plaxoDownloadsProductsPartnersDevelopersPrivacyHelpAbout UsSign In
Privacy Officer Q&APrivacy ChoicesSecurity SafeguardsPlaxo Etiquette

Plaxo’s Antiphishing Guidelines

What is “Phishing?”

“Phishing” is a criminal scam designed to trick Internet users into disclosing personal information leading to identity theft. In a typical phishing attack, the criminal will send out a large number of e-mails purporting to be from a well-known, legitimate company, such as a bank, brokerage, or other online institution.

Within the phished e-mail, the attacker will usually ask the consumer to verify his or her account information, often claiming something bad will happen (for example, losing access to funds) if the consumer does not promptly comply. The unsuspecting consumer is generally redirected to a malicious web site called a capture site, which is designed to look like the legitimate company’s web site. Once on the capture site, the consumer is often tricked into providing their username, password, or other sensitive information to the perpetrator.

Have Plaxo Customers Been Phished?

Phishing attacks are most commonly directed against the customers of financial institutions, but any online service with a large numbers of customers can form an attractive target for phishers. While we are unaware of any attacks specifically targeting Plaxo members, we have taken a number of steps internally to help prevent this from occurring.

We have also published our Plaxo Anti-phishing Guidelines to help educate users about phishing and guard against possible phishing messages. By learning more about Plaxo’s web and e-mail practices, Plaxo members can avoid becoming unwitting phishing victims.

Plaxo Anti-phishing Guidelines

  1. Plaxo will never send e-mails soliciting sensitive financial or password information.

    Phishing messages try to convince unsuspecting users to provide credit card numbers or other sensitive information in order to verify account information or to reenable access.

    Plaxo does not use financial information in order to verify or enable account access. Plaxo may collect credit card and billing information from members ordering premium Plaxo Services, but Plaxo does not permanently store this information. The information is removed once the transaction has been completed.

    In addition, Plaxo members are only prompted for password information when attempting to access their Plaxo Online account from the Plaxo Online sign-in Page (https://www.plaxo.com/signin) .

  2. All sensitive Plaxo communications — such as accessing or updating Plaxo account and address book information are always done using a secure connection (https://)

    Plaxo will never present user information on an insecure Web page. The URL will always start with https://www.plaxo.com/ and be accompanied by the secure “lock” icon in the user’s browser. By clicking on the lock icon, users can verify a valid digital certificate issued to Plaxo.com by Verisign.

  3. All Plaxo links are hosted on systems within the plaxo.com domain.

    Phishing messages often contain links for the user to click on that are served by systems outside of the legitimate domain.

    All links in Plaxo messages will be clearly identified as coming from a Plaxo system (eg: http://www.plaxo.com/). If you receive a “Plaxo message” that contains a link pointing to an IP address or a non plaxo.com system, please do not click on the link and forward the message to our abuse department for investigation and do not click on the link.

  4. Plaxo will never send an urgent message requiring immediate action.

    Phishing messages will often try to create a sense of urgency to trick users into providing confidential information. The phished message instructs the user that they must take immediate action or their account will be deleted.

    Plaxo will never send members a message informing them their Plaxo account is about to expire or any other urgent message.

  5. Plaxo will never ask a member to verify their billing information through e-mail.

    A Plaxo member may check and verify their billing information at any time by reviewing their Account Settings through Plaxo Online. Plaxo will never send an e-mail prompting for this type of information.

  6. All Plaxo e-mails originate from designated Plaxo mail servers and Plaxo publishes authorized SPF records for these systems.

    Phishing messages forge the FROM: header information to trick the e-mail recipient into believing the mail is sent from a trusted user and domain. If your mail provider, ISP, or inbound mail server supports SPF record lookups, they should be able to quickly filter out or identify mail that forges header information.

    In addition, new technologies are currently being developed and deployed to help users identify potential phishing messages. These technologies are now being implemented in popular anti-spyware and anti-virus software tools, as well as user productivity toolbars. Mail service providers and enterprises are also deploying similar tools on their own mail servers to identify potential phishing emails that contain URLs that do not match the URL text.

Additional Information:

The following sites provide useful information for protecting individuals against identity theft and phishing messages.

http://www.consumer.gov/idtheft/
http://www.antiphishing.org/
http://www.idtheftcenter.org/cresources.shtml

Report Suspicious E-mails to Plaxo

To report suspected phished Plaxo e-mail messages, please forward the entire message to using the forward function of your email program.

Copyright 2002-2007 Plaxo, Inc. All rights reserved.
Terms of Service | Privacy Policy