ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

How SneakEmail Once Saved Me From A Phishing Attack


I've been a client for about 10 or 12 years now; it's $2 per month, or only $24 per year.
It's not an email server, but an anonymizing 'front end'; for each new contact you need, it creates a random address prefixed to the *.* suffix/domain, which you can preserve or delete at will. Also for each new contact you get to name it, as; 'AnyName' <*.*>.
So I've got one for Paypal, as; 'PayPal' <[email protected]. I created the 'PayPal' title, and SneakEmail created the random, unique alpha-numeric address represented by the 'xxxxxxxxx' part.
SneakEmail receives incoming or outgoing emails, and 'rolls them over'  to or from my Desktop email server, my 'core', real email address which nobody ever sees or gets.

So one day, I received a Paypal request warning me of phishing attacks and asking me to click on the attached link and log in to authenticate my account; it may have also asked me to update my password.
Believe me, I am not stupid, but the entire presentation was so 'authentic', I would have fallen for it hook, line, and sinker, except for one teensy tiny little detail; the email prefix should have been 'PayPal', and instead it was one of my other unique shopping account SneakEmail addresses. The entire come-on was true-blue Paypal, absolutely, positively, down to the last detail... ...except that the optional prefix which should have said 'PayPal', was one of my seldom-used 'any store' prefixes (ie Amazon, Ebay, 'acme hardware', and so on).
Instead of clicking on the enclosed Paypal link included in the email, I went to the Google web search page (I've since switched to 'Duckduckgo'), looked up Paypal, found their scam-phishing report email address, and reported the entire suspect email, header and all, to the real Paypal.
Within a few hours, the real Paypal with the proper 'PayPal' prefix as created by me in SneakEmail, reported back to me with a confirmation that said basically, "You're right; it's a phishing attack."

As follow-up, I went and logged into my personal SneakEmail account, brought up the phishing attack email address (which was originally created for a hijacked legit store front email address), and deleted it.
My 'real' email address, the 'core' one nobody ever sees, remains safe and confidential.

It is a great idea to use different email addresses for different websites, whether that's by using a mail service like sneakmail, or one that allows you to use prefixes like [email protected].  Doing so also makes it easy to see when one company/site has sold your email address to another.  Makes it easier to figure out where your spam is coming from and block it.

Yes, I have used opayq (now blur) from
It's proved very handy, and it's $FREE - though there are $PAID options.

SpamMotel is similar, used to be free now $9.99/year.

These days I find it easier just to use GMail accounts, I have 20 or so and except for one, I regard them all as temporary, (and even that 'one' could be dropped without a problem even though I've had it 10+ years).

Advantages are the spam filtering, (including phishing), I don't think I've seen anything spam/phishing related in months, and I've never had a GMail address be rejected on a website - which I have had with MaskMe (now Blur).


[0] Message Index

Go to full version