Microsoft, Facebook, Google, PayPal and many other large online companies have officially announced that they are teaming up and collectively advocating a new standard in technology to help fight phishing spam. This is great news for everyone because it’s not just about detection; it’s about stopping spam before it can ever reach your spam folder. While it certainly won’t kill the giant beast that is spam, it could definitely serve a devastating blow to the spammers who are forging email signatures and inserting false company logos into their bogus emails. The technology is called DMARC, or “Domain-based Message Authentication, Reporting & Conformance.” You can read more about the specifics on DMARC.org.
Although DMARC may lower the amout of spam, it’s still just as important to stay on your guard when checking messages. Here are some tips to recognize these “fishy” tactics:
- Think twice. Do you really need to update your account information now? Is it really an emergency? Would your bank really close your account over this?
- Read again. Even though it has the official logo of your account, are there any design flaws? Does it contain bad spelling or poor grammar?
- Verify the addresses. Did the email originate from the right company? Was the email sent to your secondary email account that your bank doesn’t even know exists? Is the link they want you to visit just the number of an IP address?
- Check the company’s website. There should be an official statement from the company. Contact the company yourself by opening a new browser window and manually typing in the official website address (do not click on any links inside a suspicious message).
Be suspicious; your bank account and your identity depend on it. For additional information, check with the FTC.
From the Internet Crime Complaint Center (IC3):