A Simple Trick To Avoid Email ScamsThere’s a con artist in both of my books because the con is one of my favorite subjects. And it’s a subject that, realize it or not, we’re affected by almost daily. For instance, we’re bombarded with emails that contain tempting offers, beg for money, ask us to click a link, or take some other action almost every day. So which actions are unwise and which are not?
When we look at emails, they fall into four general categories: legitimate, frivolous or annoying, phishing attempts, and those intended to infect other computers with malicious code. In my Crime and Courts column on Examiner.com, I alert readers to some the latest email threats, but can only cover a small number of them. I can’t differentiate between the latter three categories without exposing myself to potentially malicious code unless I find security updates from the big computer security companies. The reality is that we never know which email will be simply annoying and which could cost us everything.
One of the traditional tips to avoid online fraud is to “never click on a link from someone you don’t know.” But, what if that email comes from an organization you do know? In today’s email world, the scammers have gotten very good at imitating legitimate organizations with similar domain names and creating duplicate websites that are designed to collect your information, sell you fake goods, or install malicious software.
The fact is that fake domain names trick people very easily and that makes them popular with scammers. One domain that was used recently and that was shared extensively on the web was www.msnbc.msn.com-finance-2012.us. This domain, at first, looks to be a derivative of msnbc.msn.com, which takes us to the NBC News website. In this scenario, most people would probably assume that everything after the .com is related to a specific page on the site. Nothing could be further from the truth because it’s everything after “msn” that is the domain name. So, “com-finance-2012.us” is the domain name? Yes. Where does it go? To a site owned by someone in Delhi, India. Fortunately, with a little practice and attention to detail, these three quick steps can help you spot those fake domain names.
Step 1: Look for a question mark in the link. If there is one, only look at what comes before the question mark.
Step 2: If there is no question mark or if you’ve already isolated the actual domain in a link, scan to the left and look for the first period. That period will usually be before a “.com”, “.org”, or other extension. In this case, the extension is “.us” and that makes this a domain that is supposed to be used by US companies, not scammers from India.
Step 3: Continue scanning to the left and spot the next period. The domain is everything between the domain extension and that period. In this example, that would be “com-finance-2012,” which bears no relationship to MSN, NBC, or any US company.
The bottom line is that, to be safe, you really shouldn’t click a link in an email. But, if you’re considering that action, at least you can analyze the link before you click.
For more about Terry Ambrose visit his website at terryambrose.com or find him on Facebook.