Even if you don’t know the term ‘phishing scam’, chances are you’ve already been targeted by many of them.
A phishing scam is when someone uses a genuine-looking e-mail, login page, SMS, or whatever to fool you into giving up personal data – like logins, passwords, card and banking info, etc.
They often involve some kind of ‘hook’ that makes you worried or scared. When that happens, you stop thinking and fall into the trap.
But these scams are very easy to avoid with a bit of extra attention. I’ll show an example of a phishing scam I received recently and then take it apart piece by piece so that next time, you’ll know exactly what to look for to protect yourself!
Off we go:
One more thing…
Another thing to watch out for is weird domain names.
For example, look at the following two URLs:
- https://google.com/BLAH
- https://google.com.cheesehut.net/BLAH
If you think those are both google.com URLs, think again. The domain – or ‘home’ of the link – is the something.abc that comes at the end of the hostname – just to the left of the first slash before the path.
So:
- https://google.com/BLAH
- https://google.com.cheesehut.net/BLAH
#1 is a google.com URL.
But #2 is actually pointing to cheesehut.net. In the 2nd URL, com is a subdomain of cheesehut.net, and google is a subdomain of com.cheesehut.net.
Put another way, I own scottiestech.info. If I wanted to, I could create any subdomains, sub-subdomains, and so on – with any name I want! I could have:
- google.scottiestech.info
- google.com.scottiestech.info
- fonts.google.com.scottiestech.info
NONE of those are Google URLs; they all point to different subdomains on my server, scottiestech.info.
So, pay extra-close attention to the URLs of any links in the phishing scams you receive!
Recent Comments