A Simple Trick To Avoid Email Scams

Our guest blogger today is Terry Ambrose author of several books including Photo Finish.

A Simple Trick To Avoid Email Scams

There’s a con artist in both of my books because the con is one of my favorite sub­jects. And it’s a sub­ject that, real­ize it or not, we’re affected by almost daily. For instance, we’re bom­barded with emails that con­tain tempt­ing offers, beg for money, ask us to click a link, or take some other action almost every day. So which actions are unwise and which are not?

When we look at emails, they fall into four gen­eral cat­e­gories: legit­i­mate, friv­o­lous or annoy­ing, phish­ing attempts, and those intended to infect other com­put­ers with mali­cious code. In my Crime and Courts col­umn on Examiner.com, I alert read­ers to some the lat­est email threats, but can only cover a small num­ber of them. I can’t dif­fer­en­ti­ate between the lat­ter three cat­e­gories with­out expos­ing myself to poten­tially mali­cious code unless I find secu­rity updates from the big com­puter secu­rity com­pa­nies. The real­ity is that we never know which email will be sim­ply annoy­ing and which could cost us everything.

One of the tra­di­tional tips to avoid online fraud is to “never click on a link from some­one you don’t know.” But, what if that email comes from an orga­ni­za­tion you do know? In today’s email world, the scam­mers have got­ten very good at imi­tat­ing legit­i­mate orga­ni­za­tions with sim­i­lar domain names and cre­at­ing dupli­cate web­sites that are designed to col­lect your infor­ma­tion, sell you fake goods, or install mali­cious software.

The fact is that fake domain names trick peo­ple very eas­ily and that makes them pop­u­lar with scam­mers. One domain that was used recently and that was shared exten­sively on the web was www.msnbc.msn.com-finance-2012.us. This domain, at first, looks to be a deriv­a­tive of msnbc.msn.com, which takes us to the NBC News web­site. In this sce­nario, most peo­ple would prob­a­bly assume that every­thing after the .com is related to a spe­cific page on the site. Noth­ing could be fur­ther from the truth because it’s every­thing after “msn” that is the domain name. So, “com-finance-2012.us” is the domain name? Yes. Where does it go? To a site owned by some­one in Delhi, India. For­tu­nately, with a lit­tle prac­tice and atten­tion to detail, these three quick steps can help you spot those fake domain names.

Step 1: Look for a ques­tion mark in the link. If there is one, only look at what comes before the ques­tion mark.

Step 2: If there is no ques­tion mark or if you’ve already iso­lated the actual domain in a link, scan to the left and look for the first period. That period will usu­ally be before a “.com”, “.org”, or other exten­sion. In this case, the exten­sion is “.us” and that makes this a domain that is sup­posed to be used by US com­pa­nies, not scam­mers from India.

Step 3: Con­tinue scan­ning to the left and spot the next period. The domain is every­thing between the domain exten­sion and that period. In this exam­ple, that would be “com-finance-2012,” which bears no rela­tion­ship to MSN, NBC, or any US company.



The bot­tom line is that, to be safe, you really shouldn’t click a link in an email. But, if you’re con­sid­er­ing that action, at least you can ana­lyze the link before you click.
For more about Terry Ambrose visit his web­site at terryambrose.com or find him on Face­book.