ItsGeekToMe.co

Q: Is it possible to block email from “phishing” type email addresses? If so, how can this best be accomplished? If it is not possible, are there any federal or state agencies that regulate the internet in any ways that make these types of activities unlawful? If so, to what websites or email addresses should these email be reported and/or forwarded? In my case, I am continuously bothered by phishing type email related to the financial institution that manages my Visa credit card account. There are also other examples. I can forward a copy of the last phishing email to you, if you desire.  I have been a reader of your column in the NWFL Daily News for as long as it has existed. My wife and I are long time (40 + years) residents of Okaloosa County and I am retired military (USAF Colonel).  Thanks for all of your great advice over the years and for your annual Geek Lights!!!

– Jack T.
Niceville, Florida

A:  Sa-lute, Colonel!  I too, am retired military.  In fact, in no small way, this column, and my Geek Lights are a couple of the ways I continue to try and be in service.  These activities may not contribute to our national defense, but that’s not the only way to serve.  I’ve found that many people seem to need my show at Christmas, and as for this column, contrary to what many people believe, I am not employed by any newspaper or news organization.  It’s Geek To Me is entirely freelance, and I do not get paid for authoring it.  They, and other ways I serve, are labors of love, and it means a lot to me to hear that they are appreciated.

As for your question, at its heart, the phishing part doesn’t even matter.  You’re asking how to combat against one of the worst scourges of the Internet: SPAM e-mail.  To clarify, so everybody is on the same page, SPAM is generally accepted to be any unsolicited or unwelcome e-mail.  There are many classes of SPAM, including such things as simple advertising (legitimate or not), as a vector for spreading malware, and  attempts to trick you into revealing account info or passwords.  That last one is the phishing e-mails that Jack was talking about.  The sender attempts to disguise these as legitimate e-mails from a credit card company, or financial institution.  They often tell of some issue with your account that you can solve by simply logging into it, and they give you a convenient link to click right there in the e-mail.  The problem is, although the page that loads may look exactly like a real page, in reality it was set-up by the spammer for the sole purpose of harvesting account information from unsuspecting dupes.  If you blindly enter your information into such a page, they get all your login credentials.  If you use the same password on multiple pages, they’ve gotten your login information for all of those pages.  I hope you see why I’m always harping on proper password usage, and to always look before you click!

Unfortunately, Jack, it is mighty tough to combat SPAM.  If it was easy, it wouldn’t be the problem that it is.  You can’t unsubscribe from it, even if there is a link to that effect in the e-mail.  Attempting to do so merely verifies that your e-mail address is valid.  You can’t block the individual addresses, because most spammers only use a given address for one or two batches of SPAM, then scrap it and get another.  After all, e-mail addresses are free, and plentiful.

If it makes you feel better, the Federal Trade Commission has a SPAM page where you can learn more, and even report SPAM.  I have no idea what they do about the countless millions of SPAM reports that they must get.  But, visit TinyURL.com/IGTM-0605 if you want to find out for yourself.  Just remember, the Internet is like the Wild West, only on steroids.  It is worldwide, barely regulated, and largely anonymous and untraceable.  By way of comparison, a home telephone is highly regulated by a federal agency, and I still get multiple junk calls on mine every day, despite being on the national do-not-call registry.  Until technology advances to the point where someone invents a viable e-mail protocol that is ensures e-mail can always be reliably traced back to its source, the most effective means of combatting SPAM is to learn to recognize it, and don’t do anything with it except delete it.  No legitimate financial organization is ever going to call you or e-mail you and ask you for account credentials, so when it happens, it’s almost a 100% guarantee that someone is trying to scam you.  Don’t fall for it.