Title Image

Don Xml's Grok This

The home of Don Demsak
Welcome to Don Xml's Grok This Sign in | Help
in Search
Home Grok This All Things Techie Music Blog Photos Downloads

This Blog

Syndication

Site Sponsors

Recent Posts

Archives

DonXml's All Things Techie

Outlook Makes It Impossible to Report Phishing Scams to PayPal and Ebay

If you are like me, you get a couple phishing scams every week.  Where most folks just delete them, I like to report them to the company they are trying to impersonate.  Microsoft has this page dedicated to helping individuals determine phishing scams, and how to report them.  The problem is that most of the phishing emails contain images, which Outlook will, rightfully, not download (so that the person that sent the email doesn’t get a ping that you actually read the email).  If you try to forward the message, Outlook requires you to download the images (thus alerting the phishing party that you read the email).  So in the Microsoft guide, they tell you to create a new email, include the suspected email as an attachment, and manually copy the headers over to the new message.  But, to report a phishing email to EBay or PayPal they want you to forward the email to them, not send it as an attachment, which is the exact opposite of the MS guide.  If you try to follow Microsoft’s suggested method, and report the email to EBay or PayPal, you will get a response asking you to forward the original email, not include it as an attachment.  Do you see where I’m going?  You can’t use Outlook to forward the email without downloading the images, and EBay and PayPal will not accept it any other way.

My solution at the moment is to log onto my email via webmail and forward it, but there has to be a better way.  The average person will not go to this extreme to report the scam, and it will not be reported.  Maybe one of the Outlook MVPs out there has a better solution?

Update: Just in case yo didn't bother to read the Paypal or EBay pages on reporting suspected emails, forward them to spoof at ebay or paypal.  It would be great if all sites used the alias of spoof to report scams, but at this time most do not.

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Published Tuesday, January 25, 2005 2:16 PM by donxml
Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

miguel jimenez's coding blog said:

I know what you mean. Had that problem before. What scammers monitor is url used for img tags within the email. If you are reporting the email, you don't want image to get downloaded and not fire the monitor scammers use.

But don't you think that workaround is pointless? Because when you forward your email to the company being impersonated, they will probably read the email complete with downloaded image. So, as image urls didn't changed, they are firing the same monitor you are trying to avoid.

Of course, I'm guessing that they read the full mail and see the full mail just because they are asking for it. If they only need other parts of the mail, the should be asking only for the headers, or body or any other part, shouldn't them?

What I finally ended doing, is completely hiting the Forward button in outlook and send the full mail to the company. Downloading images if i'm asked for :-(
January 25, 2005 4:36 PM

Rachel Shelley said:

Yes I can - just about - understand all this and I dont usually have trouble with these emails, but I have had two this week one from paypal and one other I am not quite sure about - cip@congresshub.net 'Consumer Incentive Promotions'

But none of the genuine website make it easy to report these things ie. they do not make it easy to FIND their actual email address - Microsoft being one of the worst!!!!! They do not seem to want to know about problems.
I found something for paypal the other day and copied and pasted the email onto a word doc and forwarded that to them, but heard nothing back, in light of the above comments I can now see why, but they didnt get back to request further details either. Is it not time some of the ISP took some responsibility for tracking and reporting these type of things that come through their systems??
Rae
February 7, 2005 10:05 AM

John Wood said:

I find it unbelievable that eBay/Paypal would require a "forwarded" email. I would think they would rather have a newly composed email with the raw message source and complete headers from the offending email. In my experience, this is how most reporting sites I've dealt with required the data.
March 4, 2005 3:07 PM

DragonFlyEye said:

Of course, Microsoft is constantly trying to tell us that the problem is the scammers/Vx'ers et. al., but when they're own tools don't provide the most basic necessities to fight back against phishing, what's a person to do!

Phah!
April 1, 2006 4:56 PM

mike weber said:

"My solution at the moment is to log onto my email via webmail and forward it, but there has to be a better way. The average person will not go to this extreme to report the scam, and it will not be reported. Maybe one of the Outlook MVPs out there has a better solution" Don't use Outlook.
September 24, 2006 5:56 AM

White_Hawk_UK said:

If you check the PayPal's fraud prevention information, they offer a download for an Outlook toolbar that allows you to quickly submit/report and block phishing emails. Perhaps that would be of some help to you?
July 1, 2007 7:17 AM

Richard said:

If you mark the message as junk mail (so Outlook moves the e-mail to the Junk Mail folder), you can then forward the message without downloading images. Instead, where images were, it'll show a link like this:
October 10, 2007 6:53 PM

Leave a Comment

(required) 
(optional)
(required) 
Submit

About donxml

I’m an independent consultant, specializing in .Net solutions architecture, based out of New Jersey who also doubles as an evangelist for XML, Domain Driven Design, enterprise architecture and .Net. I do not work for Microsoft, the W3C or any other big company that you may know of (at least not yet). I’ve been an indie for over ten years, and although I’ve been tempted a couple times to take a job with companies like Microsoft, I’ve haven’t found something better than my current situation. I work mostly with the large pharmaceuticals that are based here in New Jersey, and usually find myself on long term contracts. Definitely not the prototypical indie consultant, but it lets me dedicate time to my non-income generating activities like the developer community stuff, plus financing open source projects like XPathmania and MVP-XML. If you would like to talk to me about doing some contract work, just contact me via the contact page. My rates vary widely, depending on lots of different variables, but mostly distance from Jersey, and type of work. Plus, I’ve been known to donate some of my code for various projects.

Tags
Copyright 2007
Powered by Community Server, by Telligent Systems