How to defeat Phishing
Kurt mentioned in a comment to Daniel's PayPal phishing article how he dealt with phishing and that got me thinking about the easiest way to defeat phishing for certain accounts.
The answer that I came up with is by using virtual mail accounts. I always thought about virtual mail accounts as a way to stop spam, as you can find out which website or service sell your email address but it can also be used to defeat phishing as the same time.
Virtual mail accounts can be created using many online mail services including Gmail and Yahoo Mail. If you wanted to create such a virtual mail account on Gmail you would simply change the email address on a site you are registering an account for to email@example.com. This also works in every other situation were you provide a third-party with your email address.
To give you an example, you could use the email firstname.lastname@example.org as your main email when you are signing up for PayPal.
You would then set a filter in Gmail to filter all messages send to this email. Now, whenever an email from PayPal arrives that was not send to this virtual email address you can be sure that it is a phishing email. To be effective you need to hide this email from everyone, even the people who send or receive money. This is done by using a second email for this purpose that is not your default email in PayPal.
This system works fine if the service accepts email addresses with plus signs. Most websites need only one virtual email address, your bank for instance, eBay and every other website where the email is not visible to contacts.
Instead of using virtual email addresses or email aliases, you can also use different accounts for those purpose. One account for communicating with each important service, and maybe a second to communicate with members of said service if that is an requirement.Advertisement