Are you an anti-phishing champion? Do you know what to look for in an e-mail to tell the difference between an e-mail that came from PayPal and one that did not?

PayPal has a Fight Phishing Challenge consisting of five true/false questions to determine if you know a few things about phishing and help you to learn what you should be looking for. Although it’s not new, I did just receive an e-mail about it and decided to check it out and find out if I’m a champion. It turns out that I am!

Here are a couple of the questions you will be asked if you take the challenge:

1. You can be sure that an email is valid based on the sender’s email address.
2. Clicking on a link in an email is the most reliable way to get to your PayPal account.

These two might be more difficult to spot. The first one, an e-mail address can easily be masked or hidden behind a PayPal e-mail address such as: security@paypal.com. An easy way to spot it, would be to click on ‘Reply’ and look at the recipient’s e-mail address.

The second one, it depends on how you check your e-mail. Not all e-mail clients will show you the masked or hidden URL behind a link. Some will display it when you move your cursor over a link as shown in the example below if you move your cursor over it:

www.paypal.com (Note: Nothing will happen if you click this link.)

Those are just two things to look out for. PayPal suggests that you forward any e-mail appearing to come from them if you are unsure about it.  Just forward the complete e-mail to spoof@paypal.com.

How to Spot Phishing

PayPal has a nice Phishing Guide consisting of Parts 1-3: Understanding Phishing, Recognizing Phishing and Fighting Phishing.

How to Protect Yourself

Using software that detects phishing is a good way to protect yourself from accidentally giving away private information.  Here are some anti-phishing browsers that try to protect you:

• Internet Explorer 7
• Firefox 2
• Opera 9
• Safari 3
• Netscape 8.1

Wikipedia has a list of these and other anti-phishing programs.