Small Business GOLD

If you're like most business owners with a website, you probably don't know if your website is helping you or not.
My Small Business GOLD newsletter will show you how to kick it's bum, wake it up, and get it working for you.
Oh yes. As a bribe, you'll receive special gifts and a free pony.

:
:


Subscribe now. You won't be spammed - and you can silence me forever with just one click if you get sick of me.
(Internet lesson #1:
Don't believe everything you read on the internet. I lied about the pony. But you'll still get special gifts.)

Learn something here?

If you found this site useful, please buy me a coffee to keep me awake while I write some more!
 
«  
  »

How To Identify Email Phishing Scams

If you are a Google Adwords advertiser, an email like this would certainly get your attention:

Dear Google AdWords Customer,

We were unable to process your payment. Your ads will be suspended soon unless we can process your payment. To prevent your ads from being suspended, please update your payment information.

Please sign in to your account at http://adwords.google.com/select/login, and update your payment information.

——————————————————————————————— This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. ————————————————————————————

2008 Google Adwords

=========================================================

THE MESSAGE ABOVE IS A FAKE EMAIL PHISHING LETTER!

But It’s a very good one.

  • There are no spelling mistakes
  • It is gramatically correct
  • It appeared to have come from a legitimate Google address
  • It had a link to Google
  • It looks legitimate.

In fact, the only giveaway was the actual link address.

"But It’s Genuine" I hear you say. "The Link Goes to Googl"

NO IT DOESN’T.

In the original address, the visible link text was http://adwords.google.com/select/login which is the genuine login address for google adwords.

BUT The actual link address (where you’ll go if you click the link)will take you to

http://adwords.google.com.zxcffdg.cn/select/login

Your email program or browser might warn you about a mismatch between the visible link, and the actual website you will go to if you click that link.

But in my experience, many people would look at the first bit of the address, and say "Oh, both of them go to Google, so it must be OK".

This is exactly what the email phishing criminals want you to think.

They want you to click on the link, enter your log in details on the exact copy of the Google login page, and they’ll collect adwords login details. Then they’ll send you to another page which tells you that your access has been restored.

You’re none the wiser, and the email phishing criminals have got your login details.


How To Identify A Fake Link

Take a look at the fake address again.

http://adwords.google.com.zxcffdg.cn /select/login

It doesn’t go to Google at all. It goes to the domain name zxcffdg.cn .

The .cn means that the name is registered in China.

The general rule for identifying the actual domain you are visiting is:

It will be the last genuine domain name that appears before any "/" or filename.

Note: Some of the more technically aware readers might be turning up their noses at this hub, saying that "This is so basic that even my dog knows it".

I used to think that too – until I saw the amazed, surprised reactions from many internet users to whom I pointed it out.

Here’s some examples for you to examine.

The actual domain name you would be taken to if you clicked on the link is in bold.

Sometimes an IP address (in the format 23.123.999.65) is used, and that is where you’d end up. (Note: These IP addresses are out of range and wont work)

http://westpac.com.au/login/users/secure/securebanking946.com /westpac/login.php

http://350.122.95.01 /www.irs.gov/irforgetstatus/somethingelse/795886/index.htm

http://www3.netbank.commbank.com.au.my-wob.com /netbank/bankmain/

Common Email Phishing Targets

The practice discussed above, where you are tricked into going to a fake website and enter some personal information is called phishing.

It’s become a billion dollar criminal activity, and causes inconvenience, grief, heartache, and all sorts of financial and personal problems for victims.

The criminals who set up these websites send out these fake messages try and make you think that they are from banks, government departments, paypal, ebay, etc.

These sites normally get shut down pretty quickly, but the details of thousands of unsuspecting people can be captured in a very short time – and this makes it very worthwile for the email phishing criminals.

Clients of virtually any large organisation are potential targets.

Be Careful. It’s a jungle out there.

Actual Fake Email Examples

If you want to see some more examples of fake emails (That are safe to play with) pay a visit to http://webangel.com.au/fakes/index.htm

This page is a couple of years old, but the examples are still valid.

Regards, Eric G.


Related Products:

November 28th, 2008 | Tags: , , | Category: Warnings

2 comments to How To Identify Email Phishing Scams

  • Computer Q&A
    April 3rd, 2009 at 3:16 am

    I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future.

  • Gabriel Preston
    December 29th, 2009 at 3:39 pm

    Advantageously, the post is actually the greatest on this laudable topic. I fit in with your conclusions and will eagerly look forward to your next updates. Saying thanks will not just be adequate, for the extraordinary lucidity in your writing. I will immediately grab your rss feed to stay abreast of any updates. Good work and much success in your business enterprize!

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>