Just forwarded an obvious phishing attempt to Apple (your account is locked etc.) that got through my (yahoo) spam filter. Among other things, Cupertino was misspelled in the tiny street address at the bottom.
My question is, other than Apple (or any other legit entity) confirming that “Yes, it IS a phishing attempt”, (which hasn’t happened as of yet) is there anything else they can do with the information?
In other words, does ANYTHING else happen with the information that would potentially shut down or slow down this particular bad guy?
Maybe it is useful, but it really depends on who is getting it. The people who can do the most good with your report is your email provider. They will, if they care, use it to train their spam/phishing detectors, and possibly use it to directly block the same message from going to other email users. So, if you get your email from Apple, then perhaps Apple is doing something useful with it.
If you do not get your email from Apple, and you just sent it to Apple because they were the ones the email is pretending to be from, then there probably isn’t too much they can do. Apple certainly knows that phishing attempts like this exist, so telling them about one more is unlikely to change anything. There is the very slim chance that this attempt actually exploits some sort of vulnerability at Apple that they weren’t otherwise aware of. There isn’t anything Apple can do to prevent a third party from sending out phishing emails. If there was, they’d already be doing it.
Sending it to whatever spam filter allowed it through might help improve that filter.
But sending it to Apple? No use whatsoever.
Also, sending it to your local police or the FBI is completely useless – they already know that such scams are circulating, and that they probably come from somewhere outside their jurisdiction.
The information in the aggregate is useful. I agree that using the “report spam” function is the best way to have an impact. If enough complaints come in, then your email provider will make an adjustment to stop similar spam.
Okay, thanks everyone. I didn’t really think much could be done but thought I’d ask. Once or twice a year I get one that sneaks through the filter and I guess I’ve wondered why and what if anything can really be done about it.
And thanks to RealityChuck for linking fishtank. I think I’ll send it to them, maybe some good will happen.
I’m not sure in that case, but it certainly can’t hurt, especially if they (the place you’re sending it too) uses a bot to read the emails and deal with IP addresses they regularly see. Of course, the website in question (Apple, in your case) has nothing to do with sending, receiving or links in an email you get anymore than they can control an email I send you.
Something, IMO, more useful…when I sell things on craigslist I get all the expected spam. But when I sold a vehicle, I’d get a lot of (scammers) telling me I need to purchase a VIN report. When that would happen, I’d forward the email to hosting company of the website displayed on the email, the website that I’d (inevetibaly) get forwarded too and the forwarder (ie bit . ly). Someone was clearly reading them since I’d always get a (personalized, not automated) response asking me some follow up questions as well as requesting the headers.
The dilemma I always had was reporting the to Craigslist. I usually did, but it always seemed to me that if scammer signs up, sends out emails and gets booted off within a few hours, they’re going to find more clever ways to trick people. Sure, I caught this one, maybe the next one will get past me.
Sorry to be so negative, but I know of at least one humongous-mass-mailer that creates a new addr daily, uses it only once, then never again. All of the emails have a similar template look and are quite recognizable, but blocking them by IP or URL is shutting the door after the horse escapes.
However, collecting samples might improve a smart, trainable algorithm.
bank of America reportedly spends a fortune tracking and shutting places down that try that with their customers … even to the point that they’ve gone to google and had sites blocked presumably using legal tactics and threatening to pull advertising
Whenever I get a phishing attempt I click on mark as phishing and I get asked report or don’t report. I always click on report but I have no idea if it does anything.
Assuming that reporting that phishing email to anyone has any chance of doing anything, there should really be a practice of replying to those reports with (electronic) hugs and slices of pie.
I mean, we’re going out of our way to help you, Corporation X, deliver better service (and prevent costly fraud). The least you could do is give us a sincere-sounding thanks.
(Just reported an iTunes account phishing attempt to Apple on Sunday, got nothing in response. I feel less inclined to report it next time. Hence my suggestion.)
But phishing e-mail generally contains a URL to a fake web site (i.e. an actual web page that imitates some other legitimate web site). Do they use a different URL for every phishing e-mail they send out? If there is a root part of the URL that is common to them, then when one user reports it as phishing, the e-mail service provider could purge all e-mail from all accounts that contain links to a similar URL.
Most banks and credit card companies request to be forwarded phishing emails and have a dedicated address for that purpose. I assume they do something to combat it, otherwise why would they bother?
I’m the OP and for what it’s worth, I never got a response from Apple either. Likely we won’t.
And for the folks saying they report it but don’t know if it does any good, that’s the frustrating reason I started this thread. I guess I just wanted to see if anyone truly knows the answer. Sounding like there is little chance anything can really be done, especially if Musicat’s example is the norm.
SpamCop will breakdown the headers, find out where it really comes from, determine who host the ‘spamvertized’ web sites, and send a report to them all. The only downside is that some ISPs and web hosting services don’t take SpamCop reports.
To use SpamCop, you need to copy/paste the raw message with the real headers. Some people have problems with that.
Knowing what the counterfeits look like gives you information on how to make your genuine article harder to reproduce. Whether bank websites actually use this information I can’t say. But I know that Microsoft does (or used to) investigate counterfeits very seriously.
I once bought a copy of Windows XP and, out of curiosity, I went to the Microsoft website to authenticate it. They had a handy checklist of ways to tell if it’s fake; my copy was about 9/10. I remember one of the check items it failed was that genuine XP COAs have a security thread that weaves in and out of the paper but under a magnifying glass you could see that my COA had the security thread just painted on. At the bottom of the authentication page was a note saying please contact us if you have found a “high quality” fake. I sent them an email. They offered to give me an authentic copy of XP if I would send them the fake. It was worth it to them, in order to gain information about their enemy.