Excellent advice to tell him not to click on links in the e-mail
If ID theft is a concern, I would suggest that he change his user name and password for his e-mail account, or create a new e-mail account and close the old. Second, he should never have his e-mail visible on a website so that spam-bots cannot get ahold of it. I would also have him contact his bank and account holders to alert them to a possible identity theft if he thinks this has occurred.
In regard to 'forging the header:" hackers and phishers can replace identification information in the header so it appears it is coming from one person when it is actually coming from another. Unfortunately, I have forgotten how to display the full header information, and I never did understand all the numbers etc. The full header contains the information about the paths the mail traveled, so that someone knowledgeable can often figure out the true source of the message. Additionally, some malware programs will target the address books of the infected computer and send spam or spoof mails from that computer. This is a different kind of forgery. And what's worse, that mail will be infected.
For what it is worth, I
received a spoof PayPal e-mail, and I didn't even have a PayPal account
! I also received a spoof from the I.U. Credit Union: again I have never had an account from them. I think in this case, the spoofer got a hold of a university address book. Some spoofers use the e-mail addresses on a list-serve. That happened in the department I was a student in.
Edited by Orange Blossom, 22 August 2006 - 03:28 PM.