Here’s a tip to help keep your money safe.

Do you know the difference between e-mail and spam? Can you spot phishing scams? Most of us think we can, but we’re actually quite poor at it. John Graham-Cumming has created a site at which he asks users to identify whether e-mail messages are genuine or spam/phishing attempts.

SpamOrHam.org is a web site where you can help anti-spammers by manually sorting email. In order to accurately test spam filters, anti-spammers need to have large amounts of email that has been accurately divided into spam and ham (normal) messages.

At his personal site, Graham-Cumming reveals that people agree with spam filters 89.1% of the time. Are the spam filters wrong 10.9% of the time? Nope. It turns out that users are often mistaken:

I set out to make sure that the spam filters were doing a good job on the assumption that people would be able to spot errors that the filter was making. Bad assumption. It turns out, based on preliminary data, that people suck at spam filtering.

Here’s my personal rule to combat phishing scams: NEVER CLICK ON AN E-MAIL LINK TO A FINANCIAL SITE. Never. Never. If you receive e-mail that purports to be from your bank or from PayPal or from eBay or from a similar institution, manually enter the base URL (e.g. http://www.paypal.com/) into your browser and login to your account. If there is anything that requires your attention, you will be able to find information about it at the site. If you still have questions, call customer service.

It’s easy to be suckered by phishers. I’ve been using e-mail for thirteen years, and have been on-line for two decades. I’m well-aware of these scams and still I mistakenly click on a phishing link a couple times a year. Phishers are good. The best way to protect yourself is to NEVER click on an e-mail link to a financial site.

Check out the wikipedia entry on phishing for more information on how to combat these scams. For a geeky, sometimes technical look at spam and phishing techniques, read Graham-Cumming’s The Spammers’ Compendium, “a public exposition of tricks, secret ploys, ruses and techniques employed by [spammers]“.

[via slashdot]