If we're talking about fake eBay and Paypal emails, the easiest way by far is just to open the email in Firefox. Put your mouse over the "link to eBay", and look at the address that shows up in the bottom left hand corner. If the address is something weird besides www.ebay.com or www.paypal.com, then you know that its fake. No need to get into anything more complicated than that, works for me everytime

cooltech786

A lot of email services, such as gmail have the option to "view headers" or "show original." Doing this will show you the path the email took to reach you. So, for example, if that email from Citibank was routed through Russia or West Africa instead of Citi's data center in South Dakota, it is probably suspect.

Other tips include:

1. Never click on any links even if the email looks totally legitimate. Instead, open up a new browser window or tab and manually type in the website you're looking for.

2. Email addressed to "eBay member" or "Wellsfargo Customer" that do not mention you by name are fake.

3. Look for misspellings and grammar errors. Also look for British spellings used by companies based in the USA.

4. Do not assume the phishers are stupid. Scam artists make millions of dollars every year and, while some letters are laughable, others are quite sophisticated.

Lastly, no email vendor (Microsoft, Mozilla, IBM, etc.) has a lock on keeping scam artists at bay so comments like "Don't use Outlook" might express dissatisfaction against the product, but don't mean that it is less secure than other options. Your best security is keeping your guard up.

Helzerman

MailWasher Pro will show you the contents of any email without actually opening it, and show you where the links really go. Why rely on Outlook to save you from yourself?

infmom

Simple Solution: Don't use Outlook.

Gmail FTW!

(You can even get mail from other accounts using POP3.)

easy2panic

@Steve Hollasch:
Not only that, but Outlook warns you before forwarding, replying, or downloading images in non-recognized emails that doing so will alert the sender that your email address is real.

Russkiejedi

I'm a bit puzzled here. Opening a message in Outlook is a pretty safe operation these days (since Office XP, and I'm on the current Office 2007). All images (which might be web beacons) are disabled unless they're on your safe list, and execution is disabled by default.

These days you have to work pretty hard to get hit with tracking techniques or trojans.

All that said, enabling autopreview on new mail messages goes a long way toward figuring out if a message is legit, and displays only the leading text (so it doesn't matter if the message is plaintext, HTML, rich text, or whatever).

Steve Hollasch

PocketKnife Peek [www.xintercept.com] has saved my bacon numerous times...it's an Outlook plug-in that lets you preview messages in plain text and see the HTML & header without opening it. I have Outlook 2003, so I'm not sure if it works with 2007. Worth a look!

freezejeans

@norcross: Personally, HTML email bothers me to no end, as it removes my ability to see what the person is actually saying among all those garbage-looking tags, on those occasions when I'm using a non-HTML email program, and also sometimes when using an HTML-aware program but with HTML rendering disabled.

When I do read it in HTML, it enables web-beacons, and attacks on inexcusably insecure programs I'm forced to use at work *cough*Outlook*cough*.

This is supposedly all in the name of presenting a nicely formatted message, but in truth that's a rarity. What I really get, is my program's idea, of the sender's program's idea, of what the sender really meant. More often than not, this results in painfully garish or outright unreadable garbage.

And THAT's just when I'm on a nice fat pipe. If I am stuck on dialup or some other kind of slow link or an overcrowded link, as I often am when on travel, I also have to wait for bloated (and possibly dangerously corrupt) fonts and images to download... usually contributing at best nothing to the actual information content of the message.

In short, HTML email is an utter abomination, and anybody who sends me HTML email without also a plain-text equivalent, can expect to go straight to the bottom of my priority list.

davearonson

PayPal scams are fairly easy to check: all official PayPal messages use your registered name. So far, I've yet to see any scam message managing to pull that trick.

Stéphane Gallay

plain text is definitely the format of choice. It makes it a lot easier for anyone using a mobile device.

nicknackpaddyHack

@kirby822: personally, plain text bothers me to no end, as it removes my ability to see the formatting. That being said, anything suspicious is a cause for investigation, and a handy tip none the less.

Norcross

I read all messages in plain-text format, which prevents the message from automatically displaying any embedded HTML pages. If I determine it is something I'd like to see then I can always display it in its original format.
[support.microsoft.com]

HTML and Rich Text are the mail format of the devil.

kirby822