looks perfect, you can spot the first problem by looking at the links in the email.  If any and all areas of the email are a link, then it looks good because the entire email is one graphic image - classic fake email.  However, if the thief's take the time to build the email out of text, you can still see the true Internet address in the status bar of your email program. Just hold the cursor over a link without clicking, and look at the true link down in the status bar.  Figure 1 shows this with a pretty good looking but fake email pretending to be from PayPal.

	Figure 1
Click the figure to enlarge

The link in the center of the screen looks like it should go to PayPal, but observe the real address in the status bar.  The '.jp' in the address shows that it is going to some web site in Japan, not the USA where PayPal is located.

Having clicked on that link with Firefox for a browser, which runs a great extension tool called Spoof Stick, we can confirm what we saw in the email link.  The really good thief's can not only recreate the web site look of the company they are pretending to be, but they can often fake the address in the address bar of your browser.  Spoof Stick is not fooled, and provides a nice security check for you.  In figure 2, we are looking at the fake web page the thief's in Japan have set up.  The only thing they want, is for you to enter your email address and password, so they can come back to the real PayPal and steal your money.

	Figure 2
Click the figure to enlarge

While these thief's were not good enough to fake the address bar information, the large display from Spoof Stick at the top of the browser clearly shows that we are on a web page in Japan, not at the expected www.paypal.com.  They also messed up their formatting codes, because the headings in the middle do not line up right in Firefox, although they do in Internet Explorer. 

	Figure 3
Click the Figure to enlarge

Looking at the true web site in Figure 3, you can see that the Spoof Stick report confirms we are at the Paypal site, and the page renders correctly in Firefox.  After reporting this email to PayPal security, they confirmed within ten minutes that the site was "not a registered URL authorized or used by PayPal."

Ways to avoid being robbed include:

•  Do not instantly believe ANY email asking you to fix a problem with your financial account
•  Double check the address of a link in the status bar bar of your email client
•  Try going to the legitimate website without clicking on the email link and see if there really is a problem.
•  Get something like Spoof Stick for your browser to provide a confirmation that what ever web page you are looking at is a legitimate one.