Saturday, March 03, 2007

Spam and Phishing...Gmail Style

While Blogger's anti-spam blog robots have been hard at work, padding their numbers...

Seems like the poor anti-spam and anti-phishing bots over at Gmail have been either overwhelmed or given a bit of a smoke-break.

While the number of spam and phish emails I see at Gmail are nowhere near the hundreds that make it into my MSN Hotmail account, I can pretty well expect to see at least one make it into my Gmail Inbox on a daily basis.

What worries me is that the ones that are getting in are almost always either a financial scheme, some kind of money-laundering exercise, a major banking phishing attempt, or a kind reminder that I've (yet again) won a foreign lottery I had forgotten I had even entered.

Silly me.

Report a breakaway runner as Spam in Gmail

Gmail has a really prominent button to report spam that gets through with.

It's right at the top, right when you hit your inbox. Nice and visible. Fast access to help out the Gmail gang.

Got a spam mail in your Gmail Inbox?

Tick the messages box, hit the button on the same page.

Bam. Gone!

Stinky, Smelly Phish?

However, I had to go hunting to find how to report phishing emails in Gmail.

Hmmm. No "Report Phish" button in all that extra blank space next to "Report Spam".

Well...maybe if I click the down arrow next to "More Actions"?

Nope...not there.

Maybe if I open the message...then I will see more options...

Nope. Looks the same.

What should I do?

I want to report this quite blatant phishing attempt.

(Sighs)

....off to Google for a search....

OK, I'm back. Here's how to do it.

Report a Gmail message as a stinky Phish

To report a phishing email in Gmail, you need to jump through these hoops:

  1. Select the Phishy email to view it.

  2. Find the itty-bitty, teeny-tiny "down arrow" in the top right, rounded-corner of your email message. The one right next to the "Reply" button.

  3. (Found it yet? No? I'll wait....look carefully....)

  4. Click the down-arrow.

  5. Select "Report phishing" in the pop-down window.

  6. Done.

--via Gmail Help Center - How does Gmail fight phishing?

Oh and by the way...

Not that any of you who are sending me spam and phishing emails are taking the time to read my blog and understand just how serious I take web and technology security...but for the record:

Claus's Anti-Spam/Phish Manifesto

If you send me spam and Gmail doesn't filter it. I promise I will take less than a second to pick your email out and report it as spam so the Gmail filters will catch all of them next time. For everyone.

I know how to read email headers. I know how to trace an email. I can look up IP's via ARIN (American Registry for Internet Numbers).

I read the Anti-Phishing Blog.

I eat McAfee Top 10 Phishing Scams pie on a weekly basis. It's very yummy, especially while still warm.

I will make a solemn promise to all attempted phishermen. One of those "Duty, Honor, Country" or "Fidelity, Bravery, Integrity" sorts of mottos. The kind brave men and women hold courage to in the line of fire.

I especially promise for any phishing attempts that make it into my inbox, that

  1. I will take the time to look at them carefully, since you took the time to try to fake me out of me and my dearest family's hard-earned and well-taxed money.

  2. I will then report your phishing email to Gmail...alerting the wildlife and sounding the alarm...since I clearly now know how (and hopefully others do as well).

  3. I will then submit your craftily forged fake URL to the PhishTank website, as I am a sworn registered member of the PhishTank. And as a dad, I'm quite steeled in removing dead-floaters bobbing in the tank quickly.

  4. I will then flush said dead-floating phish in the white-throne. Sending down the tubes after giving notice to CastleCops Fried Phish

  5. I will then find the REAL WEBPAGE of the financial institution or service being jacked with, and take my time to hunt down any security related web-page they may offer to report the phishing attempt directly to them.

Yes. That could mean a fair bit of time and work invested on my part...but keep 'em coming. I need the practice and the drills and they just make me faster, better, stronger.

May a team of lawyers descend on your ISP.

God rest the poor phish.

--Claus

4 comments:

Anonymous said...

Thanks! I've found your list as a checklist of to-dos next time I net a phish. (I used to just do the report to Gmail thing.)

Anonymous said...

Hi CWW,

You are quite welcome!

Glad you found it useful.

Mikie said...

Hi...

Came to your site while trying to figure out how to report phishing on a gmAil acct,, there is nothing more in my life that I hate than these freakn scammers! I have one that was meant to look like the email was sent via the "G mail" team asking for password and stuff that is obvis not needed.

Either way I still can't find this little arrow that let's me report this email! So frustrating.. I did what the google instructions said and cannot find this mysterious arrow. Also tried following your directions.. Please help me so I can report them!!

Thanks Michael bli182nk at gmail.com

Claus said...

@ Mikie - Thanks for the comment.

Hmmm. I refollowed my instructions and it is still right there.

Are you using the "Basic HTML" view for your GMail view or the "Standard" view?

If you are using the standard view, then the steps should still hold.

Click on the phishing email so it is the primary email viewed in your window. (that may be where you are having issues...)

Next look along the top line of the email and to the right of the date you should see a "Reply" tab, then a third tab with a down-triangle. Click that one. (I'm also assuming you have JavaScript fully enabled for your browser).

The seventh item in the drop-list is "Report Phishing". Click it and then follow any additional instructions GMail prompts you for.

That should do it!

--Cheers! Claus V.