Frying Phish

The Internet Patrol default featured image
Share the knowledge


Dear Internet Patrol.

I keep getting email which appears to be from PayPal, or from eBay, but which really is from some scammer who seems to be trying to get me to give them my password or account number or credit card number, and not from PayPal or eBay at all. What can be done to stop this? What if somebody does this and pretends that they are sending mail from my company? Isn’t it illegal to impersonate a business or something?

Ted

Dear Ted,

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

The activity you describe has come to be known as “phishing” (pronounced “fishing”), and it is indeed illegal, on many levels and in many ways. Phishing involves making your email appear to be coming from a known company, and then trying to get the target (you) to follow some link and reveal some information such as, as you noted, your password or credit card information.

Phishing has become increasingly common. In fact, SurfControl, a British web and email filtering company, just released the results of a study today which indicates that brand-imitating phishing spam has increased nearly 500% since January.

Despite the fact that phishing attacks are so common, they are actually one of the easiest sorts of spam to prosecute under the law, and, relatively speaking, ridiculously easy for the victim company (the one whose name is being used improperly) to bring to court. That is because, in addition to being illegal under more traditional business and anti-spam laws, such as CAN-SPAM, the use of another company’s domain name in spam is almost always a violation of that company’s trademark, and trademark law is very well established, and it is very easy to bring a lawsuit under trademark law.

So, what should you do if you are the victim of a phishing expedition?

Well, if you are on the receiving end, first of all, and hopefully obviously, don’t click on any of the links!!

Secondly, if you can, take a moment to report the phishing spam to the company whose domain is spoofed (faked) in the headers. For example, if the spam appears to be from PayPal, you can send a copy of it to “spoof@paypal.com”, and if the spam appears to be from eBay, you can send a copy of it to spoof@ebay.com.

If it is your company which has been spoofed, you should immediately speak with your attorney about filing a trademark infringement lawsuit. Trademark infringement has been used very successfuly in recent times to stop spammers dead in their tracks – usually you can get an injunction within 24-48 hours of filing a trademark infringement lawsuit, and trademark law also allows you to hold anyone who is facilitating the phishing attack legally accountable as well. This means it is very easy to get the ISPs, any affiliate programs, and anyone else who is involved, to tell you which of their customers are involved in the scam.

So be you recipient or the infringed, grab hold of your phish and say “we’re not going to take it anymore!”

TIP

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

6 thoughts on “Frying Phish

  1. deirdre,
    dropping out of that programme was a very smart move, you’ve saved yourself endless trouble and worries.

  2. I was wondering if anyone has any response about the website Hits4Pay which promises to pay you $.02 for every ad you read. What made me suspicious was that in one screen they asked for my birthday, and later said that it was a requirement for me to fill out a
    W-9 form in order for them to send my check. I realized part way through the W-9, that they would then have all pertinent data to poach my identity. Needless to say, I’ve withdrawn from the program. I felt really uncomfortable.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.