3 April 2008 @ 8:16Protect yourself against phishing emails
If you were to ask people if they felt vulnerable to phishing scams, they would most likely tell you, “No.” However, if phishing emails were not profitable to someone, our inboxes would not be filled with them.
I get a lot of phishing emails, and for the most part they are for companies and services that I don’t use. That in itself is a dead giveaway that the emails are bogus, but occasionally I will get an email from my own bank, or paypal that cause me to stop for a moment and look a bit closer.
The first thing I always do is see where the link goes. This is a good practice get into. The problem with these URLs is that the first part of the URL, the subdomain, is formed to look legitimate. However, if I hover my cursor over the link, I will see the real destination of the URL, instead of just what the phisher wants me to see. Notice the text in the yellow box is where the link will take me if I click it. You can see that the
http://adwords.google.com part is the same, but continue looking past that to the right, and you will see that that is simply a subdomain to
u40o36.cn . In this particular example, this is a Chinese top-level domain. I just want to make it clear to everyone that no matter how “official” the subdomains look in the URL, it is the top-level and second-level domains that you should be aware of.
A good practice is to avoid clicking the links in emails such as these. If you need to log into any online account, you should type the address to that account yourself.
One other note: don’t allow software that is supposed to protect you from such scams to cause you to become less vigilant. No protection is 100%. Stay aware.