Ever get email from PayPal requesting an action on your part? Don’t click the link(s) within. Just forward the email, as an attachment, to:
spoof@paypal.com or spoof@paypal.co.uk
Paypal will respond to let you know if it was legitimate.
The same goes for questionable eBay email:
spoof@ebay.com
For “phishy” email sent in the name of other companies, sites, financial institutions, etc. (along with the above), I will normally forward to:
reportphishing@antiphishing.org or phishing-report@us-cert.gov
Does any of this do any good? Hell, I don’t know, but it sure feels good doing it.
