Phishing email scams are one of the latest tools being used by cyber criminals to steal personal information.

Click on the image above to bring up a larger image.

Click on the image above to bring up a larger image.

The thumbnail on your right represents an actual phishing email sent by a scammer. Click on the thumbnail to bring up a larger image so you can see the details.

It is a rather official looking email that purports to be from Ebay asking the recipient to update their personal information. The unknowing victim will click on the link provided in the email which will then take them to another official Ebay looking site. The site will provide spaces for the victim to update their personal information including their credit card number. The site of course is bogus and by entering the credit card info, the victim has just provided the scammer free use of their credit card.

In order to determine the source of the email, you would have to select the option "Show Full Headers". All email programs provide this feature but maybe using different terminology. With Microsoft Outlook Express, you would have to click "File", then click "Properties" under it, then select the "Details" tab. It will bring up a window that says "Internet headers for this message". In that window you will see the source and route taken by the email.

The thumbnail to the right represents the full headers of the same email illustrated above that was supposedly sent by Ebay. Click on the second thumbnail to bring up a larger image so you can see the details.

The email was received at a Yahoo account. With Yahoo, you can view the full headers by clicking the "Full Headers" link at the bottom right of each message window. Looking at the full image, you will notice that some of the numbers (which represent real IP addresses) are blurred out. These IP addresses are those of unsecured email servers that the scammer took liberties with in relaying their bogus emails. Some of the other information that were blurred out is merely to protect the identities of the victims.

Pay particular attention to the red hand with the finger pointing to an IP address. This is the actual IP address of the scammer's computer, the one connected to the internet to send the bogus emails. The IP address reported here has been "spoofed" or in layman's terms, it is also fake. Another telltale sign that this email is fake is a misspelled email address, note "meinteinance@ebay.com" in the "From" field.

To determine the validity of an IP address, you have to use the "traceroute" command of Windows.

1. Click "Start" at the bottom left, then click "Run".
2. In the "Open" field, type cmd to bring up a command shell. A black window will appear, then type tracert <the IP address you want to trace>.
3. So using the bogus IP address as an example, you would type tracert 48.240.68.107, then hit ENTER. Since this is a bogus IP, you will see a bunch of "Request timed out" replies, which means there is really no route to the host.

If you look at the top line of the image, you will see an IP address of 209.191.69.38. This is a publicly published IP address of one of Yahoo's mail servers, and since it is public there was no need to blur it out. You can actually use this IP address to make a successful traceroute. So, repeat the same thing in the command shell, type tracert 209.191.69.38 and you will see the route from your computer to this particular Yahoo server.

The traceroute tool is very handy if you would want to be able trace the IP addresses of the mail servers that sent you email. This will also help you in determining who can report these phishing scams to. In the example above, there was no way to determine the real identity of the scammer's computer but the recipient of the scam did report the email to the administrator of the mail server with the open relay (the one the scammer "hijacked" to send the bogus email). At least this will help them configure the mail server not to allow unauthorized relaying of spam in the future.