Are Phishing Victims Their Own Worst Enemy

Get html code
Word count: 1689

Phishing has become a major problem on the Internet and Michael Ford, author of Scams and Scoundrels and well known Internet safety advocate, says it is completely preventable.

Phishing occurs when criminals send fake emails that either ask you to respond with personal information or that try to trick you into going to a fake website setup by the crooks. These emails may look exactly like a message from eBay, PayPal, your bank, Amazon.com, a pharmacy site, a job listing site, or any other site you can think of. They may look legitimate, but they are not. They lead to fake websites that are designed to steal personal information and credit card numbers.

Some of these sites like the fake phramacy sites or the fake Rolex watch sites are after your credit card number. They put up many fancy photos, then offer $10,000 watches for hundreds. The problem is that you never receive anything for your money. They may sell your credit card number to organized crime who then use the card to make thousands in unauthorized charges.

Other emails that look like eBay, PayPal, Amazon, or banking messages try to trick recipients into going to a look alike site where the crook hopes the victim will reveal their password. The crook then logs into the person's account to transfer out money or make unauthorized purchases.

It is very easy to fall for these scams if you do not know how to recognize these fake sites or how to protect yourself.

Mr. Ford says it is possible to identify these scam sites and even easier to protect yourself from them and offers the following advice:



Some simple checks can quickly identify fraudulent websites.

WHOIS Creation Date

Check the WHOIS creation date on a website to see when the domain name was registered. If it was registered less than 6 months ago, you know it is a scam. No legitimate business registers a domain name, creates a website, and launches their business in a week. Legitimate business domains are registered more than 6 months. Never give any information or order anything from a domain name that has been registered less than 6 months and for employment or escrow sites, do not trust any site that has been registered less than 2 years.

Registration Privacy

While you are looking at the WHOIS registration data you should also look for anything unusual in the registration. If you are looking at a site that appears to be a Canadian pharmacy but the registration shows a name and address in China or Mexico, you know that is a scam. Pretty much any registration from China and Mexico(other than .mx) can be assumed to be a scam. Crooks will register domains and make up fake information but to register a .cn or other domain they have to appear as if they are in China and that is why their domain registration information shows a China address. Another tell-tale sign is a Private Registration. If you do not see a person's name but instead see something about "Private Registration Service" that is a sure sign of a scam. Legitimate businesses do not hide who they are. Scammers hide who they are and use Private Registration services. The only legitimate use of private registration is for someone who creates a political or personal site that is not selling anything.

Https SSL Pages

Any website that asks for personal information or a credit card number MUST begin with https:// and NOT http://. This is one of the easiest ways to identify fraudulent sites. If you are on a webpage that asks for your name, address and phone number then it should start with https:// if it asks for a credit card number, it should start with https:// If it does not, then do not trust that site. It is either a scam or the site operator is up to some other funny business. Legitimate e-commerce sites will purchase an SSL certificate and setup their site so it uses https:// on all pages where you enter sensitive information. If you see any website that shows a padlock at the start of the URL or anywhere on the page implying the site is secure but it starts with http:// and not httpS:// then you know that site is a scam.

This is not going to work 100% of the time. Clever scammers have started setting up fake payment services with https:// domains which look legitimate. Do the other checks and you will still be able to identify these fraudulent sites.

BBB Logo

There are by far more Better Business Bureau logos on fraudulent sites than on legitimate sites. Legitimate companies rarely bother to post BBB logos but fraudulent sites want to do anything they can to gain a victim's trust. Using a BBB logo on a website can make sales go down so most legitimate sites do not use them even if they are members of the BBB. Here is an easy way to identify fraudulent sites using the BBB logo. If you click the logo and it does not go to a legitimate BBB website but either goes nowhere, goes to another page on the same site, or opens a popup window, that is a fraudulent website. A legitimate site will link to the real bbb.org or their local BBB site where their BBB records are shown. Any site that shows the BBB logo and does not link to a BBB site record for the site you are looking at, is a scam.

Nonsense Domain Name

Scammers are often not very creative. They will register hundreds of names at a time using stolen credit cards. They are not picky about what the names are and resort to naming formulas which make the names stand out as fraudulent.

If you are on a pharmacy site then the name flowerdoglawncar.com makes it obvious the site is a scam. The name has nothing to do with the site. Some sites use random letters which have no meaning. If the domain has no meaning or is unrelated to the site you are looking at, it is a scam. Many spammers, including the so called legitimate opt-in email companies(I have yet to find one that is legitimate) use throw away domains like these too. When you receive an email and at it goes to nonsense domain names or random letter/number combinations you know that is a dishonest company. They register thousands of domains and use the name until it is blacklisted. Then they register a thousand more. Make sure that when you visit a site, the domain name relates to the site and is not random or nonsense.

Excessively Long Domain Name and Subdomains

Beware of any site that has an excessively long domain name. Scammers have learned that short domain names are all registered but long domain names are still available because no one wants them. If you receive an email that directs you to a website with a name like super-big-canadian-pharmacy-with-good-deals.com then that is a scam site. No company is going to use a domain name like that except a crooked company. The same is true of subdomains. A normal domain consists of the base domain name and the top level domain(.com, .net, .org type ending) So a normal domain would look like yourdomain.com or www.yourdomain.com where www is the subdomain name. Scammers often use subdomains to imitate legitmate sites such as www.paypal.com.user-login.sitename21.cn To someone not paying attention this might look like PayPal but it is actually a scam site which is registered in China( China is .cn) called sitename21.cn and has nothing to do with PayPal at all.

Unusual TLD's

Beware of any website with unusual top level domain names. Normal companies will use .com or .net and some .org but when you start seeing emails in English that contain .cn China domains, or other unusual domains, you can be sure it is a scam. Any legitimate company that wants to reach an English speaking audience will use an English associated TLD such as .com, .co.uk .au or another english speaking country. Almost all .cn domains you ever see will be scam sites. These are easy to register using stolen credit cards so scammers use .cn sites frequently.





Unseen Dangers

There is another danger from scam sites that many people do not realize. You may revisit a scam site without meaning to. If your browser auto-completes URL's, and you go to www.paypal.com.fakescamsite.cn, when you type www.payp your browser will autocomplete using the most recent matching URL which is the fake site. You can easily hit Enter to go to the site, type in your password, and never realize you are not on the real site until it is too late.

Phishing crimes are easy to avoid with a little vigilance. Simply paying attention to unusual emails and looking for the signs of fraud can always reveal them as scams before you lose your money or your identity is stolen.

Fortunately you do not have to remember all of these tests and use them on every site you visit. There is a free toolbar that will check most of these and many other fraud signs. The My Little Mole toolbar compares any website you visit against a database of known fraudulent sites plus it compares the site fingerprint against known scam sites to catch sites that are new.

This toolbar will pop-up an alert message if it detects that you have opened a browser window to a spoof or phishing eBay, PayPal, Amazon, Banking, Google, or almost any other spoof site. It will also warn you about thousands of spam and fraudulent sites.

According to Mr. Ford, the creator of the toolbar, "This toolbar is far superior to any other security tool available today. The PayPal toolbar only warns about spoof PayPal sites and then it does not catch all of them. The MLM toolbar catches most spoof sites and fraudulent sites that other toolbars ignore."

This free tool is available at http://www.mylittlemole.com along with a demonstration video.

You can find more free safety information at www.auction-safety.org